 |  |  |  |  |  |  |  |
Citical Error Message
 |
Whenever i go into C:\Program Files i get a error message saying
"Attention, (name)! Some dangerous viruses detected in your system. Microsoft Windows 2000 Files corrupted. This may lead to the destruction of important files in C:\WINNT. Download protection software now! Click OK to download the antispyware. (Recommended)"
When i click no it still goes to a website.
I've seen other threads and most can't youse Internet Explorer but i'm using opera and it doesnt seem to affect that. I know i'm supposed to use HJT but for some reason whenever I try to run it it says
"HijackThis.exe has generated errors and will be closed by windows. You will need to restart the program."
I have restarted the program many times and nothing seems to work.
I forgot to mention earlier i've also tried reinstalling the program.
"Attention, (name)! Some dangerous viruses detected in your system. Microsoft Windows 2000 Files corrupted. This may lead to the destruction of important files in C:\WINNT. Download protection software now! Click OK to download the antispyware. (Recommended)"
When i click no it still goes to a website.
I've seen other threads and most can't youse Internet Explorer but i'm using opera and it doesnt seem to affect that. I know i'm supposed to use HJT but for some reason whenever I try to run it it says
"HijackThis.exe has generated errors and will be closed by windows. You will need to restart the program."
I have restarted the program many times and nothing seems to work.
I forgot to mention earlier i've also tried reinstalling the program.
Last edited by crunchie; Jul 24th, 2008 at 6:58 am. Reason: Removed dangerous URL
I restarted my computer again and this time it worked i will post a log.
Here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:35 PM, on 7/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\HijackThis.exe
D:\Josh from C\opera\Opera.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp\ac8zt2\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\srltaapd.dll",b
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Microsoft] msmsger.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Connection Manager (NetCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINNT\privacy_danger\index.htm
--
End of file - 6143 bytes
Here is the log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:35 PM, on 7/23/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\HijackThis.exe
D:\Josh from C\opera\Opera.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp\ac8zt2\fdkowvbp.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft] msmsger.exe
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\srltaapd.dll",b
O4 - HKLM\..\RunServices: [Microsoft] msmsger.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Microsoft] msmsger.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Connection Manager (NetCM) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Speech\svchost.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINNT\privacy_danger\index.htm
--
End of file - 6143 bytes
Last edited by Jammerx2; Jul 23rd, 2008 at 3:13 pm.
Ok, i just noticed whenever i go into C:\ or D:\ and click on anything it gives me that error. When i use a shorcut it doesnt and it doesnt seem to affect anything else except internet explorer. Any ideas?
•
•
Join Date: Feb 2004
Posts: 9,987
Reputation: 
Solved Threads: 755
Hi and welcome to the Daniweb forums 
.
==========
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
.==========
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Well thankyou a lot but i managed to get rid of it without that. I will still post that log along with the others from http://www.daniweb.com/forums/thread134865.html When i followed that post it fixed it but i would still like to check if my system is comletely clean.
Malware Bytes Log
Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.0.2195 Service Pack 4
12:18:34 PM 7/24/2008
Malwarebytes Log
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119794
Time elapsed: 2 hour(s), 19 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 22
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnooofe (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bosv (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acf5173c (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft (Backdoor.Bot) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.
Folders Infected:
C:\WINNT\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
Files Infected:
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini2 (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wjsmmyrf.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\rtlfktcx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\xctkfltr.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\srltaapd.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\dpaatlrs.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Quick Batch File Compiler\Setup_ver1.113.0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Quick Batch File Compiler\stubc.dll (Adware.Agent) -> No action taken.
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\edgq.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\dtyhilky.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\ofvavbgl.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\owzooz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\phxdiu.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tgpspkqh.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tkqipbmb.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vmkfbz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wmbxytfy.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vtUonlKB.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\fdkowvbp.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> No action taken.
Eset Log
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3293 (20080723)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=a4b65fb3fa61494aa594bd3a8ae61562
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-07-24 06:06:01
# local_time=2008-07-24 02:06:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.0.2195 NT Service Pack 4
# scanned=344217
# found=13
# scan_time=6325
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »BnnnnBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »VaannnaaBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dnnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Bnnnnn.class Java/ClassLoader.AS trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Den.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Din.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dun.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\stubc.dll probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe Win32/Adware.IeDefender.NGJ application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINNT\system32\iefilter.dll Win32/Adware.IeDefender.NGJ application (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar Win32/Jeefo.A virus (deleted) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar »RAR »AncientFixed.exe Win32/Jeefo.A virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 6820 bytes
Main.txt (DSS LOG)
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-24 12:47:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 224 MiB (256 MiB recommended).
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 6820 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 GBDevice - c:\winnt\system32\drivers\gbdevice.sys <Not Verified; Roxio, Inc.; GoBack>
R0 GoBack2K - c:\winnt\system32\drivers\goback2k.sys <Not Verified; Roxio, Inc.; GoBack>
R0 viamraid - c:\winnt\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
R2 GBFSHook - c:\winnt\system32\drivers\gbfshook.sys <Not Verified; Roxio, Inc.; GoBack>
R2 npkcrypt - d:\josh from c\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 viagfx - c:\winnt\system32\drivers\vtmini.sys <Not Verified; Copyright (C) VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>
S3 Pcouffin (Low level access layer for CD devices) - c:\winnt\system32\drivers\pcouffin.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 GBPoll - c:\program files\roxio\goback\gbpoll.exe <Not Verified; Roxio, Inc.; GoBack>
S2 avg8emc (AVG8 E-mail Scanner) -
S2 avg8wd (AVG8 WatchDog) -
S2 NetCM (Network Connection Manager) -
S2 PowerManager (Power Manager) -
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-07-23 17:00:01 446 --a------ C:\WINNT\Tasks\RegCure Program Check.job
2008-07-17 10:06:20 380 --a------ C:\WINNT\Tasks\RegCure.job
2008-07-15 18:19:04 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-07-24 and 2008-08-24 -----------------------------
2008-08-24 12:48:02 94848 --a------ C:\WINNT\system32\arjekrfa.dll
2008-08-24 12:47:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37c.dat
2008-08-24 12:47:20 347 --ahs---- C:\WINNT\system32\QYcKknmp.ini2
2008-08-24 12:47:14 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll
2008-08-23 14:02:14 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat
2008-08-23 13:34:48 0 d-------- C:\Program Files\Trend Micro
2008-08-23 13:22:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3a0.dat
2008-08-22 13:25:27 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Adersoft
2008-08-22 13:25:13 0 d-------- C:\Program Files\Vbsedit
2008-08-22 12:32:00 0 d-------- C:\Xfire
2008-07-24 12:20:05 0 d-------- C:\DrWatson
2008-07-24 00:14:05 0 d-------- C:\Program Files\EsetOnlineScanner
-- Find3M Report ---------------------------------------------------------------
2008-08-24 12:48:22 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Hamachi
2008-08-22 16:38:51 0 d-------- C:\Program Files\GetRight
2008-07-24 12:36:56 832650 ---h----- C:\WINNT\ShellIconCache
2008-07-24 12:19:43 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-07-23 22:51:40 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Malwarebytes
2008-07-23 22:51:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 17:48:41 0 d-------- C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO
2008-07-23 17:23:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_238.dat
2008-07-23 17:20:46 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\uTorrent
2008-07-23 14:04:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3ac.dat
2008-07-23 13:01:52 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_228.dat
2008-07-23 00:55:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_210.dat
2008-07-22 23:47:13 33152 -----n--- C:\WINNT\system32\nnnooOfe.dll
2008-07-22 20:48:17 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files\Adaptec Shared
2008-07-21 23:01:11 0 d-------- C:\Program Files\BOTS
2008-07-21 18:11:43 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Xfire
2008-07-21 17:31:46 0 d-------- C:\Program Files\IzPack
2008-07-21 17:17:07 0 d-------- C:\Program Files\Launch4j
2008-07-17 18:19:15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1264.dat
2008-07-17 17:48:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_218.dat
2008-07-17 13:21:47 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Video DVD Maker FREE
2008-07-17 13:21:05 0 d-------- C:\Program Files\Video DVD Maker
2008-07-16 18:53:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 13:20:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\MP3Rocket
2008-07-16 10:13:05 0 d-------- C:\Program Files\wise DVD Creator 8.0
2008-07-15 18:19:03 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3d8.dat
2008-07-15 17:13:23 0 d-a------ C:\Program Files\iPod
2008-07-15 16:53:45 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Apple Computer
2008-07-15 16:52:37 0 d-a------ C:\Program Files\iTunes
2008-07-15 15:40:29 0 d-------- C:\Program Files\FinalBurner
2008-07-15 15:07:05 0 d-------- C:\Program Files\007DVD
2008-07-15 13:20:10 0 d-------- C:\Program Files\Apple Software Update
2008-07-15 13:01:39 0 d-a------ C:\Program Files\QuickTime
2008-07-15 12:57:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\vlc
2008-07-15 12:55:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_440.dat
2008-07-15 12:54:08 0 d-------- C:\Program Files\VideoLAN
2008-07-15 10:43:53 0 d-------- C:\Program Files\MP3 Rocket
2008-07-15 10:42:47 0 d-a------ C:\Program Files\Java
2008-07-15 10:41:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Sun
2008-07-13 13:12:26 0 d-a------ C:\Program Files\Common Files\Pure Networks Shared
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-08 15:10:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_214.dat
2008-07-08 15:07:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\DAEMON Tools
2008-07-08 13:06:59 0 d-------- C:\Program Files\uTorrent
2008-06-30 14:05:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1fc.dat
2008-06-29 22:34:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat
2008-06-23 08:52:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_200.dat
2008-06-22 14:51:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_204.dat
2008-05-30 14:01:24 80896 --a------ C:\WINNT\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-05-25 17:02:06 47 --a------ C:\WINNT\system32\setpath.bat
2008-05-24 22:30:13 2147483647 --ahs---- C:\gobackio.bin
2008-05-24 21:32:43 15012 --a------ C:\WINNT\system32\emptyregdb.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D63DFB8-719C-4B43-8E2F-7593657BA76A}]
08/24/08 12:47p 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
07/22/08 11:47p 33152 --------- C:\WINNT\system32\nnnooOfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1D2F57A-9944-435E-A16F-CA98B29D8884}]
C:\WINNT\system32\yayaAQiH.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [07/08/08 11:59a 683464]
[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [05/03/02 10:40a]
"VTTimer"="VTTimer.exe" [03/08/05 03:33a C:\WINNT\system32\VTTimer.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/08 07:19p]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/08 05:20p]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/08 10:32a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/06 04:24p]
"acf5173c"="C:\WINNT\system32\arjekrfa.dll" [08/24/08 12:48p]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [09/04/07 07:40p]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [07/08/08 12:22p]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [7/8/2008 12:24:43 PM]
Xfire.lnk - D:\Josh from C\Xfire\xfire.exe [7/15/2008 7:09:02 PM]
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe [6/6/2008 11:29:38 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINNT\system32\nnnooOfe.dll [07/22/08 11:47p 33152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnooOfe]
nnnooOfe.dll 07/22/08 11:47p 33152 C:\WINNT\system32\nnnooOfe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\pmnkKcYQ
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------
Extra.txt (DSS LOG)
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2800+
Percentage of Memory in Use: 94%
Physical Memory (total/avail): 223.43 MiB / 11.72 MiB
Pagefile Memory (total/avail): 537.57 MiB / 187.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.68 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 38.09 GiB total, 21.43 GiB free.
D: is Fixed (FAT32) - 38.59 GiB total, 13.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.09 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.6 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSH
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.CORRINA-GFYHSR2
LOGONSERVER=\\JOSH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
USERDOMAIN=JOSH
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2
windir=C:\WINNT
-- User Profiles ---------------------------------------------------------------
Administrator.CORRINA-GFYHSR2 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Alcatel SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" -Control_Panel
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batch File Compiler Professional Edition v4.0 DEMO --> C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO\uninstall.exe
BOTS --> "C:\Program Files\InstallShield Installation Information\{22D56257-DE33-4C7D-817B-C2DE69FE953C}\setup.exe" -runfromtemp -l0x0009 -removeonly
CakeStory --> D:\Josh from C\MapleStory\Uninstal.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Toolbar --> C:\Program Files\DAEMON Tools Toolbar\uninst.exe
ESET Online Scanner --> C:\WINNT\system32\OnlineScannerUninstaller.exe
GetRight --> "C:\Program Files\GetRight\unins000.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hirc --> "C:\Program Files\Hirc\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
IzPack 4.0.1 --> "C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" -jar "C:\Program Files\IzPack\uninstaller\uninstaller.jar"
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Launch4j 3.0.1 --> C:\Program Files\Launch4j\uninst.exe
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
Network Magic --> C:\Documents and Settings\All Users.WINNT\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Quick Batch File Compiler 3.16 --> "C:\Program Files\Quick Batch File Compiler\unins000.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> D:\Josh from C\RegCure\uninst.exe
Security Update for DirectX 9 (KB951698) --> "C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Vbsedit --> MsiExec.exe /X{C8BC7F74-65A7-428F-80C6-D8034103781C}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
Video DVD Maker v3.9.0.20 --> "C:\Program Files\Video DVD Maker\Uninstall.exe" "C:\Program Files\Video DVD Maker\install.log" -u
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINNT\War3Unin.exe C:\WINNT\War3Unin.dat
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINNT\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
No Errors/Warnings found.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1762 / Error
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.101 on the
Network Card with network address 00142A306FFB.
Event Record #/Type1761 / Warning
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00142A306FFB. The following
error occured:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1760 / Error
Event Submitted/Written: 08/24/2008 00:45:37 PM / 08/24/2008 00:45:38 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer OWNER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9153AB1E-30DC-4D11-.
The master browser is stopping or an election is being forced.
-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------
I will post smitfraudfix soon
Malware Bytes Log
Malwarebytes' Anti-Malware 1.23
Database version: 985
Windows 5.0.2195 Service Pack 4
12:18:34 PM 7/24/2008
Malwarebytes Log
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119794
Time elapsed: 2 hour(s), 19 minute(s), 12 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 6
Registry Keys Infected: 22
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 35
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{04d32989-deab-4c05-9163-7f06f490629e} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{df292dd2-7551-4cac-af6e-00c4ba31fd4d} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnooofe (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{4937d5d1-2039-409a-bd83-fec9b39b2356} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{401f4b6b-3c36-4e8d-bc07-f46fc6d67d9a} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.bosv (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acf5173c (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{769d8280-a207-4eea-9963-f8b156c32855} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft (Backdoor.Bot) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\winnt\system32\yayaaqih -> No action taken.
Folders Infected:
C:\WINNT\privacy_danger (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images (Trojan.FakeAlert) -> No action taken.
Files Infected:
C:\WINNT\system32\yayaAQiH.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\HiQAayay.ini2 (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\uspdxw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\frymmsjw.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wjsmmyrf.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\rtlfktcx.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\xctkfltr.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\srltaapd.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\dpaatlrs.ini (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\nnnooOfe.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\iefilter.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\btawwx.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\Quick Batch File Compiler\Setup_ver1.113.0.exe (Trojan.FakeAlert) -> No action taken.
C:\Program Files\Quick Batch File Compiler\stubc.dll (Adware.Agent) -> No action taken.
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\edgq.exe (Trojan.FakeAlert) -> No action taken.
C:\WINNT\system32\dtyhilky.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\ofvavbgl.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\owzooz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\phxdiu.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tgpspkqh.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\tkqipbmb.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vmkfbz.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\wmbxytfy.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\system32\vtUonlKB.dll (Trojan.Vundo) -> No action taken.
C:\WINNT\privacy_danger\index.htm (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\down.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> No action taken.
C:\WINNT\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\fdkowvbp.dll (Trojan.FakeAlert) -> No action taken.
C:\WINNT\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Local Settings\Temp\CmdLineExt02.dll (Trojan.Agent) -> No action taken.
Eset Log
# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3293 (20080723)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=a4b65fb3fa61494aa594bd3a8ae61562
# end=finished
# remove_checked=true
# unwanted_checked=false
# utc_time=2008-07-24 06:06:01
# local_time=2008-07-24 02:06:01 (-0500, Eastern Daylight Time)
# country="United States"
# osver=5.0.2195 NT Service Pack 4
# scanned=344217
# found=13
# scan_time=6325
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip multiple infiltrations (deleted) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »BnnnnBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »VaannnaaBaa.class Java/ClassLoader trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dnnny.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Bnnnnn.class Java/ClassLoader.AS trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Den.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Din.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Documents and Settings\owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\cnte-dhncgts.jar-5a78fdfd-319987fa.zip »ZIP »Dun.class Java/Exploit.Bytverify trojan (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\stubc.dll probably a variant of Win32/Agent trojan (unable to clean - deleted) 00000000000000000000000000000000
C:\Program Files\Quick Batch File Compiler\wuick-batch-file-compiler-v-3.1.6.0-patch.exe Win32/Adware.IeDefender.NGJ application (unable to clean - deleted) 00000000000000000000000000000000
C:\WINNT\system32\iefilter.dll Win32/Adware.IeDefender.NGJ application (unable to clean - deleted (after the next restart)) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar Win32/Jeefo.A virus (deleted) 00000000000000000000000000000000
D:\Josh from C\MapleStory\AncientFixed.rar »RAR »AncientFixed.exe Win32/Jeefo.A virus (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 6820 bytes
Main.txt (DSS LOG)
Deckard's System Scanner v20071014.68
Run by Administrator on 2008-08-24 12:47:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Backed up registry hives.
Performed disk cleanup.
Percentage of Memory in Use: 87% (more than 75%).
Total Physical Memory: 224 MiB (256 MiB recommended).
-- HijackThis (run as Administrator.exe) ---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:19 PM, on 8/24/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\dss.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1.COR\Desktop\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {2D63DFB8-719C-4B43-8E2F-7593657BA76A} - C:\WINNT\system32\pmnkKcYQ.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {769D8280-A207-4EEA-9963-F8B156C32855} - C:\WINNT\system32\nnnooOfe.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: (no name) - {C1D2F57A-9944-435E-A16F-CA98B29D8884} - C:\WINNT\system32\yayaAQiH.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: fdkowvbp - {A976B7DF-9CDC-436C-A5BA-D0CD8CB4A8AA} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [acf5173c] rundll32.exe "C:\WINNT\system32\arjekrfa.dll",b
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Xfire.lnk = D:\Josh from C\Xfire\xfire.exe
O4 - Global Startup: GetRight.lnk = C:\Program Files\GetRight\GetRight.exe
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: nnnooOfe - C:\WINNT\SYSTEM32\nnnooOfe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - ALWIL Software - (no file)
O23 - Service: AVG8 WatchDog (avg8wd) - ALWIL Software - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O24 - Desktop Component 0: Privacy Protection - (no file)
--
End of file - 6820 bytes
-- File Associations -----------------------------------------------------------
.reg - regfile - shell\open\command - regedit.exe "%1" %*
.scr - scrfile - shell\open\command - "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 GBDevice - c:\winnt\system32\drivers\gbdevice.sys <Not Verified; Roxio, Inc.; GoBack>
R0 GoBack2K - c:\winnt\system32\drivers\goback2k.sys <Not Verified; Roxio, Inc.; GoBack>
R0 viamraid - c:\winnt\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
R2 GBFSHook - c:\winnt\system32\drivers\gbfshook.sys <Not Verified; Roxio, Inc.; GoBack>
R2 npkcrypt - d:\josh from c\maplestory\npkcrypt.sys <Not Verified; INCA Internet Co., Ltd.; nProtect KeyCrypt Driver>
R3 viagfx - c:\winnt\system32\drivers\vtmini.sys <Not Verified; Copyright (C) VIA/S3 Graphics Co, Ltd.; UniChrome(Pro) IGP Driver>
S3 Pcouffin (Low level access layer for CD devices) - c:\winnt\system32\drivers\pcouffin.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 GBPoll - c:\program files\roxio\goback\gbpoll.exe <Not Verified; Roxio, Inc.; GoBack>
S2 avg8emc (AVG8 E-mail Scanner) -
S2 avg8wd (AVG8 WatchDog) -
S2 NetCM (Network Connection Manager) -
S2 PowerManager (Power Manager) -
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1106&DEV_3104&SUBSYS_18981019&REV_86\3&61AAA01&0&84
Service:
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_1106&DEV_3068&SUBSYS_0C041019&REV_80\3&61AAA01&0&8E
Service:
-- Scheduled Tasks -------------------------------------------------------------
2008-07-23 17:00:01 446 --a------ C:\WINNT\Tasks\RegCure Program Check.job
2008-07-17 10:06:20 380 --a------ C:\WINNT\Tasks\RegCure.job
2008-07-15 18:19:04 284 --a------ C:\WINNT\Tasks\AppleSoftwareUpdate.job
-- Files created between 2008-07-24 and 2008-08-24 -----------------------------
2008-08-24 12:48:02 94848 --a------ C:\WINNT\system32\arjekrfa.dll
2008-08-24 12:47:32 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_37c.dat
2008-08-24 12:47:20 347 --ahs---- C:\WINNT\system32\QYcKknmp.ini2
2008-08-24 12:47:14 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll
2008-08-23 14:02:14 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_22c.dat
2008-08-23 13:34:48 0 d-------- C:\Program Files\Trend Micro
2008-08-23 13:22:39 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3a0.dat
2008-08-22 13:25:27 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Adersoft
2008-08-22 13:25:13 0 d-------- C:\Program Files\Vbsedit
2008-08-22 12:32:00 0 d-------- C:\Xfire
2008-07-24 12:20:05 0 d-------- C:\DrWatson
2008-07-24 00:14:05 0 d-------- C:\Program Files\EsetOnlineScanner
-- Find3M Report ---------------------------------------------------------------
2008-08-24 12:48:22 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Hamachi
2008-08-22 16:38:51 0 d-------- C:\Program Files\GetRight
2008-07-24 12:36:56 832650 ---h----- C:\WINNT\ShellIconCache
2008-07-24 12:19:43 0 d-------- C:\Program Files\Quick Batch File Compiler
2008-07-23 22:51:40 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Malwarebytes
2008-07-23 22:51:39 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 17:48:41 0 d-------- C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO
2008-07-23 17:23:10 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_238.dat
2008-07-23 17:20:46 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\uTorrent
2008-07-23 14:04:29 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3ac.dat
2008-07-23 13:01:52 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_228.dat
2008-07-23 00:55:33 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_210.dat
2008-07-22 23:47:13 33152 -----n--- C:\WINNT\system32\nnnooOfe.dll
2008-07-22 20:48:17 57344 --a------ C:\WINNT\uneng.exe <Not Verified; Roxio; Roxio Update Wizard>
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files
2008-07-22 20:48:17 0 d-a------ C:\Program Files\Common Files\Adaptec Shared
2008-07-21 23:01:11 0 d-------- C:\Program Files\BOTS
2008-07-21 18:11:43 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Xfire
2008-07-21 17:31:46 0 d-------- C:\Program Files\IzPack
2008-07-21 17:17:07 0 d-------- C:\Program Files\Launch4j
2008-07-17 18:19:15 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1264.dat
2008-07-17 17:48:31 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_218.dat
2008-07-17 13:21:47 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Video DVD Maker FREE
2008-07-17 13:21:05 0 d-------- C:\Program Files\Video DVD Maker
2008-07-16 18:53:44 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-16 13:20:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\MP3Rocket
2008-07-16 10:13:05 0 d-------- C:\Program Files\wise DVD Creator 8.0
2008-07-15 18:19:03 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_3d8.dat
2008-07-15 17:13:23 0 d-a------ C:\Program Files\iPod
2008-07-15 16:53:45 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Apple Computer
2008-07-15 16:52:37 0 d-a------ C:\Program Files\iTunes
2008-07-15 15:40:29 0 d-------- C:\Program Files\FinalBurner
2008-07-15 15:07:05 0 d-------- C:\Program Files\007DVD
2008-07-15 13:20:10 0 d-------- C:\Program Files\Apple Software Update
2008-07-15 13:01:39 0 d-a------ C:\Program Files\QuickTime
2008-07-15 12:57:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\vlc
2008-07-15 12:55:57 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_440.dat
2008-07-15 12:54:08 0 d-------- C:\Program Files\VideoLAN
2008-07-15 10:43:53 0 d-------- C:\Program Files\MP3 Rocket
2008-07-15 10:42:47 0 d-a------ C:\Program Files\Java
2008-07-15 10:41:25 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\Sun
2008-07-13 13:12:26 0 d-a------ C:\Program Files\Common Files\Pure Networks Shared
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-08 15:14:18 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-08 15:10:09 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_214.dat
2008-07-08 15:07:44 0 d-------- C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data\DAEMON Tools
2008-07-08 13:06:59 0 d-------- C:\Program Files\uTorrent
2008-06-30 14:05:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1fc.dat
2008-06-29 22:34:19 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_1f8.dat
2008-06-23 08:52:47 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_200.dat
2008-06-22 14:51:45 16384 --a-----t C:\WINNT\system32\Perflib_Perfdata_204.dat
2008-05-30 14:01:24 80896 --a------ C:\WINNT\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows®>
2008-05-25 17:02:06 47 --a------ C:\WINNT\system32\setpath.bat
2008-05-24 22:30:13 2147483647 --ahs---- C:\gobackio.bin
2008-05-24 21:32:43 15012 --a------ C:\WINNT\system32\emptyregdb.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D63DFB8-719C-4B43-8E2F-7593657BA76A}]
08/24/08 12:47p 323584 --a------ C:\WINNT\system32\pmnkKcYQ.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{769D8280-A207-4EEA-9963-F8B156C32855}]
07/22/08 11:47p 33152 --------- C:\WINNT\system32\nnnooOfe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C1D2F57A-9944-435E-A16F-CA98B29D8884}]
C:\WINNT\system32\yayaAQiH.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [07/08/08 11:59a 683464]
[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [06/19/03 12:05p C:\WINNT\system32\mobsync.exe]
"SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [05/03/02 10:40a]
"VTTimer"="VTTimer.exe" [03/08/05 03:33a C:\WINNT\system32\VTTimer.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [05/15/08 07:19p]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [01/08/08 05:20p]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [01/18/08 10:32a]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [03/14/07 03:43a]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [06/14/06 04:24p]
"acf5173c"="C:\WINNT\system32\arjekrfa.dll" [08/24/08 12:48p]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [09/04/07 07:40p]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [07/08/08 12:22p]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Start Menu\Programs\Startup\
Hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [7/8/2008 12:24:43 PM]
Xfire.lnk - D:\Josh from C\Xfire\xfire.exe [7/15/2008 7:09:02 PM]
C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\
GetRight.lnk - C:\Program Files\GetRight\GetRight.exe [6/6/2008 11:29:38 PM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{769D8280-A207-4EEA-9963-F8B156C32855}"= C:\WINNT\system32\nnnooOfe.dll [07/22/08 11:47p 33152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnooOfe]
nnnooOfe.dll 07/22/08 11:47p 33152 C:\WINNT\system32\nnnooOfe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINNT\system32\pmnkKcYQ
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys]
@="driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------
Extra.txt (DSS LOG)
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows 2000 Professional (build 2195) SP 4.0
Architecture: X86; Language: English
CPU 0: AMD Athlon(tm) XP 2800+
Percentage of Memory in Use: 94%
Physical Memory (total/avail): 223.43 MiB / 11.72 MiB
Pagefile Memory (total/avail): 537.57 MiB / 187.39 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1955.68 MiB
A: is Removable (No Media)
C: is Fixed (NTFS) - 38.09 GiB total, 21.43 GiB free.
D: is Fixed (FAT32) - 38.59 GiB total, 13.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
\\.\PHYSICALDRIVE0 - HDS728080PLAT20 - 76.69 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 38.09 GiB - C:
\PARTITION1 - Extended w/Extended Int 13 - 38.6 GiB - D:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINNT
APPDATA=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JOSH
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator.CORRINA-GFYHSR2
LOGONSERVER=\\JOSH
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1.COR\LOCALS~1\Temp
USERDOMAIN=JOSH
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator.CORRINA-GFYHSR2
windir=C:\WINNT
-- User Profiles ---------------------------------------------------------------
Administrator.CORRINA-GFYHSR2 (admin)
-- Add/Remove Programs ---------------------------------------------------------
--> C:\WINNT\$NtServicePackUninstall$\spuninst\spuninst.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Adobe Flash Player ActiveX --> C:\WINNT\system32\Macromed\Flash\uninstall_activeX.exe
Alcatel SpeedTouch USB Software --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\Setup.exe" -Control_Panel
Apple Software Update --> MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Batch File Compiler Professional Edition v4.0 DEMO --> C:\Program Files\Batch File Compiler Professional Edition v4.0 DEMO\uninstall.exe
BOTS --> "C:\Program Files\InstallShield Installation Information\{22D56257-DE33-4C7D-817B-C2DE69FE953C}\setup.exe" -runfromtemp -l0x0009 -removeonly
CakeStory --> D:\Josh from C\MapleStory\Uninstal.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DAEMON Tools Toolbar --> C:\Program Files\DAEMON Tools Toolbar\uninst.exe
ESET Online Scanner --> C:\WINNT\system32\OnlineScannerUninstaller.exe
GetRight --> "C:\Program Files\GetRight\unins000.exe"
Hamachi 1.0.2.5 --> C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hirc --> "C:\Program Files\Hirc\unins000.exe"
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1033
IzPack 4.0.1 --> "C:\Program Files\Java\jre1.6.0_01\bin\javaw.exe" -jar "C:\Program Files\IzPack\uninstaller\uninstaller.jar"
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Launch4j 3.0.1 --> C:\Program Files\Launch4j\uninst.exe
LiveUpdate 1.7 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapleStory --> MsiExec.exe /I{7A512A34-F4E8-43C4-BD80-43A022B31BF6}
Microsoft Internet Explorer 6 SP1 --> rundll32 C:\WINNT\system32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
Microsoft Office 2000 Small Business --> MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MP3 Rocket --> C:\Program Files\MP3 Rocket\Uninstall.exe
Network Magic --> C:\Documents and Settings\All Users.WINNT\Application Data\Pure Networks\Setup\nmsetup.exe /uninstall
Quick Batch File Compiler 3.16 --> "C:\Program Files\Quick Batch File Compiler\unins000.exe"
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
RegCure 1.5.0.0 --> D:\Josh from C\RegCure\uninst.exe
Security Update for DirectX 9 (KB951698) --> "C:\WINNT\$NtUninstallKB951698_DX9$\spuninst\spuninst.exe"
Security Update for Windows 2000 (KB941569) --> "C:\WINNT\$NtUninstallKB941569$\spuninst\spuninst.exe"
Vbsedit --> MsiExec.exe /X{C8BC7F74-65A7-428F-80C6-D8034103781C}
VIA Rhine-Family Fast-Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> C:\PROGRA~1\VIA\UChromeP\s3minset.exe /u C:\PROGRA~1\VIA\UChromeP\UChromeP.uns
Video DVD Maker v3.9.0.20 --> "C:\Program Files\Video DVD Maker\Uninstall.exe" "C:\Program Files\Video DVD Maker\install.log" -u
VideoLAN VLC media player 0.8.6i --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Warcraft III: All Products --> C:\WINNT\War3Unin.exe C:\WINNT\War3Unin.dat
Windows Media Player system update (9 Series) --> C:\PROGRA~1\WINDOW~2\setup_wm.exe /Uninstall
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
Yahoo! Install Manager --> C:\WINNT\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
-- Application Event Log -------------------------------------------------------
No Errors/Warnings found.
-- Security Event Log ----------------------------------------------------------
No Errors/Warnings found.
-- System Event Log ------------------------------------------------------------
Event Record #/Type1762 / Error
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1000 / Dhcp
Event Description:
Your computer has lost the lease to its IP address 192.168.0.101 on the
Network Card with network address 00142A306FFB.
Event Record #/Type1761 / Warning
Event Submitted/Written: 08/24/2008 00:48:07 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Your computer was not able to renew its address from the network (from the
DHCP Server) for the Network Card with network address 00142A306FFB. The following
error occured:
%%121.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.
Event Record #/Type1760 / Error
Event Submitted/Written: 08/24/2008 00:45:37 PM / 08/24/2008 00:45:38 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer OWNER-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9153AB1E-30DC-4D11-.
The master browser is stopping or an election is being forced.
-- End of Deckard's System Scanner: finished at 2008-08-24 12:49:24 ------------
I will post smitfraudfix soon
•
•
•
•
Originally Posted by crunchie 
Hi and welcome to the Daniweb forums
==========
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
here is the log
SmitFraudFix v2.331
Scan done at 13:13:27.00, Sun 08/24/2008
Run from C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\VTTimer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hamachi\hamachi.exe
D:\Josh from C\Xfire\xfire.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CORRINA-GFYHSR2
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.COR\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: VIA Rhine II Fast Ethernet Adapter
DNS Server Search Order: 192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
•
•
Join Date: Feb 2004
Posts: 9,987
Reputation:
Solved Threads: 755
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
here is the log i got
SmitFraudFix v2.331
Scan done at 17:04:36.76, Sun 08/24/2008
Run from C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.331
Scan done at 17:04:36.76, Sun 08/24/2008
Run from C:\Documents and Settings\Administrator.CORRINA-GFYHSR2\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{FCDE184E-1B5C-414A-B4DC-F8A42796CF21}: DhcpNameServer=192.168.0.1
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
|
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Trojan.Win32/ Worm.Win32.net booster
- Next Thread: was taken over
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake gaming gtaiv gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirecting reliability report research risk rogueantivirus samhain sans scareware school search security sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted usa virus viruses war warning windows worm yahoo zeroday
