•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the Viruses, Spyware and other Nasties section within the Tech Talk category of DaniWeb, a massive community of 456,552 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,477 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community
Views: 1233 | Replies: 5
 |
•
•
Join Date: Oct 2007
Posts: 3
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
HJT Please help me remove virus I don't know how to remove this but from what I hear deleting things with out professional help can hurt my computer more...
Please someone give me guidance on how to remove this virus!
Here's my HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 8:33:18 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrpfn.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll
O3 - Toolbar: The netadv - {D1413F77-5B69-4562-84E1-78F997794E9D} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: msvb - {23BE808E-3F5D-4CE7-8E0A-C61FF21713B1} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55} - C:\WINDOWS\sysdx.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
Please someone give me guidance on how to remove this virus!
Here's my HJT Log
Logfile of HijackThis v1.99.1
Scan saved at 8:33:18 PM, on 10/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\isfmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Online Video Add-on\isfmm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSVPS System - {15272B08-F6FE-4E71-B2BD-A59AD23EBE3C} - C:\WINDOWS\bndsrpfn.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: (no name) - {CFE15135-C591-4000-A55E-A50E5F9F82BC} - C:\Program Files\Online Video Add-on\isfmdl.dll
O3 - Toolbar: IE Custom Tools - {41F6170D-6AF8-4188-8D92-9DDAB3C71A78} - C:\Program Files\Online Video Add-on\ictmdl.dll
O3 - Toolbar: The netadv - {D1413F77-5B69-4562-84E1-78F997794E9D} - C:\WINDOWS\netadv.dll
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer = 85.255.116.150,85.255.112.152
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.150 85.255.112.152
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: msvb - {23BE808E-3F5D-4CE7-8E0A-C61FF21713B1} - C:\WINDOWS\msvb.dll
O21 - SSODL: sysdx - {40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55} - C:\WINDOWS\sysdx.dll
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 455
You need to uninstall that version of hijackthis and install the latest (2.0.2) version. Do NOT run it from the zip folder as you are now doing so, but run the zip program and unzip hijackthis to a permanent folder.
==
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
==
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.
Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Oct 2007
Posts: 3
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
Here is the rapport from smitfraudfix. what's the next step?
thank you for your help
SmitFraudFix v2.250
Scan done at 23:53:50.98, Mon 11/05/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\bndsrpfn.dll FOUND !
C:\WINDOWS\netadv.dll FOUND !
C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\sysdx.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\flirek.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Online Video Add-on\ FOUND !
C:\Program Files\VideoAccessCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
kdpqb.exe detected !
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
thank you for your help
SmitFraudFix v2.250
Scan done at 23:53:50.98, Mon 11/05/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Online Video Add-on\icthis.exe
C:\Program Files\Online Video Add-on\icmntr.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\bndsrpfn.dll FOUND !
C:\WINDOWS\netadv.dll FOUND !
C:\WINDOWS\privacy_danger FOUND !
C:\WINDOWS\sysdx.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\flirek.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url FOUND !
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url FOUND !
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Online Video Add-on\ FOUND !
C:\Program Files\VideoAccessCodec\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
kdpqb.exe detected !
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
Your computer may be victim of a DNS Hijack: 85.255.x.x detected !
Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 85.255.116.150
DNS Server Search Order: 85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.69.146 68.87.85.98
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 455
You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.
Please reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
•
•
Join Date: Oct 2007
Posts: 3
Reputation:
Rep Power: 0
Solved Threads: 0
Newbie Poster
SmitFraudFix v2.250
Scan done at 10:18:16.60, Tue 11/06/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\bndsrpfn.dll Deleted
C:\WINDOWS\netadv.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\sysdx.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
C:\WINDOWS\system32\flirek.dll Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url Deleted
C:\Program Files\Online Video Add-on\ Deleted
C:\Program Files\VideoAccessCodec\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kdpqb.exe Deleted
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
Scan done at 10:18:16.60, Tue 11/06/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{34ec76b6-53c4-4686-822f-910c790683fb}"="evangeliarium"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\bndsrpfn.dll Deleted
C:\WINDOWS\netadv.dll Deleted
C:\WINDOWS\privacy_danger\ Deleted
C:\WINDOWS\sysdx.dll Deleted
Deleting [HKEY_CLASSES_ROOT\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{40B77EC5-1ECB-40E2-AEC3-FAE3B9353C55}]
C:\WINDOWS\system32\flirek.dll Deleted
C:\DOCUME~1\Owner\Desktop\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\Desktop\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\Desktop\Spyware?Malware Protection.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Error Cleaner.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Privacy Protector.url Deleted
C:\DOCUME~1\Owner\FAVORI~1\Spyware?Malware Protection.url Deleted
C:\Program Files\Online Video Add-on\ Deleted
C:\Program Files\VideoAccessCodec\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{534BCFE7-14C3-4C70-A6AA-15EBDADB81F1}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9D42D7C5-01FA-40E8-AA22-D73FB61EE87F}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E1642865-DB2E-48CB-9AAB-519F9D9714D0}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: DhcpNameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E6158D56-A0BC-4CFE-BCD2-BA0E291034DC}: NameServer=85.255.116.150,85.255.112.152
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.150 85.255.112.152
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdpqb.exe"
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Reboot
C:\WINDOWS\system32\kdpqb.exe Deleted
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» End
•
•
Join Date: Feb 2004
Location: Oztralya
Posts: 8,019
Reputation:
Rep Power: 23
Solved Threads: 455
Ok. You forgot to post the hijackthis log I requested, but do this now please;
Please download FixWareout from this site:
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log please.
Please download FixWareout from this site:
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
Opera How you got infected AVAST anti-virus Comodo Firewall Spywareblaster
Please do not PM me for help. Instead, post in the public forum where others may benefit.
|
•
•
•
•
•
•
•
•
DaniWeb Viruses, Spyware and other Nasties Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
•
•
•
•
adware antivirus apple complete information defender email exploit fix fraction gmail google hidden files how im ipod kaspersky legal malware mcafee microsoft mobile new folder new viruses news nhatquanglan onecare phone reliability remove report satnav search second security software solve spyware ssvichosst survey svchost symbian taskmanager trends trojan virus viruses vista windows
- Trying to remove a virus (Viruses, Spyware and other Nasties)
- Unable to remove Virus Alert, Pop Ups & IE Start Up page .. help ... (Viruses, Spyware and other Nasties)
- Unable to remove Virus Alert, Pop Ups & IE Start Up page .. help ... (Viruses, Spyware and other Nasties)
- Attack of a " rdriv.sys" virus (Viruses, Spyware and other Nasties)
- Please, HJT log help requested (II) ! (Viruses, Spyware and other Nasties)
- Virus Downloader.tooncom (Windows NT / 2000 / XP / 2003)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: A few random popups remain after Vundo
- Next Thread: messed up desktop
