Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Possible Trojan infection [RESOLVED]


  • This topic is locked This topic is locked

#1
maze7817

maze7817

    Member

  • Member
  • PipPipPip
  • 139 posts
not sure what it could be. i've tried to keep my AVG protection updated but i still got infected. here's my log

Logfile of HijackThis v1.99.1
Scan saved at 10:58:23 AM, on 02/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Documents and Settings\Allen\~tmp0374.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\inet20126\services.exe
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\regscan.exe
C:\WINNT\inet20126\wpcem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\WINNT\inet20126\mmx432.exe
C:\WINNT\inet20126\socks.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINNT\inet20126\free.exe
C:\WINNT\inet20126\wpcem.exe
C:\WINNT\inet20126\syswin.exe
C:\WINNT\system32\services.exe
C:\WINNT\TEMP\1151245.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet

Explorer provided by America Online
F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video

ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\systems.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} -

c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program

Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20126\services.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\inet20126\socks.exe
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINNT\inet20126\free.exe
O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINNT\inet20126\svchost.exe
O4 - HKCU\..\Run: [Regscan] C:\WINNT\system32\regscan.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20126\services.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar

2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.micros..._site.cab?11653

61061335
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) -

http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -

http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -

http://download.mcaf...534/mcfscan.cab
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All

Users\Documents\Settings\partnership.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O21 - SSODL: kwZJYFTNI - {4CC51B33-E66F-B199-FEC8-B5D66FF8906B} - C:\WINNT\system32\qt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program

Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc -

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software

Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner -

c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates

Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates

Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and

Settings\Allen\~tmp0374.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. -

C:\WINNT\wanmpsvc.exe
  • 0

Advertisements


#2
SNOWHITE

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hello maze7817 and welcome to Geeks To Go :whistling:

My name is SNOWHITE and I will be helping you with your Malware problem.
As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. I will be analyzing your log now, and be back with you as soon as possible!

Regards,
  • 0

#3
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
its no problem :whistling: thanx for ur assistance in helping me fix this
  • 0

#4
SNOWHITE

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hello maze7817 :whistling:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Next, open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post

Post back with the SmitfraudFix report, uninstall_list.txt and new HijackThis log! Before copying the HijackThis log Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it, then copy and paste the log here.

Regards,
  • 0

#5
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
SmitFraudFix v2.142

Scan done at 19:14:07.01, Thu 02/15/2007
Run from C:\Documents and Settings\Allen\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

C:\WINNT\logo.gif FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Allen


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Allen\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Allen\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpyDawn\ FOUND !
C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

[HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINNT\kbdb32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINNT\kbdb32.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#6
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
uninstall list
==============================


7-Zip 4.42
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Shockwave Player
AIM 6.0
AOL Coach Version 1.0(Build:20020823.1)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Deskbar
AOL Explorer
AOL Spyware Protection
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
ATI Display Driver
AVG Anti-Spyware 7.5
HaxFix 4.31
Hijackthis 1.99.1
HijackThis 1.99.1
HP DeskJet 1220C Printer
Internet Explorer Security Plugin 2006
Internet Security Add-On
iTunes
J2SE Runtime Environment 5.0 Update 9
LimeWire 4.12.6
MapleStory
McAfee SecurityCenter
McAfee VirusScan
Media-Codec 4.0
Microsoft Office XP Professional
Mozilla Firefox (2.0.0.1)
NETGEAR 108 Mbps Wireless PC Card WG511T
Public Messenger ver 2.03
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Synaptics TouchPad
Windows 2000 Service Pack 4
Windows Media Player system update (9 Series)
WinZip
Yahoo! Messenger
  • 0

#7
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:23:09 PM, on 02/15/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\inet20126\services.exe
C:\Program Files\Video ActiveX Object\isamntr.exe
C:\Program Files\Video ActiveX Object\pmsnrr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Video ActiveX Object\pmmnt.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\regscan.exe
C:\WINNT\inet20126\wpcem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINNT\inet20126\wpcem.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\WINNT\inet20126\wpcem.exe
C:\WINNT\inet20126\mmx414.exe
C:\WINNT\inet20126\socks.exe
C:\WINNT\inet20126\free.exe
C:\WINNT\inet20126\wpcem.exe
C:\WINNT\inet20126\syswin.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
F3 - REG:win.ini: run=C:\WINNT\inet20126\services.exe
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\systems.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20126\services.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\inet20126\socks.exe
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINNT\inet20126\free.exe
O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINNT\inet20126\svchost.exe
O4 - HKCU\..\Run: [Regscan] C:\WINNT\system32\regscan.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20126\services.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165361061335
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...534/mcfscan.cab
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O21 - SSODL: kwZJYFTNI - {4CC51B33-E66F-B199-FEC8-B5D66FF8906B} - C:\WINNT\system32\qt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\Allen\~tmp0374.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#8
SNOWHITE

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hi maze7817 :whistling:

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\WINNT\inet20126 <----- This Folder

    Close Windows Explorer.
While in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


Post back here with SmitfraudFix report and new HijackThis.

Regards,
  • 0

#9
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
SmitFraudFix v2.142

Scan done at 16:08:05.00, Fri 02/16/2007
Run from C:\Documents and Settings\Allen\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

[HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINNT\kbdb32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINNT\kbdb32.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

127.0.0.1 www.google.com

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINNT\logo.gif Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\SpyDawn\ Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="Network Neighborhood"

[HKEY_CLASSES_ROOT\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINNT\kbdb32.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{9F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINNT\kbdb32.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2016a466-91a2-43c6-97d8-2fd380f065ef}"="eitheror"



»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#10
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:28:36 PM, on 02/16/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Documents and Settings\Allen\~tmp0374.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\regscan.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\services.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\system.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft WWW] C:\WINNT\inet20126\free.exe
O4 - HKLM\..\Run: [Microsoft WPCEmail] C:\WINNT\inet20126\svchost.exe
O4 - HKCU\..\Run: [Regscan] C:\WINNT\system32\regscan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165361061335
O16 - DPF: {A2E05F45-F127-4092-B9F7-9A02C3E04C77} (HGPlugin7USA Class) - http://gamedownload....GPlugin7USA.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...534/mcfscan.cab
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O21 - SSODL: kwZJYFTNI - {4CC51B33-E66F-B199-FEC8-B5D66FF8906B} - C:\WINNT\system32\qt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: ieupdater (Microsoft IE Updater) - Unknown owner - C:\Documents and Settings\Allen\~tmp0374.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements


#11
SNOWHITE

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hello maze7817 :whistling:

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Media-Codec 4.0
Public Messenger ver 2.03
Internet Explorer Security Plugin 2006
Internet Security Add-On


Please note any other programs that you don't recognize in that list in your next response

Close open windows.
  • While in Safe Mode, open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Regards,
  • 0

#12
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
SDFix: Version 1.66

Run by Allen - Mon 02/19/2007 @ 16:42:11.97

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Microsoft IE Updater

Path:
C:\Documents and Settings\Allen\~tmp0374.exe /start

Microsoft IE Updater Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File

Killing PID 112 'smss.exe'
Killing PID 136 'winlogon.exe'

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\Documents and Settings\All Users\Documents\Settings\partnership.dll - Deleted
C:\WINNT\inet20126\data.ini - Deleted
C:\WINNT\inet20126\free.exe - Deleted
C:\WINNT\inet20126\free.exe.bak - Deleted
C:\WINNT\inet20126\index.htm - Deleted
C:\WINNT\inet20126\killer.exe - Deleted
C:\WINNT\inet20126\killer.exe.bak - Deleted
C:\WINNT\inet20126\mm.pidar - Deleted
C:\WINNT\inet20126\mmx11.exe - Deleted
C:\WINNT\inet20126\mmx137.exe - Deleted
C:\WINNT\inet20126\mmx145.exe - Deleted
C:\WINNT\inet20126\mmx166.exe - Deleted
C:\WINNT\inet20126\mmx196.exe - Deleted
C:\WINNT\inet20126\mmx202.exe - Deleted
C:\WINNT\inet20126\mmx277.exe - Deleted
C:\WINNT\inet20126\mmx281.exe - Deleted
C:\WINNT\inet20126\mmx287.exe - Deleted
C:\WINNT\inet20126\mmx302.exe - Deleted
C:\WINNT\inet20126\mmx334.exe - Deleted
C:\WINNT\inet20126\mmx345.exe - Deleted
C:\WINNT\inet20126\mmx356.exe - Deleted
C:\WINNT\inet20126\mmx371.exe - Deleted
C:\WINNT\inet20126\mmx390.exe - Deleted
C:\WINNT\inet20126\mmx397.exe - Deleted
C:\WINNT\inet20126\mmx466.exe - Deleted
C:\WINNT\inet20126\mmx487.exe - Deleted
C:\WINNT\inet20126\mmx510.exe - Deleted
C:\WINNT\inet20126\mmx599.exe - Deleted
C:\WINNT\inet20126\mmx616.exe - Deleted
C:\WINNT\inet20126\mmx651.exe - Deleted
C:\WINNT\inet20126\mmx655.exe - Deleted
C:\WINNT\inet20126\mmx724.exe - Deleted
C:\WINNT\inet20126\mmx732.exe - Deleted
C:\WINNT\inet20126\mmx79.exe - Deleted
C:\WINNT\inet20126\mmx869.exe - Deleted
C:\WINNT\inet20126\mmx874.exe - Deleted
C:\WINNT\inet20126\mmx874.exe.bak - Deleted
C:\WINNT\inet20126\mmx906.exe - Deleted
C:\WINNT\inet20126\mmx947.exe - Deleted
C:\WINNT\inet20126\mmx979.exe - Deleted
C:\WINNT\inet20126\mmx989.exe - Deleted
C:\WINNT\inet20126\OEM.exe - Deleted
C:\WINNT\inet20126\OEM.exe.bak - Deleted
C:\WINNT\inet20126\services.exe - Deleted
C:\WINNT\inet20126\socks.exe - Deleted
C:\WINNT\inet20126\socks.exe.bak - Deleted
C:\WINNT\inet20126\svchost.exe - Deleted
C:\WINNT\inet20126\svchost.exe.bak - Deleted
C:\WINNT\inet20126\syswin.exe - Deleted
C:\WINNT\inet20126\syswin.exe.bak - Deleted
C:\WINNT\inet20126\tmp.req - Deleted
C:\WINNT\inet20126\winlogon.exe - Deleted
C:\WINNT\inet20126\wpcem.exe - Deleted
C:\WINNT\inet20126\www.google.com\favicon.ico - Deleted
C:\WINNT\inet20126\www.google.com\index.html - Deleted
C:\WINNT\inet20126\www.google.com\thank.html - Deleted
C:\WINNT\inet20126\www.google.com\Google_files\hp0.gif - Deleted
C:\WINNT\inet20126\www.google.com\Google_files\hp1.gif - Deleted
C:\WINNT\inet20126\www.google.com\Google_files\hp2.gif - Deleted
C:\WINNT\inet20126\www.google.com\Google_files\hp3.gif - Deleted
C:\WINNT\inet20126\www.google.com\images\x2.gif - Deleted
C:\WINNT\inet20126\www.google.com\logos\Logo_25wht.gif - Deleted
C:\WINNT\inet20126\www.google.com\pagead\Google_files\hp0.gif - Deleted
C:\WINNT\inet20126\www.google.com\pagead\Google_files\hp1.gif - Deleted
C:\Program Files\Common Files\msmgr32.dll - Deleted
C:\WINNT\system32\drivers\etc\hosts.tim - Deleted
C:\WINNT\system32\main.sys - Deleted
C:\WINNT\system32\regscan.exe - Deleted


Folder C:\WINNT\inet20126 - Removed
Folder C:\DOCUME~1\Allen\LOCALS~1\Temp\ICD1.tmp - Removed

ADS Check:

C:\WINNT\system32
No streams found.


Final Check:

Remaining Services:
------------------


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\!KillBox\inet20126\www.google.com\favicon.ico
C:\!KillBox\inet20126\www.google.com\index.html
C:\!KillBox\inet20126\www.google.com\thank.html
C:\!KillBox\inet20126\www.google.com\Google_files\hp0.gif
C:\!KillBox\inet20126\www.google.com\Google_files\hp1.gif
C:\!KillBox\inet20126\www.google.com\Google_files\hp2.gif
C:\!KillBox\inet20126\www.google.com\Google_files\hp3.gif
C:\WINNT\www.google.com\favicon.ico
C:\WINNT\www.google.com\index.html
C:\WINNT\www.google.com\thank.html
C:\WINNT\www.google.com\Google_files\hp0.gif
C:\WINNT\www.google.com\Google_files\hp1.gif
C:\WINNT\www.google.com\Google_files\hp2.gif
C:\WINNT\www.google.com\Google_files\hp3.gif
C:\www.google.com\favicon.ico
C:\www.google.com\index.html
C:\www.google.com\thank.html
C:\www.google.com\Google_files\hp0.gif
C:\www.google.com\Google_files\hp1.gif
C:\www.google.com\Google_files\hp2.gif
C:\www.google.com\Google_files\hp3.gif
C:\Program Files\America Online 8.0\aolphx.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\America Online 8.0\RBM.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\COMIT\cswitch.exe
C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe
C:\WINNT\temp\163675.exe
C:\WINNT\temp\177585.exe
C:\WINNT\temp\177905.exe
C:\WINNT\temp\190133.exe
C:\WINNT\temp\201880.exe
C:\WINNT\temp\213006.exe
C:\WINNT\temp\233295.exe
C:\WINNT\temp\237241.exe
C:\WINNT\temp\247285.exe
C:\WINNT\temp\256538.exe
C:\WINNT\temp\262387.exe
C:\WINNT\temp\264149346.exe
C:\CONFIG.SYS
C:\WINNT\temp\par110.tmp
C:\WINNT\temp\par1609.tmp
C:\WINNT\temp\par162E.tmp
C:\WINNT\temp\par16DA.tmp
C:\WINNT\temp\par193D.tmp
C:\WINNT\temp\par1ECC.tmp
C:\WINNT\temp\par1EE0.tmp
C:\WINNT\temp\par1F1A.tmp
C:\WINNT\temp\par293C.tmp
C:\WINNT\temp\par2C71.tmp
C:\WINNT\temp\par2EC.tmp
C:\WINNT\temp\par32E8.tmp
C:\WINNT\temp\par33D7.tmp
C:\WINNT\temp\par36CD.tmp
C:\WINNT\temp\par376E.tmp
C:\WINNT\temp\par3A5E.tmp
C:\WINNT\temp\par3AE3.tmp
C:\WINNT\temp\par3EF4.tmp
C:\WINNT\temp\par4110.tmp
C:\WINNT\temp\par4184.tmp
C:\WINNT\temp\par4202.tmp
C:\WINNT\temp\par42AC.tmp
C:\WINNT\temp\par4C6.tmp
C:\WINNT\temp\par4E6E.tmp
C:\WINNT\temp\par4FE4.tmp
C:\WINNT\temp\par51FB.tmp
C:\WINNT\temp\par5229.tmp
C:\WINNT\temp\par530D.tmp
C:\WINNT\temp\par5AD9.tmp
C:\WINNT\temp\par5C50.tmp
C:\WINNT\temp\par65DE.tmp
C:\WINNT\temp\par684D.tmp
C:\WINNT\temp\par68FA.tmp
C:\WINNT\temp\par6942.tmp
C:\WINNT\temp\par6B4C.tmp
C:\WINNT\temp\par6B87.tmp
C:\WINNT\temp\par6D.tmp
C:\WINNT\temp\par6D00.tmp
C:\WINNT\temp\par7025.tmp
C:\WINNT\temp\par733.tmp
C:\WINNT\temp\par7C3E.tmp
C:\WINNT\temp\par7F45.tmp
C:\WINNT\temp\par807D.tmp
C:\WINNT\temp\par8620.tmp
C:\WINNT\temp\par8647.tmp
C:\WINNT\temp\par884B.tmp
C:\WINNT\temp\par8873.tmp
C:\WINNT\temp\par88AD.tmp
C:\WINNT\temp\par88FB.tmp
C:\WINNT\temp\par8B1E.tmp
C:\WINNT\temp\par8C27.tmp
C:\WINNT\temp\par8FE1.tmp
C:\WINNT\temp\par91DC.tmp
C:\WINNT\temp\par97FD.tmp
C:\WINNT\temp\par9A49.tmp
C:\WINNT\temp\par9BBE.tmp
C:\WINNT\temp\par9D61.tmp
C:\WINNT\temp\parA06.tmp
C:\WINNT\temp\parA456.tmp
C:\WINNT\temp\parA51.tmp
C:\WINNT\temp\parA7E1.tmp
C:\WINNT\temp\parA801.tmp
C:\WINNT\temp\parAB9C.tmp
C:\WINNT\temp\parACE.tmp
C:\WINNT\temp\parB1D1.tmp
C:\WINNT\temp\parB6CF.tmp
C:\WINNT\temp\parBD15.tmp
C:\WINNT\temp\parBD60.tmp
C:\WINNT\temp\parC439.tmp
C:\WINNT\temp\parC542.tmp
C:\WINNT\temp\parC547.tmp
C:\WINNT\temp\parC739.tmp
C:\WINNT\temp\parC7B5.tmp
C:\WINNT\temp\parC9F7.tmp
C:\WINNT\temp\parCAF3.tmp
C:\WINNT\temp\parD220.tmp
C:\WINNT\temp\parDFDF.tmp
C:\WINNT\temp\parE315.tmp
C:\WINNT\temp\parE58C.tmp
C:\WINNT\temp\parE931.tmp
C:\WINNT\temp\parEA3.tmp
C:\WINNT\temp\parF1A0.tmp
C:\WINNT\temp\parF203.tmp
C:\WINNT\temp\parF6E9.tmp
C:\WINNT\temp\parF8EE.tmp
C:\WINNT\temp\parFBF9.tmp
C:\WINNT\temp\parFDB8.tmp

Add/Remove Programs List:

7-Zip 4.42
Adobe Acrobat 5.0
Adobe Shockwave Player
AIM 6.0
AOL Connectivity Services
AOL Deskbar
AOL Explorer
AOL Spyware Protection
AOL Toolbar 2.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
AOL Coach Version 1.0(Build:20020823.1)
AOL Coach Version 2.0(Build:20041026.5 en)
ATI Display Driver
AVG Anti-Spyware 7.5
HaxFix 4.31
HijackThis 1.99.1
Hijackthis 1.99.1
HP DeskJet 1220C Printer
LimeWire 4.12.6
McAfee SecurityCenter
Mozilla Firefox (2.0.0.1)
Pure Networks Port Magic
RealPlayer Basic
Adobe Flash Player 9 ActiveX
Synaptics TouchPad
Video ActiveX Object 2.07
McAfee VirusScan
Windows 2000 Service Pack 4
WinZip
Windows Media Player system update (9 Series)
Yahoo! Messenger
J2SE Runtime Environment 5.0 Update 9
iTunes
QuickTime
Microsoft Office XP Professional
Apple Software Update
NETGEAR 108 Mbps Wireless PC Card WG511T
MapleStory

Finished
  • 0

#13
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:07:38 PM, on 02/19/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINNT\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isadd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {B6F1A4CB-DADD-4D0C-BDFC-E945647302C1} - c:\system.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\inet20126\socks.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by18fd.bay18....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1165361061335
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: ksapgh - C:\WINNT\SYSTEM32\ksapgh.dll
O21 - SSODL: eitheror - {2016a466-91a2-43c6-97d8-2fd380f065ef} - (no file)
O21 - SSODL: kwZJYFTNI - {4CC51B33-E66F-B199-FEC8-B5D66FF8906B} - C:\WINNT\system32\qt.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#14
maze7817

maze7817

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 139 posts
also, i keep getting a pop up about an active x update. the program's name is "Video Active X Object 2.07". im not sure if this is something i should or should not accept. any ideas?
  • 0

#15
SNOWHITE

SNOWHITE

    Trusted Helper

  • Retired Staff
  • 1,327 posts
Hi maze7817,

Don't accept any updates for Video Active X Object 2.07, i will come back as soon as possible with fix.

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP