Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hosed with Internet Speed Monitor, Outerinfo, & Brave Sentry [Reso

Started by amywendlt , Nov 20 2007 07:53 PM

  • This topic is locked This topic is locked

#16
amywendlt
Posted 21 November 2007 - 11:13 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
kahdah

Everything was successful, except for the Kaspersky Online Scanner. When I clicked on the link, another window opened as if it was about to do the scan, but then I received an error message, "Internet Explorer has encountered a problem and needs to close." I tried the scan several times, but the error persisted.
  • 0

Advertisements

#17
kahdah
Posted 22 November 2007 - 07:10 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
That is fine.

First let's see what AVG as finds.
Then we will go from there.
=========================
Please update AVG antispyware.
To do this:
  • locate the icon on the desktop and double-click it to launch the program.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • unSelect "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • Make sure that Set all elements to: shows Quarantine <== This is important
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
=============================
After that then try the Kaspersky scan again.
If it does not work then try this one:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
==========================================================
After that please post back with these logs:
New Hijackthis log
Panda scan (Or Kaspersky)log(s)
  • 0

#18
amywendlt
Posted 22 November 2007 - 01:54 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
kahdah,

The Kaspersky scan failed again, but the Panda scan worked.

========================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:12 AM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6183 bytes
  • 0

#19
amywendlt
Posted 22 November 2007 - 01:56 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Panda Scan
=========

Incident Status Location

Potentially unwanted tool:application/regclean32 Not disinfected C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url
Adware:adware/cydoor Not disinfected c:\winnt\cdmxtras
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/mirar Not disinfected Windows Registry
Virus:Trj/Downloader.RBV Disinfected C:\23.tmp
Virus:Trj/Downloader.RBV Disinfected C:\2E.tmp
Virus:Trj/Downloader.RBV Disinfected C:\3C9.tmp
Virus:W32/Nuwar.JT.worm Disinfected C:\dj5100\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{3E908702-AF35-4611-9518-955DA24B7E07}\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\_install.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Application Data\MySpace\IM\Install\_install.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\meat lips@atdmt[2].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator\Desktop\ComboFix.exe[nircmd.cfexe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\apps\Process.exe
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/away.exe.exe]
Virus:Generic Malware Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/b103.exe]
Virus:Trj/Agent.GXF Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/b111.exe]
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/dllh8jkd1q2.exe]
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/kernelwind32.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mexekisol77798.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu1000106.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu27.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu72.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/mrofinu72.exe.tmp]
Virus:W32/Nuwar.JT.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/noskrnl.exe]
Virus:Trj/Spammer.AES Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/spoolsvv.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe][TTC.dll]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/TTC-4444.exe][folder.js]
Virus:W32/Nuwar.JX.worm Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga1me4t1.exe]
Virus:Trj/Downloader.MDW Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga3me2.exe]
Virus:Trj/Downloader.REM Disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/vedxga5me3.exe]
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix\backups\backups.zip[backups/Yazzle1552OinUninstaller.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Administrator\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem(2).exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Trj/Hackload.A Disinfected C:\qoobox\Quarantine\C\Documents and Settings\Administrator\smss.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINNT\b128.exe.vir
Adware:Adware/CWS Not disinfected C:\qoobox\Quarantine\C\WINNT\mmall.exe.vir
Virus:Trj/Hackload.A Disinfected C:\qoobox\Quarantine\C\WINNT\system32\drivers\smss.exe.vir
Virus:Trj/Downloader.REM Disinfected C:\qoobox\Quarantine\C\WINNT\system32\g2\bemwdll3.exe.vir
Adware:Adware/TTC Not disinfected C:\qoobox\Quarantine\C\WINNT\system32\i2\mper83122.exe.vir
Virus:Trj/Downloader.MDW Disinfected C:\qoobox\Quarantine\C\WINNT\system32\mstaskmgr.exe.vir
Virus:W32/Nuwar.JX.worm Disinfected C:\qoobox\Quarantine\C\WINNT\system32\newmaxxsv234.exe.vir
Spyware:Spyware/Vundo Not disinfected C:\qoobox\Quarantine\catchme2007-11-21_165719.17.zip[ssqoo.dll]
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINNT\NirCmd.exe
Virus:Trj/Downloader.QKJ Disinfected C:\WINNT\system32\wbem\csrss.exe

Edited by amywendlt, 22 November 2007 - 01:58 PM.

  • 0

#20
kahdah
Posted 22 November 2007 - 03:57 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url
    c:\winnt\cdmxtras
    C:\Documents and Settings\Administrator\Desktop\SDFix
    C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    C:\Documents and Settings\Administrator\Desktop\smitRem.exe
    C:\WINNT\SYSTEM32\cryptnet32.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
    Click "Exit" to close OTMoveIt.

    **When ready to Reply on the forum, please Paste the content of the latest log which is located at the root of the drive where the OTMoveIt folder is:
    C:\_OTMoveIt\MovedFiles\********_******.log
    (where "********_******" is the "date_time")
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=======================================
Please post back with the OTMove it log and a new Hijackthis log.
  • 0

#21
amywendlt
Posted 22 November 2007 - 05:13 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
OTMoveIt
========

C:\Documents and Settings\Administrator\Desktop\Click to Find and Fix Errors.url moved successfully.
c:\winnt\cdmxtras moved successfully.
Folder move failed. C:\Documents and Settings\Administrator\Desktop\SDFix\backups\HOSTS scheduled to be moved on reboot.
C:\Documents and Settings\Administrator\Desktop\SDFix\backups moved successfully.
C:\Documents and Settings\Administrator\Desktop\SDFix moved successfully.
C:\Documents and Settings\Administrator\Desktop\SmitfraudFix moved successfully.
C:\Documents and Settings\Administrator\Desktop\smitRem.exe moved successfully.
File/Folder C:\WINNT\SYSTEM32\cryptnet32.dll not found.

Created on 11/22/2007 15:08:20

Edited by amywendlt, 22 November 2007 - 05:18 PM.

  • 0

#22
amywendlt
Posted 22 November 2007 - 05:17 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:14:40 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6286 bytes
  • 0

#23
kahdah
Posted 22 November 2007 - 06:29 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please reopen Hijackthis and dhoose Do a system scan only.
Place a check mark next to this entry:

O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll

Now click on Fix Checked and then close Hijackthis and then reboot.

Please then post back with another Hijackthis log.
  • 0

#24
amywendlt
Posted 22 November 2007 - 06:43 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:40 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6286 bytes
  • 0

#25
kahdah
Posted 22 November 2007 - 06:50 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\WINNT\SYSTEM32\cryptnet32.dll

Registry keys to delete:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32"

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply
  • 0

Advertisements

#26
amywendlt
Posted 22 November 2007 - 07:24 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Avenger
=========

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\icqugiqs

*******************

Script file located at: \??\C:\gcumjbyq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINNT\SYSTEM32\cryptnet32.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
  • 0

#27
amywendlt
Posted 22 November 2007 - 07:25 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
HJT
=====

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:22:31 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\fixthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194724659312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1195003667719
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C88-4A13-A94C-73523E156B51}: NameServer = 68.87.76.178,
O17 - HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O17 - HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BAD-44DA-BBE0-034289F6E3CB}: NameServer = 68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe

--
End of file - 6283 bytes
  • 0

#28
kahdah
Posted 22 November 2007 - 07:37 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please reopen Hijackthis and choose Do a system scan only.
Place a check mark next to this entry:

O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)

Now click on Fix Checked and then close Hijackthis and then reboot.

Please then post back with another Hijackthis log.
[/quote]

Edited by kahdah, 22 November 2007 - 07:37 PM.

  • 0

#29
amywendlt
Posted 22 November 2007 - 07:47 PM

amywendlt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Looks like the little bugger wont delete!
==========================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:18 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware

2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\atievxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware

7.5\guard.exe
C:\Program Files\Linksys\Wireless-G Notebook

Adapter\NICServ.exe
C:\WINNT\system32\wscntfy.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend

Micro\HijackThis\fixthis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =

C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =

C:\windows\system32\blank.htm
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\

Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat

6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvMainApp] "C:\Documents and

Settings\All Users\Application Data\nvapp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck]

%systemroot%\system32\dumprep 0 -k
O4 - HKUS\S-1-5-19\..\Run: [Symantec NetDriver

Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [ALUAlert]

C:\Program

Files\Symantec\LiveUpdate\ALUNotify.exe (User

'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce:

[^SetupICWDesktop] C:\Program Files\Internet

Explorer\Connection Wizard\icwconn1.exe

/desktop (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Symantec NetDriver

Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User

'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce:

[^SetupICWDesktop] C:\Program Files\Internet

Explorer\Connection Wizard\icwconn1.exe

/desktop (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver

Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User

'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce:

[^SetupICWDesktop] C:\Program Files\Internet

Explorer\Connection Wizard\icwconn1.exe

/desktop (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver

Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User

'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce:

[^SetupICWDesktop] C:\Program Files\Internet

Explorer\Connection Wizard\icwconn1.exe

/desktop (User 'Default user')
O4 - Global Startup: Adobe Gamma

Loader.lnk.disabled
O4 - Global Startup: Wireless-G Notebook

Adapter with SpeedBooster Utility.lnk.disabled
O4 - Global Startup: Wireless-G Notebook

Adapter.lnk = C:\Program

Files\Linksys\Wireless-G Notebook

Adapter\Gcc.exe
O4 - Global Startup: Wireless-G Notebook

Adapter.lnk.disabled
O8 - Extra context menu item: E&xport to

Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3

000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PokerStars -

{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} -

C:\Program

Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Bodog Poker -

{F47C1DB5-ED21-4dc1-853E-D1495792D4C5} -

C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger

- {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.myspace.com
O16 - DPF: Yahoo! Cribbage -

http://download.game...games/clients/y

/it1_x.cab
O16 - DPF: Yahoo! Euchre -

http://download.game...games/clients/y

/et1_x.cab
O16 - DPF:

{02CF1781-EA91-4FA5-A200-646E8241987C}

(VaioInfo.CMClass) -

http://esupport.sony.com/VaioInfo.CAB
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700} (Windows

Genuine Advantage Validation Tool) -

http://go.microsoft....k/?linkid=39204
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://www.update.mi...windowsupdate/v

6/V5Controls/en/x86/client/wuweb_site.cab?11947

24659312
O16 - DPF:

{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://www.update.mi...microsoftupdate

/v6/V5Controls/en/x86/client/muweb_site.cab?119

5003667719
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoft...ivescan/as5free

/asinst.cab
O16 - DPF:

{A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial

cpcScan) -

http://www.crucial.c.../cpcScanner.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{498C630D-9BA

D-44DA-BBE0-034289F6E3CB}: NameServer =

68.87.76.178,68.87.78.130
O17 -

HKLM\System\CCS\Services\Tcpip\..\{8B19DE9E-6C8

8-4A13-A94C-73523E156B51}: NameServer =

68.87.76.178,
O17 -

HKLM\System\CS1\Services\Tcpip\..\{498C630D-9BA

D-44DA-BBE0-034289F6E3CB}: NameServer =

68.87.76.178,68.87.78.130
O17 -

HKLM\System\CS2\Services\Tcpip\..\{498C630D-9BA

D-44DA-BBE0-034289F6E3CB}: NameServer =

68.87.76.178,68.87.78.130
O20 - Winlogon Notify: cryptnet32 -

C:\WINNT\SYSTEM32\cryptnet32.dll
O23 - Service: Ad-Aware 2007 Service

(aawservice) - Lavasoft AB - C:\Program

Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner

- C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT

s.r.o. - C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer,

Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NICSer_WPC54G - Unknown owner -

C:\Program Files\Linksys\Wireless-G Notebook

Adapter\NICServ.exe

--
End of file - 6335 bytes
  • 0

#30
kahdah
Posted 22 November 2007 - 08:34 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please submit the following file to one of these online file scanners.
(All you have to do is copy and paste it in )

C:\WINNT\SYSTEM32\cryptnet32.dll

Jotti File Scan
VirusTotal File Scan
This will produce a report after the scan is complete, please copy and paste those results in your next post.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP