Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93112 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Video Activex Access

Started by wndy26 , Jun 27 2007 11:49 PM

  • This topic is locked This topic is locked
6 replies to this topic

#1 wndy26

wndy26

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 27 June 2007 - 11:49 PM

I am infected with Video ActiveX Access. I read that I needed to do Smitfraud and post a rapport.txt and hjt log. Here it is, what do I do next.

Thanks in advance!

SmitFraudFix v2.197

Scan done at 0:41:47.10, Thu 06/28/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Access\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly"

[HKEY_CLASSES_ROOT\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32]
@="C:\WINDOWS\system32\tczij.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32]
@="C:\WINDOWS\system32\tczij.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport
DNS Server Search Order: 204.127.203.135
DNS Server Search Order: 216.148.225.135

HKLM\SYSTEM\CCS\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS1\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS2\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





Logfile of HijackThis v1.99.1
Scan saved at 12:43:52 AM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\rundll32.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.yahoo....s...ferences?p=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanda's Internet Portal
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZJfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robbie's\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://fighterace.ketsujin.com
O15 - Trusted Zone: http://primary.ketsujin.com
O15 - Trusted Zone: http://update.ketsujin.com
O15 - Trusted Zone: http://www.ketsujin.com
O15 - Trusted Zone: *.listen.com
O15 - Trusted Zone: *.llnwd.net
O15 - Trusted Zone: http://www.myspace.com
O15 - Trusted Zone: rhapapp.real.com
O15 - Trusted Zone: http://*.real.com
O15 - Trusted Zone: http://www.stormofaces.com
O15 - Trusted Zone: *.west.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuche...ivex/web665.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\ALIENG~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - C:\Documents and Settings\Robbie's\Desktop\D2GS-110\D2GSSVC.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 28 June 2007 - 09:23 AM

Running the Clean

Warning: running option #2 on a non infected computer will remove your Desktop background.


Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little
    time.
  • Let the program scan your computer.
  • When the scan has finished, follow the instructions below:[list]
  • Make sure that Set all elements to: shows Quarantine
  • Important: Click on the Apply all Actions button (*** This must done before saving the report ***)
  • When the program has finished, it will display the message All actions have been applied.
  • Then click the Save Scan Report button.
  • Click the Save Report as button.
  • Save the report to your Desktop.
  • Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes.
  • Reboot in normal mode and copy the report back to this topic along with a new HijackThis log.

Please post:
1.c:\rapport.txt
2.AVG Anti-Spyware log
3.A new HijackThis log

Your may need several replies to post the requested logs, otherwise they might get cut off.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 wndy26

wndy26

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 28 June 2007 - 10:59 PM

Here is Rapport.txt - will follow with two other posts to include the other reports. Thanks so much! SmitFraudFix v2.197 Scan done at 0:59:36.71, Thu 06/28/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly" [HKEY_CLASSES_ROOT\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32] @="C:\WINDOWS\system32\tczij.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32] @="C:\WINDOWS\system32\tczij.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\Video ActiveX Access\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

#4 wndy26

wndy26

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 28 June 2007 - 11:00 PM

AVG Spyware Scan Log: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 4:54:02 AM 6/28/2007 + Scan result: C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244743.dll -> Adware.Agent : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244720.exe -> Downloader.Zlob.bvp : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244721.exe -> Downloader.Zlob.bvp : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244722.exe -> Downloader.Zlob.bvp : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP822\A0243812.dll -> Hijacker.Agent.jw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Dark Lord's Hacking.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Gzn Gunz Trainer V.12.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.171\TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.171\Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.171\XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.640\TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.640\Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.640\XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Dark Lord's Hacking.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Gzn Gunz Trainer V.12.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\RECYCLER\S-1-5-21-4165618130-79490045-818695748-1009\Dc1.zip/Chrissiboi's H4XZ0R 2.0.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\RECYCLER\S-1-5-21-4165618130-79490045-818695748-1009\Dc2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\WINDOWS\system32\drivers\MSTEE2k.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.21 : Cleaned. C:\WINDOWS\system32\drivers\beepex.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.30 : Cleaned. C:\WINDOWS\system32\drivers\usbnt.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.30 : Cleaned. :mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@com[1].txt -> TrackingCookie.Com : Cleaned. :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@real[2].txt -> TrackingCookie.Real : Cleaned. :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@revsci[1].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/DRGunzHacker.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Hellsings trainer.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\Hellsings trainer.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/DRGunzHacker.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Hellsings trainer.exe -> Trojan.Delf.bcg : Cleaned. ::Report end

#5 wndy26

wndy26

    Authentic Member

  • Authentic Member
  • PipPip
  • 68 posts

Posted 28 June 2007 - 11:01 PM

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 5:04:28 AM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\HijackThis\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft....k/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robbie's\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct2_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...C_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuche...ivex/web665.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload....GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.re...lbar/lexico.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\ALIENG~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - C:\Documents and Settings\Robbie's\Desktop\D2GS-110\D2GSSVC.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 29 June 2007 - 06:22 AM

You can remove any programs / Tools I had you install. Use Add/Remove Programs to remove if listed there otherwise just delete them and empty recycle bin.

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.



If you dont have any programs like these, I would recommend that you get them.
Spywareblaster,
Spywareguard.


Also get a FREE FIREWALL and FREE ANTI VIRUS if you need one.

Only run one Anti-Virus and Firewall program.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Do not use Ad-aware if you have McAfee's VirusScan and AntiSpyware


Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 30 June 2007 - 05:20 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·