Everything was successful, except for the Kaspersky Online Scanner. When I clicked on the link, another window opened as if it was about to do the scan, but then I received an error message, "Internet Explorer has encountered a problem and needs to close." I tried the scan several times, but the error persisted.
Hosed with Internet Speed Monitor, Outerinfo, & Brave Sentry [Reso
Started by
amywendlt
, Nov 20 2007 07:53 PM
#16
Posted 21 November 2007 - 11:13 PM
Everything was successful, except for the Kaspersky Online Scanner. When I clicked on the link, another window opened as if it was about to do the scan, but then I received an error message, "Internet Explorer has encountered a problem and needs to close." I tried the scan several times, but the error persisted.
#17
Posted 22 November 2007 - 07:10 AM
That is fine.
First let's see what AVG as finds.
Then we will go from there.
=========================
Please update AVG antispyware.
To do this:
After that then try the Kaspersky scan again.
If it does not work then try this one:
Please go HERE to run Panda's ActiveScan
After that please post back with these logs:
New Hijackthis log
Panda scan (Or Kaspersky)log(s)
First let's see what AVG as finds.
Then we will go from there.
=========================
Please update AVG antispyware.
To do this:
- locate the icon on the desktop and double-click it to launch the program.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
- Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
- Under "Reports"
- unSelect "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
- Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess: - Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - Make sure that Set all elements to: shows Quarantine <== This is important
- Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
- When the program has finished, it will display the message All actions have been applied.
- Then click the Save Scan Report button.
- Click the Save Report as button.
- Save the report to your Desktop.
After that then try the Kaspersky scan again.
If it does not work then try this one:
Please go HERE to run Panda's ActiveScan
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on My Computer to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
After that please post back with these logs:
New Hijackthis log
Panda scan (Or Kaspersky)log(s)
#18
Posted 22 November 2007 - 01:54 PM
kahdah,
The Kaspersky scan failed again, but the Panda scan worked.
========================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:12 AM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6183 bytes
The Kaspersky scan failed again, but the Panda scan worked.
========================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:12 AM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6183 bytes
#19
Posted 22 November 2007 - 01:56 PM
Panda Scan
=========
Incident Status Location
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url
Adware:adware/cydoor Not disinfected c:\winnt\cdmxtras
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Virus:Trj/Downloader.RBV Disinfected C:\23.tmp
Virus:Trj/Downloader.RBV Disinfected C:\2E.tmp
Virus:Trj/Downloader.RBV Disinfected C:\3C9.tmp
Virus:W32/Nuwar.JT.worm Disinfected C:\dj5100\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\MySpace\IM\Install\_install.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\meat lips@atdmt[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\apps\Process.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/away.exe.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/b103.exe]
Virus:Trj/Agent.GXF Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/b111.exe]
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/dllh8jkd1q2.exe]
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/kernelwind32.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mexekisol77798.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu1000106.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu27.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu72.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu72.exe.tmp]
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/noskrnl.exe]
Virus:Trj/Spammer.AES Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/spoolsvv.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe][TTC.dll]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe][folder.js]
Virus:W32/Nuwar.JX.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga1me4t1.exe]
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga3me2.exe]
Virus:Trj/Downloader.REM Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga5me3.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/Yazzle1552OinUninstaller.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem(2).exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Hackload.A Disinfected C:\qoobox\Quarantine\C\Documents and Settings\Administrator\smss.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINNT\b128.exe.vir
Adware:Adware/CWS Not disinfected C:\qoobox\Quarantine\C\WINNT\mmall.exe.vir
Virus:Trj/Hackload.A Disinfected C:\qoobox\Quarantine\C\WINNT\system32\drivers\smss.exe.vir
Virus:Trj/Downloader.REM Disinfected C:\qoobox\Quarantine\C\WINNT\system32\g2\bemwdll3.exe.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINNT\system32\i2\mper83122.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINNT\system32\mstaskmgr.exe.vir
Virus:W32/Nuwar.JX.worm Disinfected C:\qoobox\Quarantine\C\WINNT\system32\newmaxxsv234.exe.vir
Spyware:Spyware/Vundo Not disinfected C:\qoobox\Quarantine\catchme2007-11-21_165719.17.zip[ssqoo.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\NirCmd.exe
Virus:Trj/Downloader.QKJ Disinfected C:\WINNT\system32\wbem\csrss.exe
=========
Incident Status Location
Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url
Adware:adware/cydoor Not disinfected c:\winnt\cdmxtras
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Virus:Trj/Downloader.RBV Disinfected C:\23.tmp
Virus:Trj/Downloader.RBV Disinfected C:\2E.tmp
Virus:Trj/Downloader.RBV Disinfected C:\3C9.tmp
Virus:W32/Nuwar.JT.worm Disinfected C:\dj5100\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\MySpace\IM\Install\_install.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\meat lips@atdmt[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\apps\Process.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/away.exe.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/b103.exe]
Virus:Trj/Agent.GXF Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/b111.exe]
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/dllh8jkd1q2.exe]
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/kernelwind32.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mexekisol77798.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu1000106.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu27.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu72.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu72.exe.tmp]
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/noskrnl.exe]
Virus:Trj/Spammer.AES Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/spoolsvv.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe][TTC.dll]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe][folder.js]
Virus:W32/Nuwar.JX.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga1me4t1.exe]
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga3me2.exe]
Virus:Trj/Downloader.REM Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga5me3.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/Yazzle1552OinUninstaller.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem(2).exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Hackload.A Disinfected C:\qoobox\Quarantine\C\Documents and Settings\Administrator\smss.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINNT\b128.exe.vir
Adware:Adware/CWS Not disinfected C:\qoobox\Quarantine\C\WINNT\mmall.exe.vir
Virus:Trj/Hackload.A Disinfected C:\qoobox\Quarantine\C\WINNT\system32\drivers\smss.exe.vir
Virus:Trj/Downloader.REM Disinfected C:\qoobox\Quarantine\C\WINNT\system32\g2\bemwdll3.exe.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINNT\system32\i2\mper83122.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINNT\system32\mstaskmgr.exe.vir
Virus:W32/Nuwar.JX.worm Disinfected C:\qoobox\Quarantine\C\WINNT\system32\newmaxxsv234.exe.vir
Spyware:Spyware/Vundo Not disinfected C:\qoobox\Quarantine\catchme2007-11-21_165719.17.zip[ssqoo.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\NirCmd.exe
Virus:Trj/Downloader.QKJ Disinfected C:\WINNT\system32\wbem\csrss.exe
Edited by amywendlt, 22 November 2007 - 01:58 PM.
#20
Posted 22 November 2007 - 03:57 PM
Please download the OTMoveIt by OldTimer.
=======================================
Please post back with the OTMove it log and a new Hijackthis log.
- Save it to your desktop.
- Please double-click OTMoveIt.exe to run it.
- Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url
c:\winnt\cdmxtras
C:\Documents and Settings\Administrator\Desktop\SDFix
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
C:\Documents and Settings\Administrator\Desktop\smitRem.exe
C:\WINNT\SYSTEM32\cryptnet32.dll
- Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
- Click the red Moveit! button.
Click "Exit" to close OTMoveIt.
**When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")
=======================================
Please post back with the OTMove it log and a new Hijackthis log.
#21
Posted 22 November 2007 - 05:13 PM
OTMoveIt
========
C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url moved successfully.
c:\winnt\cdmxtras moved successfully.
Folder move failed. C:\Documents and Settings\Administrator\Desktop\SDFix\backups\HOSTS scheduled to be moved on reboot.
C:\Documents and Settings\Administrator\Desktop\SDFix\backups moved successfully.
C:\Documents and Settings\Administrator\Desktop\SDFix moved successfully.
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix moved successfully.
C:\Documents and Settings\Administrator\Desktop\smitRem.exe moved successfully.
File/Folder C:\WINNT\SYSTEM32\cryptnet32.dll not found.
Created on 11/22/2007 15:08:20
========
C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url moved successfully.
c:\winnt\cdmxtras moved successfully.
Folder move failed. C:\Documents and Settings\Administrator\Desktop\SDFix\backups\HOSTS scheduled to be moved on reboot.
C:\Documents and Settings\Administrator\Desktop\SDFix\backups moved successfully.
C:\Documents and Settings\Administrator\Desktop\SDFix moved successfully.
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix moved successfully.
C:\Documents and Settings\Administrator\Desktop\smitRem.exe moved successfully.
File/Folder C:\WINNT\SYSTEM32\cryptnet32.dll not found.
Created on 11/22/2007 15:08:20
Edited by amywendlt, 22 November 2007 - 05:18 PM.
#22
Posted 22 November 2007 - 05:17 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:40 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6286 bytes
Scan saved at 3:14:40 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6286 bytes
#23
Posted 22 November 2007 - 06:29 PM
Please reopen Hijackthis and dhoose Do a system scan only.
Place a check mark next to this entry:
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
Now click on Fix Checked and then close Hijackthis and then reboot.
Please then post back with another Hijackthis log.
Place a check mark next to this entry:
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
Now click on Fix Checked and then close Hijackthis and then reboot.
Please then post back with another Hijackthis log.
#24
Posted 22 November 2007 - 06:43 PM
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:40 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6286 bytes
Scan saved at 4:41:40 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6286 bytes
#25
Posted 22 November 2007 - 06:50 PM
1. Please download The Avenger by Swandog46 to your Desktop.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Click on Avenger.zip to open the file
- Extract avenger.exe to your desktop
Files to delete: C:\WINNT\SYSTEM32\cryptnet32.dll Registry keys to delete: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32"
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
3. Now, start The Avenger program by clicking on its icon on your desktop.
- Under "Script file to execute" choose "Input Script Manually".
- Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
- Paste the text copied to clipboard into this window by pressing (Ctrl+V).
- Click Done
- Now click on the Green Light to begin execution of the script
- Answer "Yes" twice when prompted.
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command window on your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
#26
Posted 22 November 2007 - 07:24 PM
Avenger
=========
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\icqugiqs
*******************
Script file located at: \??\C:\gcumjbyq.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINNT\SYSTEM32\cryptnet32.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
=========
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\icqugiqs
*******************
Script file located at: \??\C:\gcumjbyq.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINNT\SYSTEM32\cryptnet32.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32 deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
#27
Posted 22 November 2007 - 07:25 PM
HJT
=====
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:31 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6283 bytes
=====
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:31 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
--
End of file - 6283 bytes
#28
Posted 22 November 2007 - 07:37 PM
Please reopen Hijackthis and choose Do a system scan only.
Place a check mark next to this entry:
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
Now click on Fix Checked and then close Hijackthis and then reboot.
Please then post back with another Hijackthis log.
[/quote]
Place a check mark next to this entry:
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
Now click on Fix Checked and then close Hijackthis and then reboot.
Please then post back with another Hijackthis log.
[/quote]
Edited by kahdah, 22 November 2007 - 07:37 PM.
#29
Posted 22 November 2007 - 07:47 PM
Looks like the little bugger wont delete!
==========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:18 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook
Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend
Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
C:\windows\system32\blank.htm
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\
Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and
Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert]
C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma
Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook
Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook
Adapter.lnk = C:\Program
Files\Linksys\Wireless-G Notebook
Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook
Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3
000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars -
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -
C:\Program
Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker -
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} -
C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger
- {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage -
http://download.game...games/clients/y
/it1_x.cab
O16 - DPF: Yahoo! Euchre -
http://download.game...games/clients/y
/et1_x.cab
O16 - DPF:
{02CF1781-EA91-4FA5-A200-646E8241987C}
(VaioInfo.CMClass) -
http://esupport.sony.com/VaioInfo.CAB
O16 - DPF:
{17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://www.update.mi...windowsupdate/v
6/V5Controls/en/x86/client/wuweb_site.cab?11947
24659312
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://www.update.mi...microsoftupdate
/v6/V5Controls/en/x86/client/muweb_site.cab?119
5003667719
O16 - DPF:
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoft...ivescan/as5free
/asinst.cab
O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial
cpcScan) -
http://www.crucial.c.../cpcScanner.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BA
D-44DA-BBE0-034289F6E3CB}: NameServer =
68.87.76.178,68.87.78.130
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C8
8-4A13-A94C-73523E156B51}: NameServer =
68.87.76.178,
O17 -
HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BA
D-44DA-BBE0-034289F6E3CB}: NameServer =
68.87.76.178,68.87.78.130
O17 -
HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BA
D-44DA-BBE0-034289F6E3CB}: NameServer =
68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 -
C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service
(aawservice) - Lavasoft AB - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner
- C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT
s.r.o. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer,
Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner -
C:\Program Files\Linksys\Wireless-G Notebook
Adapter\NICServ.exe
--
End of file - 6335 bytes
==========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:18 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
(6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware
2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook
Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend
Micro\HijackThis\fixthis.exe
R0 - HKCU\Software\Microsoft\Internet
Explorer\Main,Local Page =
C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet
Explorer\Main,Local Page =
C:\windows\system32\blank.htm
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\
Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and
Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert]
C:\Program
Files\Symantec\LiveUpdate\ALUNotify.exe (User
'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver
Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User
'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce:
[^SetupICWDesktop] C:\Program Files\Internet
Explorer\Connection Wizard\icwconn1.exe
/desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma
Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook
Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook
Adapter.lnk = C:\Program
Files\Linksys\Wireless-G Notebook
Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook
Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to
Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3
000
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars -
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -
C:\Program
Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker -
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} -
C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger
- {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage -
http://download.game...games/clients/y
/it1_x.cab
O16 - DPF: Yahoo! Euchre -
http://download.game...games/clients/y
/et1_x.cab
O16 - DPF:
{02CF1781-EA91-4FA5-A200-646E8241987C}
(VaioInfo.CMClass) -
http://esupport.sony.com/VaioInfo.CAB
O16 - DPF:
{17492023-C23A-453E-A040-C7C580BBF700} (Windows
Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204
O16 - DPF:
{6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://www.update.mi...windowsupdate/v
6/V5Controls/en/x86/client/wuweb_site.cab?11947
24659312
O16 - DPF:
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://www.update.mi...microsoftupdate
/v6/V5Controls/en/x86/client/muweb_site.cab?119
5003667719
O16 - DPF:
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
(ActiveScan Installer Class) -
http://acs.pandasoft...ivescan/as5free
/asinst.cab
O16 - DPF:
{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial
cpcScan) -
http://www.crucial.c.../cpcScanner.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BA
D-44DA-BBE0-034289F6E3CB}: NameServer =
68.87.76.178,68.87.78.130
O17 -
HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C8
8-4A13-A94C-73523E156B51}: NameServer =
68.87.76.178,
O17 -
HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BA
D-44DA-BBE0-034289F6E3CB}: NameServer =
68.87.76.178,68.87.78.130
O17 -
HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BA
D-44DA-BBE0-034289F6E3CB}: NameServer =
68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 -
C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service
(aawservice) - Lavasoft AB - C:\Program
Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner
- C:\Program Files\Common Files\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT
s.r.o. - C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager
(IDriverT) - Macrovision Corporation -
C:\Program Files\Common
Files\InstallShield\Driver\11\Intel
32\IDriverT.exe
O23 - Service: iPodService - Apple Computer,
Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner -
C:\Program Files\Linksys\Wireless-G Notebook
Adapter\NICServ.exe
--
End of file - 6335 bytes
#30
Posted 22 November 2007 - 08:34 PM
Please submit the following file to one of these online file scanners.
(All you have to do is copy and paste it in )
C:\WINNT\SYSTEM32\cryptnet32.dll
Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
(All you have to do is copy and paste it in )
C:\WINNT\SYSTEM32\cryptnet32.dll
Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users