Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help me with trojan-spy.HTML.smitfraud.c [RESOLVED]


  • This topic is locked This topic is locked

#1
jknieser

jknieser

    New Member

  • Member
  • Pip
  • 7 posts
Hi friends,

I am having trouble with Trojan-Spy.html.smitfraud.c virus and need to help me to remove it from my computer. :tazz:

I do not have Hijackthis. where do i get it?

Please advise me how to resolve the problem. Thank you very much in advance.

JK
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi lknieser and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. Go to Geeks to Go
. Click on My Controls at the top right hand corner of the window. (make sure you have signed in first)
. In the left hand column, click "View Topics"
. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please follow all the instructions which can be found here, then post your HJT log.

http://www.geekstogo..._Log-t2852.html


Trevuren
  • 0

#3
jknieser

jknieser

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks in advance
here is my Highjack this log
look forward to hearing from ya soon
JK



Logfile of HijackThis v1.99.1
Scan saved at 3:38:23 PM, on 7/27/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\WINNT\System32\RUNDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\GoogleDCC\GoogleDCC.exe
C:\Program Files\GoogleDCC\GoogleFah\GoogleFah.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\GoogleDCC\GoogleFah\GoogleFahCore_65.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ganm\LOCALS~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\netware\nwws2sap.dll' missing
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Download CW-Shredder at the link below: (don't run it yet)
http://cwshredder.ne.../CWShredder.exe

Download 'SpSeHjfix'. >>> http://www.derbilk.de/SpSeHjfix112.zip

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure these 3 are checked and then press *ok* to remove:

Temporary Files
Temporary Internet Files
Recycle Bin


Make sure you know how to boot into - SafeMode

Reboot into safe mode.

Disconnect from the net and Close ALL OPEN PROGRAMS.
Run 'SpSeHjfix'. and click on "Start Disinfection".
When it's finished it will reboot your machine to finish the cleaning process.
The tool creates a log of the fix which will appear in the folder.

Now run the Shredder - Hit The FIX button!

Reboot and repeat the process above.

Reboot and post a fresh HJT log and the log that was created by 'SpSeHjfix'.

  • 0

#5
jknieser

jknieser

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
i did as you said in your post but when i tried to use shreder it couldn't find it (shreder that is) and then i booted back up into regular windows and i can't get on the internet right now i am on my other computer.
plz help
JK
  • 0

#6
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Do a search for CWShredder through your Windows search function.


Trevuren
  • 0

#7
jknieser

jknieser

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok i did the search and it is there But it can't find the dll file. i downloaded it onto my other computer and tranferd it over the LAN but it still won't find the dll
it says:
The dyamic link libary WININET.dll could not be found in the specified path

and also i still can't get on the internet still

Plz Hlp
JK

Edited by jknieser, 28 July 2005 - 07:13 AM.

  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Malicious .DLL file(s) has/have disrupted the LSP chain on your computer. This can be seen by the (010) entry(ies) in your HJT log. We must fix this problem as a priority.

1. Backup the registry by going to Start>Run> and type ‘regedit’ without the quotes. Then on the file menu choose ‘export’ in XP.

2. Download the LSPfix.txt and read the readme file.

3. Download LSPfix.zip or LSPfix.exe

4. Close all windows except LSPfix

5. Launch LSPfix.zip and install to its own folder, then click on LSPfix.exe. Or click on LSPfix.exe and it will launch the program.

6. Put a check mark in the box “I know what I am doing

7. Click ‘Finish

7. REBOOT to complete the task.

8. Now RUN HJT, click Scan and POST a new log file in this thread using “Add Reply”. Try out your internet and include the result in your reply.

Regards,

Trevuren

  • 0

#9
jknieser

jknieser

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is my latest highjackthis log.
my internet and dll files are still missed up. it also looks like something is wrong with RUN DLL. it doesn't look like to much is happening. not much progress is going on. the virus or what ever it is is just chilling there and won't move.
Plz responed soon
JK


Logfile of HijackThis v1.99.1
Scan saved at 2:23:16 PM, on 7/28/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\Explorer.EXE
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
We are nearly finished cleaning up this mess, then we can try and get you back online.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • We need to make sure all hidden files are showing so please:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • Please RUN HijackThis, click the SCAN button to produce a log.
    • Place a check mark beside each one of the following items:

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      O4 - HKLM\..\Run: [exp.exe] C:\WINNT\System32\exp.exe
      O4 - HKLM\..\Run: [msst] C:\Documents and Settings\All Users\Application Data\msst\mssts.exe
      O4 - HKLM\..\Run: [iyxxjav] C:\WINNT\System32\iyxxjav.exe
      O4 - HKLM\..\Run: [intel32.exe] C:\WINNT\System32\intel32.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O15 - Trusted Zone: http://www.neededware.com
    • Now with all the items selected, and all windows closed except for HJT, DELETE them by clicking the FIX checked button and EXIT the program.
  • Reboot Your System in Safe Mode

    How To Start To Safe Mode In Windows 2000
    • Turn the computer on
    • When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key.
    • The Windows 2000 Advanced Options Menu will appear.
    • Choose the Safe mode option. (it is usually the first item in the list).
    • Use the arrow keys to select it if it is not selected by default.
    • Press Enter. The computer will start in Safe mode.
    • When finished troubleshooting, close all programs and restart the computer as you normally would.
  • Using Windows Explorer, locate the following files/folders (with all their content), and DELETE them (if they are present):

    C:\WINNT\System32\exp.exe
    C:\Documents and Settings\All Users\Application Data\msst<===Folder
    C:\WINNT\System32\iyxxjav.exe
    C:\WINNT\System32\intel32.exe

  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren

  • 0

#11
jknieser

jknieser

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Ok, did everything. The same errors come up but here's the Log:

Logfile of HijackThis v1.99.1
Scan saved at 4:59:41 PM, on 7/28/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
c:\Program Files\Network Associates\VirusScan\VsStat.exe
c:\Program Files\Network Associates\VirusScan\Vshwin32.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
c:\Program Files\Network Associates\VirusScan\Avconsol.exe
c:\Program Files\Network Associates\VirusScan\Webscanx.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\ganm\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by LDS Church
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [GoogleDCClient] C:\Program Files\GoogleDCC\GoogleDCC.exe -startup
O4 - Global Startup: Microsoft Office.LNK = C:\Program Files\MICROSOFT OFFICE\OFFICE\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\WINNT\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\WINNT\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\WINNT\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\WINNT\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\WINNT\GoogleToolbar.dll/cmtrans.html
O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - c:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - Unknown owner - c:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Unknown owner - C:\WINNT\System32\NALNTSRV.EXE (file missing)
O23 - Service: Remote management (Novell WUser Agent) - Unknown owner - C:\NOVELL\ZENRC\wuser32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Documents and Settings\ganm\Desktop\Simple Desktop\VNC4\WinVNC4.exe" -service (file missing)
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1. Were these proxies set by you or with your approval?

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = INETPROXY:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 10.*;192.168.*;<local>


2. Do you want all these in your trusted zone?

O15 - Trusted Zone: http://M5F8EDAZ5E3BZ...DESERETBOOK.NET
O15 - Trusted Zone: http://w12345678.gl.DESERETBOOK.NET
O15 - Trusted Zone: http://library.lds.org
O15 - Trusted Zone: http://customer-conn....peoplesoft.com
O15 - Trusted Zone: http://library.lds.org (HKLM)



Regards,

Trevuren

  • 0

#13
jknieser

jknieser

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Trevuren,
Hey thank you so much for all of your help! I have decided to reformat my computer and upgrade to windows XP I was looking for an excuse and this is it. sorry if I wasted any of your time. but the virus appears to be too deep at least for now to remove it as fast we need it to be removed. so thank you again
and God bless
JK :tazz:
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Good Luck and Safe Surfing


Trevuren
  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP