0

I have tryed everything to get this thing off my computer its just keeps coming back its on the bottom right hand corner of my taskbar and it pop up and says i have virus activity it transforms into a mine from mine sweeper to a yellow caution tag.


HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 11:03:00 AM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\clayton\Desktop\hjt\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

2
Contributors
10
Replies
11
Views
10 Years
Discussion Span
Last Post by the bear
0

This doesn't look like a complete log. Are you sure you didn't delete anyting from it?

If you did then please post the full log we need to see that info so that we can fix your computer.

If you didn't please change the name of hijackthis.exe to something else like hello.exe.

0

This doesn't look like a complete log. Are you sure you didn't delete anyting from it?

If you did then please post the full log we need to see that info so that we can fix your computer.

If you didn't please change the name of hijackthis.exe to something else like hello.exe.

I got it in its seprate file and renamed it to hello and re-ran it here is the log i got.


Logfile of HijackThis v1.99.1
Scan saved at 7:11:29 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\clayton\Desktop\hjt\hello.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

0

Well your log is completely clean which is weird becase it souns like you are infected with malware. Ok lets scan your computer with a scanner that we suppport on this site.

Please download and install ewido anti-spyware tool(Now called AVG)

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido

Reboot back to normal mode

Post the log from AVG and also a new HJT log from after the scan.

0

Well your log is completely clean which is weird becase it souns like you are infected with malware. Ok lets scan your computer with a scanner that we suppport on this site.

Please download and install ewido anti-spyware tool(Now called AVG)

  • Close all other Applications Select language click Ok
  • Click I Agree
  • Click next
  • Click Install
  • Click Finish
  • Wait Ewido will open main screen automatically.
  • Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
  • This in very important to get updates
  • When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

    You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!

  • Open Ewido
  • Click on scanner top of Ewido sceen
  • Click on Settings
  • Under How to Act click on Recommended Action choose Quarantine
  • Under How to scan all boxes should be selected
  • Under Possibly unwanted software all boxes should be selected
  • On right side under Reports: click on Automatically generate report after every scan.
  • Under What to scan select scan every file
  • Click On scan Tab
  • Click on Complete system scan
  • Let the program scan the machine It can take awhile give it time.
  • When scan has finished At bottom of screen click Apply all Actions
  • Click Save report
  • Click Save Report as (Save as window's screen should pop up.)
  • Click desktop
  • Click Save
  • Exit ewido

Reboot back to normal mode

Post the log from AVG and also a new HJT log from after the scan.

Ok ran scan in safe mode and ran a new HJT here it is

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:20:16 PM 12/17/2006

+ Scan result:

:mozilla.21:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.16:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.19:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.20:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\clayton\Cookies\clayton@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\clayton\Cookies\clayton@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\clayton\Cookies\clayton@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\clayton\Cookies\clayton@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\clayton\Cookies\clayton@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\clayton\Cookies\clayton@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.84:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.85:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.86:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.87:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.88:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.89:C:\Documents and Settings\clayton\Application Data\Mozilla\Firefox\Profiles\ig0idzbc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:23:53 PM, on 12/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\clayton\Desktop\hjt\hello.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

0

The log is still clean so lets check for rootkits.

Go here and download Rootkit analizer. Install and run it then click analyze. Then check the box that says only show hooked processes. Then click export and save the txt file.

Post the contents of that text file here.

0

The log is still clean so lets check for rootkits.

Go here and download Rootkit analizer. Install and run it then click analyze. Then check the box that says only show hooked processes. Then click export and save the txt file.

Post the contents of that text file here.

Here you go

Service name Syscall Address Hooked Module Product Company Description
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
NtAlertResumeThread, ZwAlertResumeThread 12 0xF734D83D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtAllocateUserPhysicalPages, ZwAllocateUserPhysicalPages 15 0xF734D847 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtAllocateVirtualMemory, ZwAllocateVirtualMemory 17 0xF734D851 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtClose, ZwClose 25 0xF734D85B YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCompactKeys, ZwCompactKeys 27 0xF734D865 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCompressKey, ZwCompressKey 30 0xF734D86F YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateDirectoryObject, ZwCreateDirectoryObject 34 0xF734D879 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateEvent, ZwCreateEvent 35 0xF734D883 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateEventPair, ZwCreateEventPair 36 0xF734D88D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateFile, ZwCreateFile 37 0xF734D897 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateIoCompletion, ZwCreateIoCompletion 38 0xF734D8A1 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateJobObject, ZwCreateJobObject 39 0xF734D8AB YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateKey, ZwCreateKey 41 0xF734D8B5 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateMailslotFile, ZwCreateMailslotFile 42 0xF734D8BF YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateMutant, ZwCreateMutant 43 0xF734D8C9 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateNamedPipeFile, ZwCreateNamedPipeFile 44 0xF734D8D3 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreatePagingFile, ZwCreatePagingFile 45 0xF74B6A20 YES d347bus.sys PnP BIOS Extension
NtCreatePort, ZwCreatePort 46 0xF734D8DD YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateProcess, ZwCreateProcess 47 0xF734D8E7 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateProcessEx, ZwCreateProcessEx 48 0xF734D8F1 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateSection, ZwCreateSection 50 0xF734D8FB YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateSemaphore, ZwCreateSemaphore 51 0xF734D905 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateSymbolicLinkObject, ZwCreateSymbolicLinkObject 52 0xF734D90F YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateThread, ZwCreateThread 53 0xF734D919 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateTimer, ZwCreateTimer 54 0xF734D923 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtCreateToken, ZwCreateToken 55 0xF734D92D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtDeleteFile, ZwDeleteFile 62 0xF734D937 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtDeleteKey, ZwDeleteKey 63 0xF734D941 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtDeleteValueKey, ZwDeleteValueKey 65 0xF734D94B YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtDeviceIoControlFile, ZwDeviceIoControlFile 66 0xF734D955 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtDuplicateObject, ZwDuplicateObject 68 0xF734D95F YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtEnumerateKey, ZwEnumerateKey 71 0xF734D969 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtEnumerateValueKey, ZwEnumerateValueKey 73 0xF734D973 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtFreeUserPhysicalPages, ZwFreeUserPhysicalPages 82 0xF734D97D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtFreeVirtualMemory, ZwFreeVirtualMemory 83 0xF734D987 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtImpersonateAnonymousToken, ZwImpersonateAnonymousToken 89 0xF734D991 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtImpersonateThread, ZwImpersonateThread 91 0xF734D99B YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtLoadDriver, ZwLoadDriver 97 0xF734D9A5 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtLoadKey, ZwLoadKey 98 0xF734D9AF YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtLoadKey2, ZwLoadKey2 99 0xF734D9B9 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtLockRegistryKey, ZwLockRegistryKey 102 0xF734D9C3 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtLockVirtualMemory, ZwLockVirtualMemory 103 0xF734D9CD YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtMapViewOfSection, ZwMapViewOfSection 108 0xF734D9D7 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtOpenFile, ZwOpenFile 116 0xF734D9E1 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtOpenKey, ZwOpenKey 119 0xF734D9EB YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtOpenProcess, ZwOpenProcess 122 0xF7CA08AC YES guard.sys
NtOpenProcessToken, ZwOpenProcessToken 123 0xF734D9FF YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtOpenSection, ZwOpenSection 125 0xF734DA09 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtOpenThread, ZwOpenThread 128 0xF734DA13 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtOpenThreadToken, ZwOpenThreadToken 129 0xF734DA1D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtProtectVirtualMemory, ZwProtectVirtualMemory 137 0xF734DA27 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtQueryInformationProcess, ZwQueryInformationProcess 154 0xF734DA31 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtQueryInformationThread, ZwQueryInformationThread 155 0xF734DA3B YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtQueryKey, ZwQueryKey 160 0xF734DA45 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtQueryMultipleValueKey, ZwQueryMultipleValueKey 161 0xF734DA4F YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtQueryOpenSubKeys, ZwQueryOpenSubKeys 164 0xF734DA59 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtQueryValueKey, ZwQueryValueKey 177 0xF734DA63 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtQueueApcThread, ZwQueueApcThread 180 0xF734DA6D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtReadFile, ZwReadFile 183 0xF734DA77 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtReadVirtualMemory, ZwReadVirtualMemory 186 0xF734DA81 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtRenameKey, ZwRenameKey 192 0xF734DA8B YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtReplaceKey, ZwReplaceKey 193 0xF734DA95 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtRestoreKey, ZwRestoreKey 204 0xF734DA9F YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtResumeProcess, ZwResumeProcess 205 0xF734DAA9 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtResumeThread, ZwResumeThread 206 0xF734DAB3 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSaveKey, ZwSaveKey 207 0xF734DABD YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSaveKeyEx, ZwSaveKeyEx 208 0xF734DAC7 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSaveMergedKeys, ZwSaveMergedKeys 209 0xF734DAD1 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSetContextThread, ZwSetContextThread 213 0xF734DADB YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSetInformationKey, ZwSetInformationKey 226 0xF734DAE5 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSetInformationProcess, ZwSetInformationProcess 228 0xF734DAEF YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSetInformationThread, ZwSetInformationThread 229 0xF734DAF9 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSetSystemInformation, ZwSetSystemInformation 240 0xF734DB03 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSetSystemPowerState, ZwSetSystemPowerState 241 0xF74C20B0 YES d347bus.sys PnP BIOS Extension
NtSetValueKey, ZwSetValueKey 247 0xF734DB0D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSuspendProcess, ZwSuspendProcess 253 0xF734DB17 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSuspendThread, ZwSuspendThread 254 0xF734DB21 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtSystemDebugControl, ZwSystemDebugControl 255 0xF734DB2B YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtTerminateJobObject, ZwTerminateJobObject 256 0xF734DB35 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtTerminateProcess, ZwTerminateProcess 257 0xF7CA0812 YES guard.sys
NtTerminateThread, ZwTerminateThread 258 0xF734DB49 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtUnloadDriver, ZwUnloadDriver 262 0xF734DB53 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtUnloadKey, ZwUnloadKey 263 0xF734DB5D YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtUnloadKeyEx, ZwUnloadKeyEx 264 0xF734DB67 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtUnlockVirtualMemory, ZwUnlockVirtualMemory 266 0xF734DB71 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtUnmapViewOfSection, ZwUnmapViewOfSection 267 0xF734DB7B YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtWriteFile, ZwWriteFile 274 0xF734DB85 YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows
NtWriteVirtualMemory, ZwWriteVirtualMemory 277 0xF734DB8F YES pxfsf.sys PREVX Security Agent Prevx Limited, http://www.prevx1.com/ PREVX Security Agent for Windows

0

After doing some research i believe you might have a smitfraud infection.(or some variant) please do the following.

First download Smitfraudfix from here.

Extract it to its own folder. Double click on smitfraudfix.cmd

When it opens up the command prompt press any key to continue and then press 1 and enter to scan.

When its done it should open up a txt file. Save that and then post the contents here.

0

After doing some research i believe you might have a smitfraud infection.(or some variant) please do the following.

First download Smitfraudfix from here.

Extract it to its own folder. Double click on smitfraudfix.cmd

When it opens up the command prompt press any key to continue and then press 1 and enter to scan.

When its done it should open up a txt file. Save that and then post the contents here.

here you go thanks


SmitFraudFix v2.131

Scan done at 16:47:32.37, Mon 12/18/2006
Run from C:\Documents and Settings\clayton\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\olnohdw.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\clayton


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\clayton\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\clayton\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}"="astral"

[HKEY_CLASSES_ROOT\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\system32\olnohdw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{5f938c17-fbc7-4a3c-8526-85e5b1a1f762}\InProcServer32]
@="C:\WINDOWS\system32\olnohdw.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

pe386 detected, use a Rootkit scanner

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

0

Now run it again except this time use the 2 option and enter.

Still having problems after that?

I think its fixed thanks

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.