WE'RE SURE THAT YOU'LL LOVE US!
Hey there! 
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.
Try What the Tech -- It's free!
Programs not working, always freezing, firefox crashing...
Started by
crz1o13o4
, Feb 20 2007 08:15 PM
-
This topic is locked
21 replies to this topic
#1
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 20 February 2007 - 08:15 PM
Register to Remove
#2
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 21 February 2007 - 09:11 PM
Logfile of HijackThis v1.99.1
Scan saved at 10:11:23 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\Program Files\Corel\Corel Paint Shop Pro Photo XI\Corel Paint Shop Pro Photo.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
#3
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 25 February 2007 - 08:10 PM
crz1o13o4
Welcome to Tom Coyote . Sorry about the delay in responding but we are as most times just overwhelmed with logs.
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Welcome to Tom Coyote . Sorry about the delay in responding but we are as most times just overwhelmed with logs.
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#4
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 25 February 2007 - 11:14 PM
SmitFraudFix v2.144
Scan done at 0:13:01.96, Mon 02/26/2007
Run from
C:\Documents and Settings\JoHn & RiA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOHN
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
#5
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 25 February 2007 - 11:18 PM
Also I have Spybot Search and Destroy and NOD32. But I wanted to know which programs you recommend
#6
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 26 February 2007 - 05:48 AM
crz1o13o4
When we are done cleaning the infection off of you computer I will give you a list of free programs to install, right now we need to get rid of the Smitfraud Infection.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.
Boot your computer into Safemode
Clean out your Temporary Internet files. Proceed like this:
Reboot normally.
Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O4 - Startup: .protected
O4 - Global Startup: .protected
Run this system cleaner.
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner
This is what I need.
1. Smitfraud Log
2. AVG Log
3. New HJT log
When we are done cleaning the infection off of you computer I will give you a list of free programs to install, right now we need to get rid of the Smitfraud Infection.
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Download and install the 30 day trial of AVG Anti-Spyware 7.5 to your desktop.
- Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
- Once the setup is complete you will need run Ewido and update the definition files.
- On the main screen select the icon Update then select the Update now link.
- Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
- Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
- Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
- Under Reports
- Select Automatically generate report after every scan
- Un-Select Only if threats were found
- Close AVG Anti-Spyware 7.5 <-- Do not run the scan yet.
Boot your computer into Safemode
- Go to Start> Shut Off your Computer> Restart
- As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly.
- This will bring up a menu.
- Use the Up and Down Arrow Keys to scroll up to SAFEMODE
- Then press the Enter on your Keyboard
- Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
- Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
- You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
- The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
- The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart into normal Windows.
- A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
Clean out your Temporary Internet files. Proceed like this:
- Quit Internet Explorer and quit any instances of Windows Explorer.
- Click Start> Control Panel and then double-click Internet Options.
- On the General tab, click Delete Files under Temporary Internet Files.
- In the Delete Files dialog box, tick the Delete Offline content check box , and then click OK.
- On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
- Click on the Programs tab then click the Reset Web Settings button.
- Click Apply then OK.
- Launch AVG Anti-Spyware 7.5 by double-clicking the icon on your desktop.
- Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
- AVG will now begin the scanning process, be patient this may take a little time.
- Once the scan is complete do the following:
- If you have any infections you will prompted, then select Apply all actions
- Next select the Reports icon at the top.
- Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
- make sure to remember where you saved that file, this is important
- Close AVG Anti-Spyware 7.5
Reboot normally.
- Open the SmitfraudFix folder and double-click smitfraudfix.cmd
- Select option #3 - Delete Trusted zone by typing 3 and press Enter
- Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.
Open HijackThis > Do a System Scan Only, close your browser and all open windows, the only program or window you should have open is HijackThis, check the following entries and click on Fix Checked.
O4 - Startup: .protected
O4 - Global Startup: .protected
Run this system cleaner.
If you don't want the Yahoo Toolbar, be sure to uncheck it during installation
Download and Install CCleaner
* Click on Run Cleaner
* Run the Issues Scan < -- After it scans your system, when you click on the Fix button and it asks you to backup the Registry..Say Yes
Tutorial for CCleaner
This is what I need.
1. Smitfraud Log
2. AVG Log
3. New HJT log
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#7
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 26 February 2007 - 10:09 PM
I am running into a little bit of trouble... I did everything up to here
# Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
I did this fine
# Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
This was also done without a problem
# You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
here is where I am getting stuck, after i press enter to delete infected files, the screen always goes blank, and i am never offered the registry cleaner option
#8
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 27 February 2007 - 05:37 AM
here is where I am getting stuck, after i press enter to delete infected files, the screen always goes blank, and i am never offered the registry cleaner option
Just bypass this for the moment and proceed with the rest of the fix.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#9
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 27 February 2007 - 10:07 PM
A few issues that I ran into were that I was never able to complete the smitfraudfix (option 2 in safe mode) which was previously mentioned. Also I was not able to fix "O4 - Startup: .protected" because i tried numerous times and it said it may be in use. I opened task manager and ended all the processes that I could, but still did not work. The logs that I do have are here though
Smitfraud Log
SmitFraudFix v2.144
Scan done at 23:02:49.39, Mon 02/26/2007
Run from
C:\Documents and Settings\JoHn & RiA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
AVG Log
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 10:32:32 PM 2/27/2007
+ Scan result:
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP157\A0070548.exe -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070597.dll -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070598.exe -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070599.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070600.exe -> Adware.Softomate : Cleaned.
C:\WINDOWS\Temp\b122.exe -> Adware.Softomate : Cleaned.
C:\Documents and Settings\JoHn & RiA\Local Settings\Temp\__uia__.exe -> Adware.Udefender : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0071458.exe -> Downloader.Agent.bca : Cleaned.
C:\WINDOWS\Temp\win1329.tmp.exe -> Downloader.Agent.bdr : Cleaned.
C:\WINDOWS\Temp\win12E4.tmp.exe -> Downloader.Agent.bgn : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP157\A0070550.exe -> Downloader.PurityScan.dc : Cleaned.
C:\WINDOWS\Temp\win12BD.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP166\A0074910.exe -> Downloader.PurityScan.dt : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070609.exe -> Downloader.Tiny.fk : Cleaned.
C:\WINDOWS\Temp\win12CD.tmp.exe -> Downloader.Tiny.fk : Cleaned.
C:\WINDOWS\system32\ishost.exe_tobedeleted -> Downloader.Zlob.ape : Cleaned.
C:\Documents and Settings\JoHn & RiA\Local Settings\Temp\winB3CB.tmp.exe -> Downloader.Zlob.apf : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070558.exe -> Logger.Agent.or : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070601.exe -> Logger.Agent.or : Cleaned.
C:\WINDOWS\Temp\win1320.tmp.exe -> Logger.Agent.or : Cleaned.
C:\WINDOWS\system32\urroxtl.dll_tobedeleted -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
:mozilla.121:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.71:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.72:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.73:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.74:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.75:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.76:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.31:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.37:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.38:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.39:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.100:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.96:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.97:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.99:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.78:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.67:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.15:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.92:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.93:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.94:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.66:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.79:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.80:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.81:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.82:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.83:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.16:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.51:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.52:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\JoHn & RiA\Application Data\Mozilla\Firefox\Profiles\ut875668.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\JoHn & RiA\Local Settings\Temp\mst278C.tmp -> Trojan.Agent.vg : Cleaned.
C:\Documents and Settings\JoHn & RiA\Local Settings\Temp\mst278F.tmp -> Trojan.Agent.vg : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0071459.dll -> Trojan.Agent.vg : Cleaned.
C:\System Volume Information\_restore{1ADD3870-5481-4F82-8AAC-AF37E8DABA11}\RP158\A0070602.exe -> Trojan.Small : Cleaned.
::Report end
New HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 10:55:10 PM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
#10
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 February 2007 - 05:52 AM
You can open AVG and go to the Quarantine folder and uninstall it all, nothing in there you want to keep on your system.
This is related to the Smitfraud infection. First fix it with HJT.
O4 - Startup: .protected
Then run Smitfraud fix Option 2 in normal windows if it won't run in safemode.
Run this other great cleaner.
Please download ATF Cleaner by Atribune.
Let me see the Smitfraud log and a New HJT log please.
This is related to the Smitfraud infection. First fix it with HJT.
O4 - Startup: .protected
Then run Smitfraud fix Option 2 in normal windows if it won't run in safemode.
Run this other great cleaner.
Please download ATF Cleaner by Atribune.
- This program is for XP and Windows 2000 only
- Double-click ATF-Cleaner.exe to run the program.
- Under Main choose: Select All
- Click the Empty Selected button.
Let me see the Smitfraud log and a New HJT log please.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
Register to Remove
#11
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 28 February 2007 - 08:07 PM
I opened AVG and the quarantine folder is empty. I opened HJT and tried to check O4 - Startup: .protected but it still will not let me (saying the program may be in use) and Smitfraud fix is still not completing... after a certain point, the screen goes blank (besides wallpaper) and never does anything elsae after that. I also used the ATF cleaner which worked fine.
SmitFraudFix v2.144
Scan done at 20:56:55.29, Wed 02/28/2007
Run from
C:\Documents and Settings\JoHn & RiA\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
Logfile of HijackThis v1.99.1
Scan saved at 8:56:02 PM, on 2/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Edited by crz1o13o4, 28 February 2007 - 08:08 PM.
#12
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 February 2007 - 08:25 PM
Try removing that entry in Safemode.
O4 - Startup: .protected
O4 - Startup: .protected
- Open HJT
- Then open the Misc Tools section
- click on Generate a Startup List Log,
- Don't check the 2 boxes just yet.
- Post the log into this thread
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#13
crz1o13o4
-
- Authentic Member
-
- 11 posts
New Member
Posted 28 February 2007 - 08:42 PM
StartupList report, 2/28/2007, 9:36:58 PM
StartupList version: 1.52.2
Started from : C:\Program Files\Hijack This\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\JoHn & RiA\Start Menu\Programs\Startup]
.protected
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
D_V_T = C:\\dvt.exe /S \C:\\d_v_t.reg\
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05 = C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPHmon05 = C:\WINDOWS\system32\hphmon05.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
FRU Task #Hewlett-Packard#hp psc 1200 series#1157981268.job
HP Usg Daily.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 4,336 bytes
Report generated in 0.125 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList version: 1.52.2
Started from : C:\Program Files\Hijack This\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack This\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\Documents and Settings\JoHn & RiA\Start Menu\Programs\Startup]
.protected
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP = C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SoundMAX = "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
D_V_T = C:\\dvt.exe /S \C:\\d_v_t.reg\
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
HPDJ Taskbar Utility = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
HPHUPD05 = C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
HP Component Manager = "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
HPHmon05 = C:\WINDOWS\system32\hphmon05.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\logon.scr
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
--------------------------------------------------
Enumerating Task Scheduler jobs:
AppleSoftwareUpdate.job
FRU Task #Hewlett-Packard#hp psc 1200 series#1157981268.job
HP Usg Daily.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
--------------------------------------------------
End of report, 4,336 bytes
Report generated in 0.125 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
#14
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 28 February 2007 - 09:13 PM
O4 - Startup: .protected <-- needs to go. I have removed this on many posts and don't know why yours wont go.
Try disabling AVG anti spyware. Open the program and look for the Background Guard feature and disable it.
Go to where you have the Smitfraud fix icon on your desktop and delete it and do a fresh download.
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.
After disableing the background guard in AVG, try removing that entry with HJT on both Normal and Safemode, do another scan with Smitfraud in both Normal and Safemode. If and when the screen goes blank, let it be for a while, sometimes it takes awhile for it to complete.
Post the report if you can and a new HJT log.
Try disabling AVG anti spyware. Open the program and look for the Background Guard feature and disable it.
Go to where you have the Smitfraud fix icon on your desktop and delete it and do a fresh download.
Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.
After disableing the background guard in AVG, try removing that entry with HJT on both Normal and Safemode, do another scan with Smitfraud in both Normal and Safemode. If and when the screen goes blank, let it be for a while, sometimes it takes awhile for it to complete.
Post the report if you can and a new HJT log.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
#15
ken545
-
- Retired Classroom Teacher
-
- 23,225 posts
Forum God
- Interests:Fighting Malware and cooking some great Italian and TexMex food
-
Posted 01 March 2007 - 05:56 AM
Try this.
Click Start> Run and type msconfig into the run box and press the enter key.
Click the Startup tab and look for and untick anything that says protected.
Click Apply > Ok
You will be prompted to reboot your system.
After your system has rebooted, you will see a window that says you have used msconfig to make changes etc. Tick the little box that says not to run msconfig the next time you start your computer and click ok.
Then if you can proceed with removing that entry and running Option 2 for Smitfraud.
There is a newer version of Smitfraud here if the one I posted still won't work.
http://siri.geekstog...mitfraudFix.php
Ken
Click Start> Run and type msconfig into the run box and press the enter key.
Click the Startup tab and look for and untick anything that says protected.
Click Apply > Ok
You will be prompted to reboot your system.
After your system has rebooted, you will see a window that says you have used msconfig to make changes etc. Tick the little box that says not to run msconfig the next time you start your computer and click ok.
Then if you can proceed with removing that entry and running Option 2 for Smitfraud.
There is a newer version of Smitfraud here if the one I posted still won't work.
http://siri.geekstog...mitfraudFix.php
Ken
Edited by ken545, 01 March 2007 - 06:29 AM.
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
Find us on Facebook
Please LIKE and SHARE
Just a reminder that threads will be closed if no reply in 3 days.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
