Video Activex Access

Computer forums for help with removing malicious software (malware) and improving computer security

Welcome Guest to What the Tech! ( Log In | Register ) We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

What the Tech > Spyware / Malware / Virus Removal > HijackThis™ Logs and Infections Removal

Video Activex Access, Need help with removal - see my HJT log and Rapport file in message

Options

wndy26 View Member Profile	Jun 27 2007, 11:49 PM Post #1
Authentic Member Group: Authentic Member Posts: 35 Joined: 30-May 05 Member No.: 33,441 Operating System: Windows XP Home Edition	I am infected with Video ActiveX Access. I read that I needed to do Smitfraud and post a rapport.txt and hjt log. Here it is, what do I do next. Thanks in advance! SmitFraudFix v2.197 Scan done at 0:41:47.10, Thu 06/28/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Ahead\InCD\InCD.exe C:\windows\system\hpsysdrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\rundll32.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND ! C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video ActiveX Access\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly" [HKEY_CLASSES_ROOT\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32] @="C:\WINDOWS\system32\tczij.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32] @="C:\WINDOWS\system32\tczij.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="wbsys.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: NVIDIA nForce MCP Networking Adapter - Packet Scheduler Miniport DNS Server Search Order: 204.127.203.135 DNS Server Search Order: 216.148.225.135 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Logfile of HijackThis v1.99.1 Scan saved at 12:43:52 AM, on 6/28/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Ahead\InCD\InCD.exe C:\windows\system\hpsysdrv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\rundll32.exe c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\HijackThis\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.yahoo.com/search/preferences...ferences%3Fp%3D R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanda's Internet Portal O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {CDE8EAB9-CEF3-4885-B12F-26960A25C800} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing) O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll O3 - Toolbar: Protection Bar - {DF4E7A0C-E233-4906-B4C1-A404356541FF} - C:\Program Files\Video ActiveX Access\iesbpl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...html?p=ZJfox000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robbie's\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://fighterace.ketsujin.com O15 - Trusted Zone: http://primary.ketsujin.com O15 - Trusted Zone: http://update.ketsujin.com O15 - Trusted Zone: http://www.ketsujin.com O15 - Trusted Zone: .listen.com O15 - Trusted Zone: .llnwd.net O15 - Trusted Zone: http://www.myspace.com O15 - Trusted Zone: rhapapp.real.com O15 - Trusted Zone: http://.real.com O15 - Trusted Zone: http://www.stormofaces.com O15 - Trusted Zone: .west.com O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\ALIENG~1\wbsrv.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - C:\Documents and Settings\Robbie's\Desktop\D2GS-110\D2GSSVC.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe (file missing)

LDTate View Member Profile	Jun 28 2007, 09:23 AM Post #2
Forum God Group: Root Admin Posts: 39,202 Joined: 23-September 04 From: Missouri, USA Member No.: 15,276	Running the Clean Warning: running option #2 on a non infected computer will remove your Desktop background. Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes. Reboot your computer in Safe Mode. If the computer is running, shut down Windows, and then turn off the power. Wait 30 seconds, and then turn the computer on. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again. Ensure that the Safe Mode option is selected. Press Enter. The computer then begins to start in Safe mode. Login on your usual account. ______________________________ Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. ______________________________ Clean out your Temporary Internet files. Proceed like this: Quit Internet Explorer and quit any instances of Windows Explorer. Click Start, click Control Panel, and then double-click Internet Options. On the General tab, click Delete Files under Temporary Internet Files. In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK. On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK. Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK. Click OK. Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok. Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin. ______________________________ Lauch AVG Anti-Spyware by double-clicking the icon on your desktop. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan". ewido will now begin the scanning process, be patient this may take a little time. Let the program scan your computer. When the scan has finished, follow the instructions below:[list] Make sure that Set all elements to: shows Quarantine Important: Click on the Apply all Actions button (* This must done before saving the report ) When the program has finished, it will display the message All actions have been applied. Then click the Save Scan Report* button. Click the Save Report as button. Save the report to your Desktop. Right-click the AVG Tray Icon and select Exit. Confirm by clicking Yes. Reboot in normal mode and copy the report back to this topic along with a new HijackThis log. Please post: 1.c:\rapport.txt 2.AVG Anti-Spyware log 3.A new HijackThis log Your may need several replies to post the requested logs, otherwise they might get cut off.

wndy26 View Member Profile	Jun 28 2007, 10:59 PM Post #3
Authentic Member Group: Authentic Member Posts: 35 Joined: 30-May 05 Member No.: 33,441 Operating System: Windows XP Home Edition	Here is Rapport.txt - will follow with two other posts to include the other reports. Thanks so much! SmitFraudFix v2.197 Scan done at 0:59:36.71, Thu 06/28/2007 Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}"="farrandly" [HKEY_CLASSES_ROOT\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32] @="C:\WINDOWS\system32\tczij.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8aa7a4d2-73c7-4fca-bef7-7923e38a3b1c}\InProcServer32] @="C:\WINDOWS\system32\tczij.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\Program Files\Video ActiveX Access\ Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS2\Services\Tcpip\..\{B118596A-4143-4A0B-882E-68C5139ED5CB}: DhcpNameServer=204.127.203.135 216.148.225.135 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=204.127.203.135 216.148.225.135 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End

wndy26 View Member Profile	Jun 28 2007, 11:00 PM Post #4
Authentic Member Group: Authentic Member Posts: 35 Joined: 30-May 05 Member No.: 33,441 Operating System: Windows XP Home Edition	AVG Spyware Scan Log: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 4:54:02 AM 6/28/2007 + Scan result: C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244743.dll -> Adware.Agent : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244720.exe -> Downloader.Zlob.bvp : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244721.exe -> Downloader.Zlob.bvp : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP835\A0244722.exe -> Downloader.Zlob.bvp : Cleaned. C:\System Volume Information\_restore{F03BC7CA-958E-4E73-B64E-7D9F75261CF2}\RP822\A0243812.dll -> Hijacker.Agent.jw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Dark Lord's Hacking.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Gzn Gunz Trainer V.12.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.171\TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.171\Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.171\XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.640\TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.640\Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX07.640\XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Dark Lord's Hacking.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Gzn Gunz Trainer V.12.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/TrainerXv2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Ulti-Trainer For IGunZ.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/XxFaithxX Legacy ownage.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\RECYCLER\S-1-5-21-4165618130-79490045-818695748-1009\Dc1.zip/Chrissiboi's H4XZ0R 2.0.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\RECYCLER\S-1-5-21-4165618130-79490045-818695748-1009\Dc2.exe -> Not-A-Virus.HackTool.Win32.Delf.bw : Cleaned. C:\WINDOWS\system32\drivers\MSTEE2k.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.21 : Cleaned. C:\WINDOWS\system32\drivers\beepex.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.30 : Cleaned. C:\WINDOWS\system32\drivers\usbnt.sys -> Not-A-Virus.Monitor.Win32.EliteKeylogger.30 : Cleaned. :mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@com[1].txt -> TrackingCookie.Com : Cleaned. :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned. :mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned. :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@real[2].txt -> TrackingCookie.Real : Cleaned. :mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned. :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. C:\Documents and Settings\Robbie's\Cookies\robbie's@revsci[1].txt -> TrackingCookie.Revsci : Cleaned. :mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned. :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Valuead : Cleaned. :mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\6ttqyx90.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/DRGunzHacker.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Desktop\Trainers Pack.rar/Hellsings trainer.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temp\Rar$EX22.328\Hellsings trainer.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/DRGunzHacker.exe -> Trojan.Delf.bcg : Cleaned. C:\Documents and Settings\Robbie's\Local Settings\Temporary Internet Files\Content.IE5\MG3L96DV\Trainers%20Pack[1].rar/Hellsings trainer.exe -> Trojan.Delf.bcg : Cleaned. ::Report end

wndy26

Jun 28 2007, 11:01 PM

Post #5

Authentic Member

Group: Authentic Member
Posts: 35
Joined: 30-May 05
Member No.: 33,441
Operating System: Windows XP Home Edition

HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 5:04:28 AM, on 6/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\windows\system\hpsysdrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\HijackThis\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexico Toolbar - {11359F4A-B191-42d7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dictionary.com - {11359F4A-B191-42D7-905A-594F8CF0387B} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lexbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Robbie's\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} - http://www.kungfuchess.com/activex/web665.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.phoenix.edu/secure/PhxStudent15.CAB
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/web_...inematycoon.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O16 - DPF: {F0E2D69A-DC2F-4E9B-A993-684FB1C21DBC} - http://dictionary.reference.com/tools/toolbar/lexico.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\ALIENG~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diablo II Close Game Server (D2GS) - Unknown owner - C:\Documents and Settings\Robbie's\Desktop\D2GS-110\D2GSSVC.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Comm