Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

An Absolute Mess [RESOLVED]


  • This topic is locked This topic is locked

#1
grudz4prez

grudz4prez

    Member

  • Member
  • PipPip
  • 46 posts
Hello and thank you up front to anyone who can help me fix this mess. I have tried to be on top of things in my computer and apparently, haven't been very good at it. Apparently, I have a lot of things messing the overall performance of the machine...today has been the worst. I've got Panda on my computer...tried AdAware...tried Spy-Bot...can't fix...so here I am for any help...I'm not the greatest with this stuff, so, please be as simplistic as possible if you can help. Thank you very much.

-Charles

Here's my HiJackThis File..

Logfile of HijackThis v1.99.1
Scan saved at 1:28:33 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\tnatnywa.exe
C:\WINDOWS\system32\xvsnfokk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\retadpu2000219.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\euyuxbf0.slt\prefs.js)
O1 - Hosts: 66.159.18.187 www.n69.com
O1 - Hosts: 66.159.18.187 www.pillscash.com
O1 - Hosts: 66.159.18.187 cart.penispill.com
O1 - Hosts: 66.159.18.187 www.pillsmoney.com
O1 - Hosts: 66.159.18.187 www.pillmedics.com
O1 - Hosts: 66.159.18.187 www.big-[bleep].com
O1 - Hosts: 66.159.18.187 www.pluspills1.com
O1 - Hosts: 66.159.18.187 www.morepenis.com
O1 - Hosts: 66.159.18.187 www.1shoppingcart.com
O1 - Hosts: 66.159.18.187 www.herbalo.com
O1 - Hosts: 66.159.18.187 www.penilesecrets.com
O1 - Hosts: 66.159.18.187 www.penispill.com
O1 - Hosts: 66.159.18.187 penismedical.net
O1 - Hosts: 66.159.18.187 www.penismedical.net
O1 - Hosts: 66.159.18.187 www.herbalbucks.com
O1 - Hosts: 66.159.18.187 www.tv69.com
O1 - Hosts: 66.159.18.184 the.sextracker.com
O1 - Hosts: 66.159.18.184 lobby.sexlist.com
O1 - Hosts: 66.159.18.184 in.paycounter.com
O1 - Hosts: 66.159.18.184 adv.sexcounter.com
O1 - Hosts: 66.159.18.184 select.2000charge.com
O1 - Hosts: 66.159.18.184 secure.2000charge.com
O1 - Hosts: 66.159.18.184 www.signup.globill-systems.com
O1 - Hosts: 66.159.18.184 secure.visionbill.net
O1 - Hosts: 66.159.18.184 www.dibill.com
O1 - Hosts: 66.159.18.184 secure.dpbill.com
O1 - Hosts: 66.159.18.184 secure.dutchbilling.com
O1 - Hosts: 66.159.18.184 secure.pswbilling.com
O1 - Hosts: 66.159.18.184 www.maximumcash.com
O1 - Hosts: 66.159.18.184 www.adultrevenueservice.com
O1 - Hosts: 66.159.18.184 www.eroticacash.com
O1 - Hosts: 66.159.18.184 www.oxcash.com
O1 - Hosts: 66.159.18.184 track.oxcash.com
O1 - Hosts: 66.159.18.184 potd.oxcash.com
O1 - Hosts: 66.159.18.184 clicks2.oxcash.com
O1 - Hosts: 66.159.18.184 www.webmastersmakemoney.com
O1 - Hosts: 66.159.18.184 clicks.nastydollars.com
O1 - Hosts: 66.159.18.184 www.lightspeedcash.com
O1 - Hosts: 66.159.18.184 db.fetishcash.com
O1 - Hosts: 66.159.18.184 ctc.amateurpages.com
O1 - Hosts: 66.159.18.184 www2.karupspc.com
O1 - Hosts: 66.159.18.184 www.iteens.com
O1 - Hosts: 66.159.18.184 click.payserve.com
O1 - Hosts: 66.159.18.184 vip.mtree.com
O1 - Hosts: 66.159.18.184 c.fsx.com
O1 - Hosts: 66.159.18.184 adultfriendfinder.com
O1 - Hosts: 66.159.18.184 php.offshoreclicks.com
O1 - Hosts: 66.159.18.184 links.lifetimebucks.com
O1 - Hosts: 66.159.18.184 cgi.gammae.com
O1 - Hosts: 66.159.18.184 click.passiondollars.com
O1 - Hosts: 66.159.18.184 www.fatpockets.com
O1 - Hosts: 66.159.18.184 link.siccash.com
O1 - Hosts: 66.159.18.184 www.clickcash.com
O1 - Hosts: 66.159.18.184 www.scoreland.com
O1 - Hosts: 66.159.18.184 www.makingitpay.com
O1 - Hosts: 66.159.18.184 www.hpic.com
O1 - Hosts: 66.159.18.184 referral.topbucks.com
O1 - Hosts: 66.159.18.184 partner.globill-systems.com
O1 - Hosts: 66.159.18.184 www.pornstardollars.com
O1 - Hosts: 66.159.18.184 traffic.acpay.com
O1 - Hosts: 66.159.18.184 www.cashforlink.com
O1 - Hosts: 66.159.18.184 clickcash.webpower.com
O1 - Hosts: 66.159.18.184 www.dollars4babes.com
O1 - Hosts: 66.159.18.184 www.sexfantasyzone.com
O1 - Hosts: 66.159.18.184 www.twistyscash.com
O1 - Hosts: 66.159.18.184 www.freeticketcash.com
O1 - Hosts: 66.159.18.184 www.hawgscash.com
O1 - Hosts: 66.159.18.184 www.freeezinebucks.com
O1 - Hosts: 66.159.18.184 www.nastydollars.com
O1 - Hosts: 66.159.18.184 www.deluxepass.com
O1 - Hosts: 66.159.18.184 clicks.oxcash.com
O1 - Hosts: 66.159.18.184 ww2.amateur-pages.com
O1 - Hosts: 66.159.18.184 stats.allliquid.com
O1 - Hosts: 66.159.18.184 secure1.websitebilling.com
O1 - Hosts: 66.159.18.184 www.adultmovienetwork.com
O1 - Hosts: 66.159.18.184 www.totally4freecash.com
O1 - Hosts: 66.159.18.184 php.offshoreclicks.com
O1 - Hosts: 66.159.18.184 www.nocreditcard.com
O1 - Hosts: 66.159.18.184 clicks.uni-cash.com
O1 - Hosts: 66.159.18.184 www.clubpix.com
O1 - Hosts: 66.159.18.184 programs.wegcash.com
O1 - Hosts: 66.159.18.184 in.cybererotica.com
O1 - Hosts: 66.159.18.184 www.cybererotica.com
O1 - Hosts: 66.159.18.184 cybererotica.com
O1 - Hosts: 66.159.18.184 dollartraffic.com
O1 - Hosts: 66.159.18.184 www.xxxesscash.com
O1 - Hosts: 66.159.18.184 www.maturemoney.com
O1 - Hosts: 66.159.18.184 www.xpays.com
O1 - Hosts: 66.159.18.184 www.trueclicks.com
O1 - Hosts: 66.159.18.184 www.sexhit.com
O1 - Hosts: 66.159.18.184 www.blacksonblondes.com
O1 - Hosts: 66.159.18.184 partners.hotgold.com
O1 - Hosts: 66.159.18.184 www.thecashzone.com
O1 - Hosts: 66.159.18.184 db.smutcash.com
O1 - Hosts: 66.159.18.184 www.eroticcash.com
O1 - Hosts: 66.159.18.184 home.vividvip.com
O1 - Hosts: 66.159.18.184 www.stiffycash.com
O1 - Hosts: 66.159.18.184 gotd.stiffycash.com
O1 - Hosts: 66.159.18.184 cash.helmy.com
O1 - Hosts: 66.159.18.184 adultmegacash.com
O1 - Hosts: 66.159.18.184 amc2.adultmegacash.com
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102131130\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\jvcvnciu.dll",forkonce
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\RunOnce: [Panda_cleaner_145083] C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavdr.exe 145083
O4 - HKLM\..\RunOnce: [Panda_cleaner_96188] C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavdr.exe 96188
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DED4415-9792-4E32-A720-1B988D69DB7A}: NameServer = 71.250.0.12 68.237.161.12
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\xvsnfokk.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello grudz4prez, and welcome to Geeks to Go!. I will be handling your log to help you get cleaned up.

Please take note of the following:
1. I will start working on your malware issues, this may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. The process is not instant. Please continue to review my answers until I tell you your machine is clean.
4. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.

Please give me some time to look over your log and I will get back to you as soon as possible.

Thanks,

htv8
  • 0

#3
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello grudz4prez.
________________________________________________________________________________
Please print out or copy this page to Notepad. This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is NOT available. A print out of the instructions would be a good reference to make sure you don't get lost. You may also like to save these instructions in Word/Notepad to the Desktop where they can be easily found for the same reasons as above.
Also make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.

NOTE: You have quite a heavily infected computer. Please bear with me if you want your computer to be completely clean from malware.

Step #1: SmitfraudFix scan
You likely have a Smitfraud infection. Please download SmitfraudFix by S!Ri.
Download SmitfraudFix (SmitfraudFix.exe)

Once downloaded, double-click SmitfraudFix.exe to run SmitfraudFix.
Select option #1 - Search by typing 1 and press Enter; a text file will appear which lists infected files (if present).
Please copy/paste the entire contents of that report into your next reply.

NOTE: Process.exe is detected by some antivirus programs (AntiVir, Dr.WEB, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Step #2: Creating an uninstall list using HijackThis
We need to use HijackThis to create an uninstall list. Please provide me an uninstall list by performing these steps:
1. Open HijackThis.
2. Click once on the Config... button.
3. Go to the Misc Tools section by clicking on the Misc Tools button on top of the screen.
4. Click on the Open Uninstall Manager... button. You'll see a list of currently installed programs.
5. Click on the Save list... button and specify where you would like to save the uninstall list.
6. Click Save.
Notepad will open up with the contents of that file.
7. Copy and paste the contents of that Notepad file (uninstall_list.txt) as a reply to this topic.

Step #3: Renaming HijackThis
Navigate to C:\Program Files\Hijackthis\HijackThis.exe using My Computer or Windows Explorer and right-click on the HijackThis.exe file. Select the Rename option from the right-click menu and rename HijackThis.exe to fluffybunny.exe and press Enter.

Step #4: HijackThis scan
Scan with HijackThis (fluffybunny.exe) again and post a new HijackThis log.
________________________________________________________________________________
So in your next reply, please post the entire contents of:
- the SmitfraudFix report
- the created uninstall list (uninstall_list.txt)
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the logs.
  • 0

#4
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Thank you for trying to help me!

Here is the SmitFraud fix report:

SmitFraudFix v2.197

Scan done at 11:06:10.15, Sat 06/30/2007
Run from C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080415\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinPop\winpop.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\tnatnywa.exe
C:\WINDOWS\system32\xvsnfokk.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\o02PrEz\o02PrEz1065.exe
C:\WINDOWS\retadpu2000219.exe
C:\Program Files\Outerinfo\Outerinfo.exe
C:\Program Files\Outerinfo\OuterinfoUpdate.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Charles\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Charles\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: CNet PRO200WL PCI Fast Ethernet Adapter - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 71.250.0.12
DNS Server Search Order: 68.237.161.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{05E9AC6E-1FC8-41A6-97AC-A7AD29125010}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6DED4415-9792-4E32-A720-1B988D69DB7A}: NameServer=71.250.0.12 68.237.161.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{05E9AC6E-1FC8-41A6-97AC-A7AD29125010}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6DED4415-9792-4E32-A720-1B988D69DB7A}: NameServer=71.250.0.12 68.237.161.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{05E9AC6E-1FC8-41A6-97AC-A7AD29125010}: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#5
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Could not get an uninstall list to go to a specific location. Hit the save button as directed and anothing appeared to select a location, nor did a notepad open up to paste here. Also, I couldn't find HijackThis.exe...only found the application file. Is this the same thing??
  • 0

#6
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello again, grudz4prez.

[...] Also, I couldn't find HijackThis.exe...only found the application file. Is this the same thing??

The HijackThis application file (= HijackThis.exe) is located in the C:\Program Files\Hijackthis folder on your computer. .exe is a filename extension: a suffix to the name of a file applied to show its format. The .exe filename extension indicates that the file is an executable program. By default, Windows hides extensions for known file types and thus you likely won't see HijackThis.exe, but just HijackThis instead.
To rename HijackThis, navigate to the HijackThis application file--located in the C:\Program Files\Hijackthis folder--using My Computer/Windows Explorer and right-click on it. Select the Rename option from the right-click menu and rename it to fluffybunny and press Enter.

Could not get an uninstall list to go to a specific location. Hit the save button as directed and anothing appeared to select a location, nor did a notepad open up to paste here. [...]

Apparently, something went wrong. Could you try creating an uninstall list once again please by following my instructions one more time? If it does not work or if you cannot figure out how to do this, please let me know.

So, in short: Could you try redoing Step #2, Step #3 and Step #4?
In case you are unsure of something or if you have a question, do not hesitate to ask. :whistling:
  • 0

#7
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi,

I changed the name to fluffybunny. I didn't run a new log and post because I still can't get the uninstall list to save. I get it on the screen, click save and then HijackThis closes itself. Any ideas why??

And do you want to put the new logfile on here or wait until the uninstall list issue is fixed? Also, since you mentioned this might be a long, detailed process, might corresponding via email be a better way to proceed?

-Charles
  • 0

#8
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello grudz4prez.

[...] I didn't run a new log and post because I still can't get the uninstall list to save. I get it on the screen, click save and then HijackThis closes itself. Any ideas why??

No, I have no idea. But don't worry: we will use another tool that provides an uninstall list. Just follow the instructions below.

[...] Also, since you mentioned this might be a long, detailed process, might corresponding via email be a better way to proceed?

No. Just post here on the forums. I will log in on the forums a few times a day and reply to my active threads. :whistling:
________________________________________________________________________________
Please print out or copy this page to Notepad.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


Step #1: Download and run a scan with Deckard's System Scanner (DSS)
Download Deckard's System Scanner (DSS) to your Desktop. NOTE: You must be logged onto an account with administrator privileges.
Download Deckard's System Scanner (dss.exe)

To run the program:
1. Close all programs/windows so that you have nothing open and are at your Desktop.
2. Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized.
3. Copy (Ctrl + A then Ctrl + C) and paste (Ctrl + V) the contents main.txt and the extra.txt in your next reply. If you have any problems with the logs, both can be found in C:\Deckard\System Scanner.
NOTE: Some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

Step #2: Re-scan with fluffybunny.exe (HijackThis)
Scan with HijackThis (fluffybunny.exe) again and post a new HijackThis log.
  • 0

#9
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hi there again! Not that it matters, but I love Ajax football! Also love the Orange national jerseys...can't find too many of them in the states...

Anywho...don't know what I am doing wrong, but DSS encounters a problem when going through the registry hives. Tried it 5 times and each times it crashed in the same spot.

Sorry this is such a pain....

-Charles
  • 0

#10
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello again grudz4prez.

[...] Not that it matters, but I love Ajax football! Also love the Orange national jerseys...can't find too many of them in the states...

Hehe. Nice to hear. :blink: I love them too.

Anywho...don't know what I am doing wrong, but DSS encounters a problem when going through the registry hives. Tried it 5 times and each times it crashed in the same spot.

Are you sure you are logged onto an account with administrator privileges? :whistling:
We will try something else...
________________________________________________________________________________
Please print out or copy this page to Notepad.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


Step #1: Download/Install ListInstalls and use it to create a list of installed programs
Download ListInstalls and save it to your Desktop.
Download ListInstalls (listinstalls-setup.exe) <-- try SERVER 2

After download, follow these steps to install ListInstalls:
1. Double-click on the listinstalls-setup.exe file to launch the install process.
2. Click Yes at the prompt to continue installation.
3. Click the Next button to continue.
4. Read the License Agreement, select the radio button labelled "I accept the agreement" and click the Next button.
5. Click Next again.
6. Click Next again, then click Install.
7. After setup completes, place a checkmark in the checkbox labelled "Launch ListInstalls" and click Finish to start the program automatically. Alternatively, launch ListInstalls by double-clicking its icon on your Desktop.

Now please provide me an uninstall list by performing these steps:
1. On top, open the File menu of ListInstalls and choose the option labelled "Create List".
A list of installed programs will appear in the program's screen.
2. Open the File menu again and choose the option labelled "Save List".
3. Save as uninstall_list.txt to the Desktop.
4. Go to the Desktop and double-click on the uninstall_list.txt file.
Notepad will open up with the contents of that file.
5. Copy and paste the contents of that Notepad file as a reply to this topic.

Step #2
Please download SWWhoAmI to your Desktop by clicking the download link below.
Download SWWhoAmI (swwhoami.exe)

Now copy the entire contents inside the CODE box below into Notepad. Then click File > Save and save as Export.bat (save as type: All files) to the Desktop.
swwhoami > Output.txt
Notepad Output.txt
Locate Export.bat on your Desktop and double-click on it. Notepad will now open up with the results (some text and numbers). Copy the entire contents of that file and post them here as a reply to this post.

Step #3: Re-scan with fluffybunny.exe (HijackThis)
Scan with HijackThis (fluffybunny.exe) again and post a new HijackThis log.
________________________________________________________________________________
So in your next reply, please post the entire contents of:
- the created uninstall list (uninstall_list.txt)
- the SWWhoAmI results (Output.txt)
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the logs.

Edited by htv8, 04 July 2007 - 03:48 AM.

  • 0

Advertisements


#11
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Progress!

Here's the uninstall list...

1600
1600_Help
1600Trb
Adobe Acrobat 5.0
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Reader 7.0.7
Adobe® Photoshop® Album Starter Edition 3.0
AIM 6
AiO_Scan
AiOSoftware
AOL Coach Version 1.0(Build:20030807.3)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Instant Messenger
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
Ares 1.8.1
AutoUpdate
BufferChm
Camera Access Library
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Conexant HSF V92 56K Data Fax PCI Modem
Copy
CP_AtenaShokunin1Config
cp_dwShrek2Albums1
cp_dwShrek2Cards1
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell Picture Studio - Image Expert 2000
Dell Solution Center
DellTouch
DesignPro 5.0 Sign Edition
Destinations
Director
DivX
DivX Player
DocProc
DocumentViewer
EA.com Matchup
EA.com Update
Easy CD Creator 5 Basic
ESPNMotion
Fax
FLV Player 1.3.3
Help and Support Customization
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hoyle Card Games 4
HP Extended Capabilities 4.7
HP Image Zone 4.7
HP Product Assistant
HP PSC & OfficeJet 4.7
HP Software Update
HPSystemDiagnostics
Ink Monitor
InstantShare
iTunes
Java 2 Runtime Environment, SE v1.4.0_03
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Kazaa 2.7.2
Kazaa Media Desktop 2.1.1
Learn2 Player (Uninstall Only)
ListInstalls
LiveUpdate 2.6 (Symantec Corporation)
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft IntelliPoint 4.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Standard
Microsoft Picture It! Photo 2002
Microsoft Streets and Trips 2002
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Mirar
Modem Helper
MovieEdit Task
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MusicMatch Jukebox
Netscape (7.1)
Netscape (7.2)
Netscape Browser (remove only)
NVIDIA Windows 2000/XP Display Drivers
OpenMG Limited Patch 4.2-05-07-27-01
OpenMG Secure Module 4.2.00
Outerinfo
Panda Titanium 2006 Antivirus + Antispyware
PanoStandAlone
PhotoGallery
PhotoStitch
PRO200WL
ProductContext
Pure Networks Port Magic
QFolder
QuickTime
Radio@Netscape
RAW Image Task 2.2
Readme
RealPlayer
Scan
ScannerCopy
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Shockwave
Shockwave Player
Sierra Sports GameRoom
SkinsHP1
SonicStage 3.2
Spinner
Spybot - Search & Destroy 1.4
The Print Shop Premier Edition 5.0
TrayApp
TurboTax Deluxe 2003
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Viewpoint Media Player
WebFldrs XP
WebReg
Winamp (remove only)
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Works Suite OS Pack
Works Synchronization
  • 0

#12
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Results of Batch file report..

Username: D6FSN911\Charles
SID: S-1-5-21-2745678790-2681017343-4103935507-1006
Days since last password change: 452
Privilege: 2 (USER_PRIV_ADMIN)
Home directory:
Comment: ''
Flags: 66081 (UF_SCRIPT, UF_PASSWD_NOTREQD, UF_NORMAL_ACCOUNT, UF_DONT_EXPIRE_PASSWD)
Script path:
Operator privilege: 0 ()
Full name:
User comment: ''
Parms: ''
Workstations:
Last logon time: 02 July 2007 12:47:01 PM
Last logoff time: unknown
Account expires: never
Maximum discspace: unlimited
Units per week: 168
Logonhours: 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
Bad password count: 0
Total logins count: 4296
Logonserver: \\*
Countrycode: 0
Codepage: 0
User ID: 1006
Primary Group ID: 513
Profile path:
Home directory:
Password is not expired

Groups: ----------------------------------------------------------------------
D6FSN911\None (S-1-5-21-2745678790-2681017343-4103935507-513)
Everyone (S-1-1-0)
D6FSN911\Administrators (S-1-5-32-544)
D6FSN911\Users (S-1-5-32-545)
NT AUTHORITY\INTERACTIVE (S-1-5-4)
NT AUTHORITY\Authenticated Users (S-1-5-11)
<??> (S-1-5-5-0-80009)
LOCAL (S-1-2-0)

Privileges: ------------------------------------------------------------------
(X) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(0) SeCreateTokenPrivilege = Create a token object
(0) SeAssignPrimaryTokenPrivilege = Replace a process level token
(0) SeLockMemoryPrivilege = Lock pages in memory
(X) SeIncreaseQuotaPrivilege = Adjust memory quotas for a process
(0) SeUnsolicitedInputPrivilege = SeUnsolicitedInputPrivilege
(0) SeMachineAccountPrivilege = Add workstations to domain
(0) SeTcbPrivilege = Act as part of the operating system
(X) SeSecurityPrivilege = Manage auditing and security log
(X) SeTakeOwnershipPrivilege = Take ownership of files or other objects
(X) SeLoadDriverPrivilege = Load and unload device drivers
(X) SeSystemProfilePrivilege = Profile system performance
(X) SeSystemtimePrivilege = Change the system time
(X) SeProfileSingleProcessPrivilege = Profile single process
(X) SeIncreaseBasePriorityPrivilege = Increase scheduling priority
(X) SeCreatePagefilePrivilege = Create a pagefile
(0) SeCreatePermanentPrivilege = Create permanent shared objects
(0) SeBackupPrivilege = Back up files and directories
(0) SeRestorePrivilege = Restore files and directories
(X) SeShutdownPrivilege = Shut down the system
(X) SeDebugPrivilege = Debug programs
(0) SeAuditPrivilege = Generate security audits
(X) SeSystemEnvironmentPrivilege = Modify firmware environment values
(X) SeChangeNotifyPrivilege = Bypass traverse checking
(X) SeRemoteShutdownPrivilege = Force shutdown from a remote system
(X) SeUndockPrivilege = Remove computer from docking station
(0) SeSyncAgentPrivilege = Synchronize directory service data
(0) SeEnableDelegationPrivilege = Enable computer and user accounts to be trusted for delegation
(X) SeManageVolumePrivilege = Perform volume maintenance tasks
(X) SeImpersonatePrivilege = Impersonate a client after authentication
(X) SeCreateGlobalPrivilege = Create global objects

Environment variables: -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Charles\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=D6FSN911
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Charles
LOGONSERVER=\\D6FSN911
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Charles\LOCALS~1\Temp
TMP=C:\DOCUME~1\Charles\LOCALS~1\Temp
USERDOMAIN=D6FSN911
USERNAME=Charles
USERPROFILE=C:\Documents and Settings\Charles
windir=C:\WINDOWS
  • 0

#13
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
FluffyBunny (HijackThis) Report

Logfile of HijackThis v1.99.1
Scan saved at 10:48:05 PM, on 7/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimreal.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Common Files\AOL\1102131130\ee\AOLSoftware.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Netropa\OSD.exe
c:\program files\common files\aol\1102131130\ee\aolsoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wlxsphmh.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Hijackthis\fluffybunny.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Charles\Application Data\Mozilla\Profiles\default\euyuxbf0.slt\prefs.js)
O1 - Hosts: 66.159.18.187 www.n69.com
O1 - Hosts: 66.159.18.187 www.pillscash.com
O1 - Hosts: 66.159.18.187 cart.penispill.com
O1 - Hosts: 66.159.18.187 www.pillsmoney.com
O1 - Hosts: 66.159.18.187 www.pillmedics.com
O1 - Hosts: 66.159.18.187 www.big-[bleep].com
O1 - Hosts: 66.159.18.187 www.pluspills1.com
O1 - Hosts: 66.159.18.187 www.morepenis.com
O1 - Hosts: 66.159.18.187 www.1shoppingcart.com
O1 - Hosts: 66.159.18.187 www.herbalo.com
O1 - Hosts: 66.159.18.187 www.penilesecrets.com
O1 - Hosts: 66.159.18.187 www.penispill.com
O1 - Hosts: 66.159.18.187 penismedical.net
O1 - Hosts: 66.159.18.187 www.penismedical.net
O1 - Hosts: 66.159.18.187 www.herbalbucks.com
O1 - Hosts: 66.159.18.187 www.tv69.com
O1 - Hosts: 66.159.18.184 the.sextracker.com
O1 - Hosts: 66.159.18.184 lobby.sexlist.com
O1 - Hosts: 66.159.18.184 in.paycounter.com
O1 - Hosts: 66.159.18.184 adv.sexcounter.com
O1 - Hosts: 66.159.18.184 select.2000charge.com
O1 - Hosts: 66.159.18.184 secure.2000charge.com
O1 - Hosts: 66.159.18.184 www.signup.globill-systems.com
O1 - Hosts: 66.159.18.184 secure.visionbill.net
O1 - Hosts: 66.159.18.184 www.dibill.com
O1 - Hosts: 66.159.18.184 secure.dpbill.com
O1 - Hosts: 66.159.18.184 secure.dutchbilling.com
O1 - Hosts: 66.159.18.184 secure.pswbilling.com
O1 - Hosts: 66.159.18.184 www.maximumcash.com
O1 - Hosts: 66.159.18.184 www.adultrevenueservice.com
O1 - Hosts: 66.159.18.184 www.eroticacash.com
O1 - Hosts: 66.159.18.184 www.oxcash.com
O1 - Hosts: 66.159.18.184 track.oxcash.com
O1 - Hosts: 66.159.18.184 potd.oxcash.com
O1 - Hosts: 66.159.18.184 clicks2.oxcash.com
O1 - Hosts: 66.159.18.184 www.webmastersmakemoney.com
O1 - Hosts: 66.159.18.184 clicks.nastydollars.com
O1 - Hosts: 66.159.18.184 www.lightspeedcash.com
O1 - Hosts: 66.159.18.184 db.fetishcash.com
O1 - Hosts: 66.159.18.184 ctc.amateurpages.com
O1 - Hosts: 66.159.18.184 www2.karupspc.com
O1 - Hosts: 66.159.18.184 www.iteens.com
O1 - Hosts: 66.159.18.184 click.payserve.com
O1 - Hosts: 66.159.18.184 vip.mtree.com
O1 - Hosts: 66.159.18.184 c.fsx.com
O1 - Hosts: 66.159.18.184 adultfriendfinder.com
O1 - Hosts: 66.159.18.184 php.offshoreclicks.com
O1 - Hosts: 66.159.18.184 links.lifetimebucks.com
O1 - Hosts: 66.159.18.184 cgi.gammae.com
O1 - Hosts: 66.159.18.184 click.passiondollars.com
O1 - Hosts: 66.159.18.184 www.fatpockets.com
O1 - Hosts: 66.159.18.184 link.siccash.com
O1 - Hosts: 66.159.18.184 www.clickcash.com
O1 - Hosts: 66.159.18.184 www.scoreland.com
O1 - Hosts: 66.159.18.184 www.makingitpay.com
O1 - Hosts: 66.159.18.184 www.hpic.com
O1 - Hosts: 66.159.18.184 referral.topbucks.com
O1 - Hosts: 66.159.18.184 partner.globill-systems.com
O1 - Hosts: 66.159.18.184 www.pornstardollars.com
O1 - Hosts: 66.159.18.184 traffic.acpay.com
O1 - Hosts: 66.159.18.184 www.cashforlink.com
O1 - Hosts: 66.159.18.184 clickcash.webpower.com
O1 - Hosts: 66.159.18.184 www.dollars4babes.com
O1 - Hosts: 66.159.18.184 www.sexfantasyzone.com
O1 - Hosts: 66.159.18.184 www.twistyscash.com
O1 - Hosts: 66.159.18.184 www.freeticketcash.com
O1 - Hosts: 66.159.18.184 www.hawgscash.com
O1 - Hosts: 66.159.18.184 www.freeezinebucks.com
O1 - Hosts: 66.159.18.184 www.nastydollars.com
O1 - Hosts: 66.159.18.184 www.deluxepass.com
O1 - Hosts: 66.159.18.184 clicks.oxcash.com
O1 - Hosts: 66.159.18.184 ww2.amateur-pages.com
O1 - Hosts: 66.159.18.184 stats.allliquid.com
O1 - Hosts: 66.159.18.184 secure1.websitebilling.com
O1 - Hosts: 66.159.18.184 www.adultmovienetwork.com
O1 - Hosts: 66.159.18.184 www.totally4freecash.com
O1 - Hosts: 66.159.18.184 php.offshoreclicks.com
O1 - Hosts: 66.159.18.184 www.nocreditcard.com
O1 - Hosts: 66.159.18.184 clicks.uni-cash.com
O1 - Hosts: 66.159.18.184 www.clubpix.com
O1 - Hosts: 66.159.18.184 programs.wegcash.com
O1 - Hosts: 66.159.18.184 in.cybererotica.com
O1 - Hosts: 66.159.18.184 www.cybererotica.com
O1 - Hosts: 66.159.18.184 cybererotica.com
O1 - Hosts: 66.159.18.184 dollartraffic.com
O1 - Hosts: 66.159.18.184 www.xxxesscash.com
O1 - Hosts: 66.159.18.184 www.maturemoney.com
O1 - Hosts: 66.159.18.184 www.xpays.com
O1 - Hosts: 66.159.18.184 www.trueclicks.com
O1 - Hosts: 66.159.18.184 www.sexhit.com
O1 - Hosts: 66.159.18.184 www.blacksonblondes.com
O1 - Hosts: 66.159.18.184 partners.hotgold.com
O1 - Hosts: 66.159.18.184 www.thecashzone.com
O1 - Hosts: 66.159.18.184 db.smutcash.com
O1 - Hosts: 66.159.18.184 www.eroticcash.com
O1 - Hosts: 66.159.18.184 home.vividvip.com
O1 - Hosts: 66.159.18.184 www.stiffycash.com
O1 - Hosts: 66.159.18.184 gotd.stiffycash.com
O1 - Hosts: 66.159.18.184 cash.helmy.com
O1 - Hosts: 66.159.18.184 adultmegacash.com
O1 - Hosts: 66.159.18.184 amc2.adultmegacash.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1F6581D5-AA53-4b73-A6F9-41420C6B61F1} - C:\WINDOWS\system32\pqdnlsvm.dll
O2 - BHO: (no name) - {2E9D4C81-9F27-4c14-B804-7B0F6BC88A4F} - C:\Program Files\Outerinfo\Outerinfo.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {930A6598-B85A-416D-84A1-7E5BA3779894} - C:\WINDOWS\system32\mljjj.dll
O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\qomklki.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {E2EED4CE-4723-44E7-8778-D6D2077B05BE} - C:\WINDOWS\lbbho.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\version69ie7fix.dll
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1102131130\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [icq.com] rundll32.exe "C:\WINDOWS\system32\khsqycvl.dll",forkonce
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Outerinfo] "C:\Program Files\Outerinfo\Outerinfo.exe"
O4 - HKCU\..\Run: [OuterinfoUpdate] "C:\Program Files\Outerinfo\OuterinfoUpdate.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imageservr.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O15 - Trusted Zone: *.amaena.com (HKLM)
O15 - Trusted Zone: *.drivecleaner.com (HKLM)
O15 - Trusted Zone: *.errorprotector.com (HKLM)
O15 - Trusted Zone: *.errorsafe.com (HKLM)
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: *.imageservr.com (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantispyware.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - Trusted Zone: *.winfixer.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DED4415-9792-4E32-A720-1B988D69DB7A}: NameServer = 71.250.0.12 68.237.161.12
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: mljjj - C:\WINDOWS\system32\mljjj.dll
O20 - Winlogon Notify: qomklki - C:\WINDOWS\SYSTEM32\qomklki.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\wlxsphmh.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software - c:\program files\panda software\panda titanium 2006 antivirus + antispyware\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\psimsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Titanium 2006 Antivirus + Antispyware\TPSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#14
htv8

htv8

    Member

  • Member
  • PipPipPip
  • 110 posts
Hello grudz4prez. Good job! :whistling: Sorry for the delay in getting back to you.

One quick question: Did you have any Norton/Symantec products previously installed on your computer?

Now let's get started cleaning all the mess...
________________________________________________________________________________
Please print out or copy this page to Notepad.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If you have any queries about the process or just general questions, ask your question(s) before proceeding with the fixes.


You most likely got infected through file sharing. I see some P2P/File Sharing (related) programs installed in your computer: Ares 1.8.1, Kazaa 2.7.2 and Kazaa Media Desktop 2.1.1. Aside from the obvious legal issues, file sharing is one of the primary ways through which people become infected with malware. Anytime you are running any type of P2P application, you are more prone to infection.
I suggest to remove these programs. If you agree, go to Start > Control Panel > Add/Remove Programs and uninstall the following programs (if they are listed):
Ares 1.8.1
Kazaa 2.7.2
Kazaa Media Desktop 2.1.
If you do not want to uninstall (some of) these programs, please at least refrain from using any peer-to-peer programs for the remainder of my fix.

Step #1: Uninstall bad and rogue/suspect programs
Go to Start > Control Panel > Add/Remove Programs and uninstall the following programs (if they are listed):
Mirar <-- adware, see: Adware.Mirar - Symantec.com
Outerinfo <-- adware, see: Adware.PurityScan

I also see Viewpoint installed. Viewpoint is not a virus, neither it is a trojan. However, it is detected as a PUP (Potentially Unwanted Program). Viewpoint is an application that displays advertisements while searching the web. Additional information here: Viewpoint.
I suggest to remove this program. If you agree, go to Start > Control Panel > Add/Remove Programs and remove Viewpoint Media Player.

Step #2: Update Java SE Runtime Environment (JRE)
Your Java is out of date. Older versions have vulnerabilities that malware can and are using to infect systems. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them.
Please follow these steps to remove older version Java components:
1. Close all programs-- especially your web browser--so that you have nothing open and are at your Desktop.
2. Go to Start > Control Panel > Add/Remove Programs and remove Java 2 Runtime Environment, SE v1.4.0_03 and Java 2 Runtime Environment, SE v1.4.1_02.
3. Once all Java components are removed, reboot your computer.

Once rebooted, download and install the latest version of Java Runtime Environment (JRE) 6u2 by following these steps:
1. Go to http://java.sun.com/...loads/index.jsp.
2. Scroll down to where it says "Java Runtime Environment (JRE) 6u2 … The Java SE Runtime Environment (JRE) allows end-users to run Java applications.".
3. Click the Download button to the right.
4. Review the License Agreement and then select the radio button labelled "Accept License Agreement".
The page will refresh.
5. Click on the link to download the Windows Offline Installation and save the file to your Desktop.
6. From your Desktop, double-click the jre-6u2-windows-i586-p.exe file to install the newest version.

Step #3: Download and run SDFix
Download SDFix by clicking the download link below and save it to your Desktop.
Download SDFix (SDFix.exe)

Once downloaded, double-click SDFix.exe and it will extract the files to %systemdrive%, the drive that contains the Windows directory (typically C:\SDFix). Do NOT use SDFix yet.

Reboot your computer into SAFE MODE. Restart your computer and gently tap the F8 key repeatedly on your keyboard while starting up until you are presented with a new menu in which you can select the option for Safe Mode using the arrow keys on your keyboard.
For more information on how to boot your computer into Safe Mode, see this reference: How to start Windows into Safe Mode.


When in Safe Mode, please follow these steps:
1. Open the SDFix folder and double-click RunThis.bat to start the script.
2. Type Y to begin the cleanup process.
SDFix will remove any trojan services or registry entries that it finds and prompt you to press any key to reboot.
3. Press any key and it will restart the PC.
When the PC restarts, the fixtool will run again and complete the removal process.
4. When it then displays "Finished!", press any key to end the script and load your Desktop icons.
Once the Desktop icons load, the SDFix report will open on screen and also save into the SDFix folder as Report.txt. (Report.txt will also be copied to the clipboard ready for posting back on the forum.)
5. Please copy and paste the entire contents of the results file (Report.txt) in your next reply.

Step #4: Download and run VundoFix to get rid of Vundo
You have a Vundo infection. Download VundoFix.exe to your Desktop to get rid of it.
Download VundoFix.exe

Once downloaded, follow these steps to run VundoFix:
1. Double-click VundoFix.exe to run it.
2. Click the Scan for Vundo button.
3. Once it is done scanning, click the Remove Vundo button.
4. Click the Yes button at the prompt asking you if you want to remove the files.
NOTE: Once you click Yes, your Desktop will go blank as it starts removing Vundo.
5. When completed, it will prompt that it will reboot your computer. Click OK.
6. Post the entire contents of C:\vundofix.txt in your next reply.

NOTE: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from the second step - "2. Click the Scan for Vundo button." - when VundoFix appears upon rebooting.

Step #5: Re-scan with fluffybunny.exe (HijackThis)
Scan with HijackThis (fluffybunny.exe) again and post a new HijackThis log.
________________________________________________________________________________
So in your next reply, please post the entire contents of:
- the SDFix report (Report.txt)
- C:\vundofix.txt
- a new HijackThis log
NOTE: Use several posts if necessary to include everything in the logs.
  • 0

#15
grudz4prez

grudz4prez

    Member

  • Topic Starter
  • Member
  • PipPip
  • 46 posts
Hello,

Sorry it took me a little bit to respond back...encountered a new issue. Trying to reboot into safe mode, I encountered a, what I've now learned, is a blue screen of death. I kept trying to go into safe mode, and kept crashing.

Now, I deleted one version of Kazaa, the other wouldn't let me..got a pop error box that said: "Error Loading C:\WINDOWS\System32\cd_clint.dll and that the specified module could not be found"...the Ares will stay. It's not used, but the stuff I've purchased from Itunes is in there and I want to sort it out before deleting anything I don't want to...but, you have my word, it won't be touched.

Also uninstalled the two javas and installed the new one and downloaded both the SDFix and the Vundo fix software. Didn't run the Vundo because you said not to do the steps out of order...

So, how to proceed if I can't get into Safe Mode. I have a feeling that the BSOD is related to Itunes...but I can't tell for sure. Again, I am so sorry you responded to my post, but I can't tell you how grateful I am for your help.

Hope you had a productive weekend!

-Charles
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP