i've deffinitl got a virus :(
 

last night got a pop up saying "update media player" and, as some of you might know, i've not been able to use the normal windows media player so, being the trusting foolthat i am, i clicked the link, downloaded the file. made sure it wasn't virused up and then ran it
and after that all my problems started
i get constant pop ups of nekid women with their bits showing, constant pop ups saying "you must instal this antivirus thing to get rid of this virus" but like hell am i going to download something else that i've nenver heard of
and it's all this winalmvirus and virusblaster6.2 stuff

so, using the agv stuff and both adawre and some serch and destroy type spyware removal tools, i STILL can't get rid of the things
the messeage at the bottom of the screen comes up with a round bomb and this keeps switching to a question mark, and if you hover over it it says "critical error has occoured"

and all the popups for the security downloads say the same thing about getting a trojan 32 virus, does that mean anything to anyone?

so, what have i got?
and how do i get rid of it?

i'm on the works pc at the moment as the one at hme is sitting there unpluged from the rest of the wrold and i have already sent emails to all those people who egt them regulalary from me to tell them not to open any mail from that account just in case it's the virus spreading itself

help!!!!!!!!!!!!!!!!!!!

Check your add/remove programs for any entries you don't recognise and remove them. Do this in Safe Mode.

Load up Task Manager and see what processes are running and kill them, see if they come back automatically. If so, make a note of them, search the web (on another PC) and look for cleaning instructions.

Do this first and then post the results and the filename, maybe we can get rid of the little bugger.

Cheers

Matt

cheers for the info :top: but what is safe mode?
is that where you start teh computer and press f1 or something while it's booting up?

i'm off home now so i will try and get some sort of connection going there

cheers :top: :top: :top:

Yeah thats good advice above, also after doing that go onto Trendmicro website and do there online scan, it might take 10-15mins but trust me it DOES work because ive used it myself and its free :top:

EDIT: for safe mode i think its f4, press that constantly when you turn it on and you will catch it before it boots up normally :top:

http://housecall.trendmicro.com/ ;)

It's F8, normally...

Hmmm im pretty sure mine was f4, but we'll see who right when he does it :? :cry:

right then, a few screen shots of what keeps popping up

https://img.photobucket.com/albums/v25/dojj1/virus1.jpg
https://img.photobucket.com/albums/v25/dojj1/virus2.jpg
https://img.photobucket.com/albums/v25/dojj1/virus3.jpg
https://img.photobucket.com/albums/v25/dojj1/virus4.jpg
https://img.photobucket.com/albums/v25/dojj1/virus5.jpg
https://img.photobucket.com/albums/v25/dojj1/virus6.jpg

does that make any sense?
the one i'm most intrested in fooking off is the little question mark/bomb cross in the screen at the bottom, which is the first thing to happen when i start up

and i can't seem to work out what to do about the start up thing :(

never seen any of those windows alerts saying "system performance slowed down by........." etc, but then i guess thats because my pc hasnt been f'd up like that :? :cry:

Hmmm so did that site actually do anything then? your screenshot shows theres a virus but you didnt post a shot of anything positive?

Maybe another option is system restore to restore it back to the day when you didnt have this shit happening? maybe not work but worth a shot :top:

If you do all of this and its still the same you might not have a choice but to reformat and start a fresh! do you have anything that you couldnt replace on this machine?

Oh and by the way, click on start bar> all programmes> windows update, and then scan to see if you need any updates since your getting messages telling you that your not up to date :?

Im actually surprised you can get on the net and post on here to be honest!

it found 18 differnt things wrong with the machine

these is one it could not get rid of

TROJ_RENOS.IS

and it says its in location

C:\WINDOWS\system32\tazth.dll

so does this mean i just go there and delete this file and everything will be back to normal?

the pop ups still pop up all the time and it hasn't got rid of them 2 windows at the bottom of the task bar :(

now it's asking me to download an antivermins program

anyone heard of this?

http://www.antivermins.com/?aff=11017

nah i wouldn't bother with anything it keeps referring you to, anyway most the programmes it wants you to download you probably have to pay for :roll:

Try system restore, if that doesnt work then write down that file name and location, boot into safe mode and try to delete it

i'm running that trend thing again to see if it will do somethng else

if not i'll restart and press the buttons repeatedly until something happens

thanks for all your help :)

I hope your joking :? :cry:

Do what i said above, its worth a try

i was on about either pressing f4 or f8 as both seem to kick start the safe mode in start up :DD:

but i've got another 55 minutes worth of the other programme running before i can do that
only one thing left to delete as it seemed to get rid of the other 18, only one stubborn little bugger left

i've backed up all my data only a few days ago so everything else is surplus to reuirements or i can get it put on again so i'm not worried
it's just trying to put it all back on again thats the daunting part (but my brother is into this sort of stuff so i might get him to do it over the weekend :)

well if theres only one thing left then thats not bad going, but as you say your not finished with it yet :top:

Let us know how it goes

the results are in
and this is the link just in case anyone else has the same problem

http://www.bleepingcomputer.com/foru...hp/t58031.html

took all of about 15 minutes once my brother came home and sat down in front of the computer so big up to him :top: :top: :top:

but thanks to you guys first for all the help :clap: :clap: :clap: i was bricking it that i had fucked up completely and utterly :top: :top: :top:

and the cause of the problem? the little window that popped up and innocently said "update wmp" all normal like what microsoft does

little bastards :wall: :wall: :wall:

glad its sorted :top:

By the way if media player has any updates it wont just randomly pop up in the middle of your screen anyway, i find out when and if theres newer versions by the other pc forums i use and this site filehippo.com, it basically has all free software and tells you when the new ones are out :top:

:top: but i'm going to not be downloading anything unles i can blame someone sitting next to me for doing it :)

and i think the media player problem is from when my baby was bashing the keyboard while i was showing him some cartoons, it never worked afer that so i can deffinitly blame him for screwing that up :)

cheers for the help though, i'll check out that file hippo and then get asking quesiotns :)

I've got the exact same virus on mine :wall: :wall:

I've used the link that you've provided (dojj) & it downloaded stopzilla, is that what your using now?

The virus has shut down my norton anti virus :eek: :cry: :cry:

The pc keep's freezing etc etc :(

Please help!!

i'm not sure what my brother did exactly, but it was a bit of finding out what was going wrong, then a bit about starting it in safe mode
then a bit about doing a chekc in safe mode where you wern't supposed to do anythng until the compuer said to do something
and the a restart
unfortunatly we are off to see borat in about 3 minutes but i'm going to ask him to sit down and expalin things if no one else can asnwer it for you

if any of them look like this

http://siri.urz.free.fr/Fix/ScreenShot.php

don't download!!!!!!!!!

all i can say is that the page seems to have been updated since i posted it up

i'll ask my brother to point you in the right direction, but i do know it was listed on the beeping computer site as how to get rid of it and the log file that is listed is the same one that i got on mine

AJ - can you remember the date of when it went wrong? If so, go to the System Restore fucntion (in START>ALL PROGRAMMES > ACCESSORIES > SYSTEM TOOLS or something like that) and restore to the day BEFORE it went wrong.....

hang on, i'llpost the info i've got, it's like a little instruction manual that you've got to save to notepad so you can open it in safe mode or something

i'll post the whole lot up and then you can follow the instructions :)

BleepingComputer.com RulesDonate
BlogsChat HelpSearchMembers RSS

[X]My AssistantLoading. Please Wait...

Welcome Guest ( Log In | Create a free account )

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. Once registered, simply click on the category that fits your question and click on the New Topic button to start talking with our other members. If you consider yourself a techie, then feel free to help out some of the other members by answering their questions! Registration is fast, simple and absolutely free.
Click here to Register!


Have a problem and would like to ask us for help? To learn how to ask your question Click Here!
Do you have popups or other malware infecting your computer? If so, Start Here!
BleepingComputer.com > Security > HijackThis Logs and Analysis


Forum Guidelines
Read this topic before posting a log.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Kaspersky Anti-Virus 6.0 - Rated #1 in the detection of new malware!

Critical System Error!, Critical System Error! Options

Track this topic
Email this topic
Print this topic
Download this topic
Subscribe to this forum
Display Modes
Switch to: Outline
Standard
Switch to: Linear+ Abba Cohen Oct 16 2006, 06:43 PM Post #1


New Member


Group: Members
Posts: 4
Joined: 16-October 06
Member No.: 90530



Can anyone help me solve the problem.

Here is my hijeckthis log

Logfile of HijackThis v1.99.1
Scan saved at 7:36:15 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\MMediaCodec\pmmon.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\Program Files\Common Files\AOL\1132700353\ee\AOLSoftware.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\UltraDVD\DVDMon.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msc\mcshell.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SiteAdvisor\4144\SiteAdv.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\YTBSDK.e xe
C:\Documents and Settings\User 1\My Documents\My Downloads\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Protection Bar - {44d22a64-2399-4edf-8b32-f2c729c1e8a7} - C:\Program Files\MMediaCodec\iesplugin.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132700353\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [0026951161036559mcinstcleanup] C:\DOCUME~1\USER1~1\LOCALS~1\Temp\002695~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\Go ogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [UltraDVDMon] C:\Program Files\UltraDVD\DVDMon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: UPS WorldShip PLD Reminder Utility.lnk = C:\UPS\UOWS\PldReminder.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - https://objects.aol.com/mcafee/molbi...3/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/228c193f...p/RdxIE601.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - https://objects.aol.com/mcafee/molbi...20/McGDMgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{09046C13-0433-4A7F-9544-B6A9CEEE6137}: NameServer = 209.73.196.8,209.73.196.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{09046C13-0433-4A7F-9544-B6A9CEEE6137}: NameServer = 209.73.196.8,209.73.196.9
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\system32\dpfwu.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\CompuPicPro\ScsiAccess.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe





Full Edit
Quick Edit
Cretemonster Oct 17 2006, 04:56 AM Post #2


Forum Addict


Group: HJT Team
Posts: 2405
Joined: 20-January 05
From: Marietta,GA
Member No.: 10110



Hi Abba Cohen and Welcome to the Bleeping Computer!


Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consultin...rocessutil.htm




--------------------

If my post have helped you please consider making a donation for the fight against Malware!



So how did I get infected in the first place?

Browser Hijacking & How to Stop It!

What are Hackers looking for on your PC?


Can you please tell me what happened? You did delete that one, didn't you?



Full Edit
Quick Edit
Abba Cohen Oct 18 2006, 02:05 PM Post #3


New Member


Group: Members
Posts: 4
Joined: 16-October 06
Member No.: 90530



SmitFraudFix v2.110

Scan done at 15:02:05.73, Wed 10/18/2006
Run from C:\Documents and Settings\User 1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User 1\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\USER1~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\MMediaCodec\ FOUND !
C:\Program Files\VirusBurster\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





Full Edit
Quick Edit
Cretemonster Oct 18 2006, 03:38 PM Post #4


Forum Addict


Group: HJT Team
Posts: 2405
Joined: 20-January 05
From: Marietta,GA
Member No.: 10110



You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.


After posting C:\rapport.txt,Please download Combofix to your desktop.
http://download.bleepingcomputer.com/sUBs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.


--------------------

If my post have helped you please consider making a donation for the fight against Malware!



So how did I get infected in the first place?

Browser Hijacking & How to Stop It!

What are Hackers looking for on your PC?


Can you please tell me what happened? You did delete that one, didn't you?



Full Edit
Quick Edit
Abba Cohen Today, 09:58 AM Post #5


New Member


Group: Members
Posts: 4
Joined: 16-October 06
Member No.: 90530



SmitFraudFix v2.110

Scan done at 10:36:06.81, Tue 10/24/2006
Run from C:\Documents and Settings\User 1\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{dfa61db1-388e-4c87-8d56-540fa229bcb4}"="contrabandists"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Program Files\MMediaCodec\ Deleted
C:\Program Files\VirusBurster\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



User 1 - 06-10-24 10:54:05.79 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\User 1\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bszip.dll


((((((((((((((((((((((((((((((( Files Created from 2006-09-24 to 2006-10-24 ))))))))))))))))))))))))))))))))))


2006-10-18 12:59 778,656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-18 12:59 4,288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-18 12:59 27,904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-18 12:59 23,104 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-10-17 14:46 87,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2006-10-17 14:46 107,696 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-10-16 18:09 37,832 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2006-10-16 18:09 31,752 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2006-10-16 18:09 104,536 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2006-10-16 17:38 84,744 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2006-10-16 17:38 41,888 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2006-10-16 17:38 33,928 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2006-10-16 17:38 162,504 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2006-10-12 17:00 223,128 --a------ C:\WINDOWS\system32\drivers\vaxscsi.sys
2006-10-12 15:34 339,968 --a------ C:\WINDOWS\system32\cdintf.dll
2006-10-05 15:22 96,256 --a------ C:\WINDOWS\system32\drivers\sptd1965.sys
2006-10-05 15:22 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )))


2006-10-24 10:50 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-24 10:50 -------- d-------- C:\Documents and Settings\User 1\Application Data\Skype
2006-10-18 13:00 -------- d-------- C:\Documents and Settings\User 1\Application Data\AVG7
2006-10-18 12:59 -------- d-------- C:\Program Files\Grisoft
2006-10-17 14:50 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-17 14:47 -------- d-------- C:\Program Files\Symantec
2006-10-17 14:44 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-17 14:44 -------- d-------- C:\Program Files\Common Files
2006-10-17 14:43 -------- d-------- C:\Program Files\Lavasoft
2006-10-17 14:43 -------- d-------- C:\Documents and Settings\User 1\Application Data\Lavasoft
2006-10-16 18:22 -------- d-------- C:\Program Files\SiteAdvisor
2006-10-16 18:14 -------- d-------- C:\Documents and Settings\User 1\Application Data\SiteAdvisor
2006-10-16 18:10 -------- d-------- C:\Program Files\McAfee
2006-10-16 18:09 -------- d-------- C:\Program Files\Common Files\McAfee
2006-10-16 18:08 -------- d-------- C:\Program Files\McAfee.com
2006-10-16 17:32 -------- d-------- C:\Program Files\Viewpoint
2006-10-16 12:24 -------- d---s---- C:\Documents and Settings\User 1\Application Data\Microsoft
2006-10-12 17:00 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-12 16:53 -------- d-------- C:\Documents and Settings\User 1\Application Data\Adobe
2006-10-12 15:32 -------- d-------- C:\Program Files\Common Files\AnswerWorks 4.0
2006-10-12 15:31 -------- d-------- C:\Program Files\Intuit
2006-10-12 15:31 -------- d-------- C:\Program Files\Common Files\Intuit
2006-10-11 13:19 -------- d-------- C:\Program Files\Internet Explorer
2006-10-05 15:04 28400 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-10-05 15:00 -------- d-------- C:\Program Files\ResponsaCD10
2006-10-03 11:09 -------- d-------- C:\Program Files\MSN Messenger
2006-09-29 09:48 -------- d-------- C:\Program Files\Yahoo!
2006-09-29 09:16 -------- d-------- C:\Program Files\Google
2006-09-19 16:12 -------- d-------- C:\Documents and Settings\User 1\Application Data\Canon
2006-09-14 17:04 -------- d-------- C:\Program Files\Windows Media Player
2006-09-14 16:51 -------- d-------- C:\Program Files\MsnMusic
2006-09-14 10:50 -------- d-------- C:\Program Files\MathType
2006-09-14 10:49 -------- d-------- C:\Program Files\Word Code Cleaner
2006-09-14 10:48 -------- d-------- C:\Program Files\ASAP Utilities
2006-09-14 10:48 -------- d-------- C:\Program Files\AppsPro
2006-09-14 10:43 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-09-14 10:42 -------- d-------- C:\Program Files\Microsoft Office
2006-09-14 10:42 -------- d-------- C:\Program Files\Common Files\System
2006-09-13 15:04 -------- d-------- C:\Program Files\Microsoft.NET
2006-09-13 09:57 -------- d-------- C:\Documents and Settings\User 1\Application Data\AdobeUM
2006-09-13 09:45 -------- d-------- C:\Documents and Settings\User 1\Application Data\Real
2006-09-13 09:43 -------- d-------- C:\Program Files\Common Files\xing shared
2006-09-13 09:43 -------- d-------- C:\Program Files\Common Files\Real
2006-09-13 01:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 17:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-12 16:54 -------- d-------- C:\Program Files\Driver Installation Tools 2.01
2006-09-12 14:43 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-12 14:43 -------- d-------- C:\Program Files\Macromedia
2006-09-12 14:43 -------- d-------- C:\Program Files\Common Files\Vbox
2006-09-12 14:43 -------- d-------- C:\Program Files\Common Files\Macromedia
2006-09-12 14:43 -------- d-------- C:\Program Files\Bradbury
2006-09-12 14:11 -------- d-------- C:\Program Files\Analog Devices
2006-09-12 13:55 -------- d-------- C:\Documents and Settings\User 1\Application Data\Google
2006-09-12 13:18 -------- d-------- C:\Program Files\Skype
2006-09-12 10:17 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-12 10:16 -------- d-------- C:\Program Files\Adobe
2006-09-11 10:59 -------- d-------- C:\Program Files\Common Files\AOL
2006-09-11 10:59 -------- d-------- C:\Program Files\AOL
2006-09-11 10:59 -------- d-------- C:\Program Files\AOD
2006-08-31 15:07 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-08-31 14:25 -------- d-------- C:\Documents and Settings\User 1\Application Data\ArcSoft
2006-08-30 13:30 -------- d-------- C:\Program Files\SanDisk
2006-08-29 12:45 -------- d-------- C:\Program Files\Common Files\ACD Systems
2006-08-29 11:41 -------- d-------- C:\Documents and Settings\User 1\Application Data\Nikon
2006-08-29 11:37 -------- d-------- C:\Program Files\Common Files\Nikon
2006-08-25 11:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 07:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run]
"McAfee Managed Services Tray"="\"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myagttry.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc. exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw. exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw. exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\polic ies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Acrobat Assistant 7.0"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1 \\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SanDisk\\SANDIS~1\\SDMONI ~1.EXE -r"
"item"="Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk"
"backup"="C:\\WINDOWS\\pss\\QuickBooks Update Agent.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Intuit\\QUICKB~ 1\\QBUpdate\\qbupdate.exe "
"item"="QuickBooks Update Agent"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\UPS WorldShip PLD Reminder Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\UPS WorldShip PLD Reminder Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\UPS\\UOWS\\PLDREM~1.EXE "
"item"="UPS WorldShip PLD Reminder Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\0026951161036559mcinstcl eanup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="cleanup"
"hkey"="HKLM"
"command"="C:\\DOCUME~1\\USER1~1\\LOCALS~1\\Temp\\ 002695~1.EXE C:\\PROGRA~1\\COMMON~1\\McAfee\\INSTAL~1\\cleanup. ini -cleanup -nolog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AOLLaunch"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLPSP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="DLPSP"
"hkey"="HKLM"
"command"="\"c:\\program files\\dell printers\\Additional Color Laser Software\\Status Monitor\\DLPSP.EXE\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AOLSoftware"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\1132700353\\ee\\AOLSoftware.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\igfxtray.exe "
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MVS Splash]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="Splash"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\Splash.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="OpwareSE2"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="smax4pnp"
"hkey"="HKLM"
"command"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_05\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersio n\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Acrobat\\AdobeUpdateManager.exe AcPro7_0_5 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\safeboot\minimal\MCODS

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

Completion time: 06-10-24 10:55:15.31
C:\ComboFix.txt ... 06-10-24 10:55




Full Edit
Quick Edit
Abba Cohen Today, 10:01 AM Post #6


New Member


Group: Members
Posts: 4
Joined: 16-October 06
Member No.: 90530



Thanks for your help and guidens.

Please help me with another problem. My internet stoped working since I ran the hijackreport before I actually posted this thred. Actually not completely. My Skype is still working but all other internet programs are not working. ie Internet Explorer, Messenger, AIM, Outlook. Thats very strange I hope you would have an answer for that too.

Thanks!!!



Full Edit
Quick Edit
« Next Oldest · HijackThis Logs and Analysis · Next Newest »



1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:





Forum Home Search Help Operating Systems |-- Windows 95/98/ME |-- Windows XP Home and Professional |-- Windows NT/2000/2003 |-- Windows Vista Beta |-- Linux & Unix |---- Live Linux |-- Apple/DOS/PDA/Other Software and Hardware |-- Business Applications |-- Games |-- All other Applications |-- Hardware |-- Tips and Tricks |-- Graphics Design and Photo Editing |-- Audio and Video |-- Programming Internet & Networking |-- Web Browsing/Email and Other Internet Applications |-- Networking |-- Web Site Development Security |-- AntiVirus, Firewall and Privacy Products and Protection Methods |-- Windows Defender |-- Am I infected? What do I do? |-- Breaking Virus & Security News |-- Security Updates |-- HijackThis Logs and Analysis |-- Spyware and Malware Removal Guides and Reading Room Bleeping Computer Applications and Guides |-- Tutorials |-- Windows Startup Programs Database |-- Mini guides and how-tos - Simple answers to common questions |---- Audio and Video |---- Email |---- Images, Image Editing, Image Viewing |---- Internet Applications |---- Linux |---- Networking |---- Security |---- Web Browsers |---- Microsoft Windows |---- Programming and Web Design General Topics |-- General Chat |-- Introductions |-- New User Orientation |-- The Speak Easy |-- Forum Games and Bleeping Computer Arcade |-- News |-- Photo Albums and Images |-- Bleeping Computer Announcements, Comments, & Suggestions |-- Tests and Scribbles


Display Mode: Standard · Switch to: Linear+ · Switch to: Outline


Track this topic · Email this topic · Print this topic · Subscribe to this forum


Lo-Fi Version Time is now: 24th October 2006 - 01:12 PM



Advertise | About Us | Terms of Use | Privacy Policy | Contact Us | Support Bleeping Computer | Site Map | Chat | Tutorials | Uninstall List
Discussion Forums | The Computer Glossary | Resources | Spyware/HJ Detector | RSS Feeds | Startups | The File Database | Add Mozilla Sidebar


Game Forums for Gamers


Invision Power Board v2.1.7 © 2006 IPS, Inc.

and here are some screenshots of when it was going worng

https://i54.photobucket.com/albums/g...rus/virus1.jpg
https://i54.photobucket.com/albums/g...rus/virus2.jpg
https://i54.photobucket.com/albums/g...rus/virus3.jpg
https://i54.photobucket.com/albums/g...rus/virus4.jpg
https://i54.photobucket.com/albums/g...rus/virus5.jpg
https://i54.photobucket.com/albums/g...rus/virus6.jpg

hopefully that should help you out a little bit
anything more i can find while i'm huting about i'll post asap

http://www.winguides.com/forums/show...ded&sb=3&part=

here is another walk through that might help

but the 2 programs i needed to download to get rid of it were called smitfraudfix and combofix

if you can download both of them fine, if not, pm me your email addy and i'll send them over to you

Dojj - what the F is all that! :eek: :cry: :cry:

Thrush - i done a system restore the other day & it seem's to have sorted it out :top:

Thanks for all your help people :top: :clap:

All i need to do now is find out why the things running slow :wall:

i was shitting myself that i'd done something terminal
so my bro came in, tapped a few buttons and 15 minutes later it was fixed and i felt i owed him several thousand pounds :)

but it's all in a folder in case it happens again, then he only has to spend 3 minutes fixing it :top:

:top:

ive got it too,some fucking nober posted a,link up in the fiesta room and i clicked it, same thing, update your media player, fuck me, game over, i cant do restore as it wont let me, i cant get into firewalls, ive scaned and removed, removed programmes from add and remove, done what i can in safe mode and the fucker is still there, ive not had loads of pop ups come up but the redirections and that little blue thing with yellow cross is still there and pissing me off.
can you pm me the links please mate as im having probs with my hotmail dude to this, im really considering reformating, but i dont have a windows disc :(

smitfraudfix
combofix

them's the 2 downloads you need to get rid of it :top:

That system must run like a three legged dog .. :DD: :DD: :DD:

the list below are nastys and unrequired item,s you have running on your system resources which should be removed

The following are possible nastys :-

The following items do not NEED to be removed but you have no need for them to run all the time and use system resources :-

hope this helps :DD:

if anyone want to resolve a issue post a hijack this log and I will go through it