There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
 
Tag Cloud
audio bios blue screen boot bsod computer connection crash dcom dell driver drivers email error excel firefox google hard drive hardware hijackthis internet laptop logon logs off macro malware microsoft motherboard network networking problem ram recovery router screen slow software sound trojan usb userinit.exe virus vista webcam wifi windows windows 7 windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > Malware Removal & HijackThis Logs >
SystemDoctor2006 & SmitFraud (New)

Tip: Click here to scan for System Errors and Optimize PC performance
[ Sponsored Link ]

Closed Thread
 
Thread Tools
Adrnshw6's Avatar
Junior Member with 1 posts.
  
Join Date: Jun 2007
09-Jun-2007, 12:50 PM #1
SystemDoctor2006 & SmitFraud
Hi, I was googling around looking for a way to delete SystemDoctor2006 and Smithfraud from my PC, and came upon this thread. It looks as though the OPs problems were solved, so I will be following those steps. I just completed the first step and here is my Combofix log:

"Adrian Shaw" - 2007-06-09 12:37:29 Service Pack 2 NTFS
ComboFix 07-06-3B - Running from: "C:\Documents and Settings\Adrian Shaw\Desktop\virusstuff\"


(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\bvlksyij.dll
C:\WINDOWS\system32\scckoevp.dll
C:\WINDOWS\system32\uwkhquro.dll
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ppqss.tmp
C:\WINDOWS\system32\ppqss.bak1
C:\WINDOWS\system32\ppqss.bak2
C:\WINDOWS\system32\ppqss.ini
C:\WINDOWS\system32\ssqpp.dll
C:\WINDOWS\system32\byxurom.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\ADRIAN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\T6G9ZXXP\www.broadcaster.com
C:\DOCUME~1\ADRIAN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\T6G9ZXXP\www.broadcaster.com\played_list.sol
C:\DOCUME~1\ADRIAN~1\APPLIC~1.\macromedia\Flash Player\#SharedObjects\T6G9ZXXP\www.broadcaster.com\video_queue.sol
C:\DOCUME~1\ADRIAN~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\DOCUME~1\ADRIAN~1\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\install.log
C:\WINDOWS\system32\drivers\sfsync02.sys


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\NPF
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-05-09 to 2007-06-09 )))))))))))))))))))))))))))))))


2007-06-09 12:38 0 --a------ C:\WINDOWS\system32\sfsync02.dll
2007-06-08 06:49 58,420 --a------ C:\WINDOWS\system32\tkknlgjo.dll
2007-06-07 07:01 55,316 --a------ C:\WINDOWS\system32\pubktjuh.dll
2007-06-07 06:49 131,124 --a------ C:\WINDOWS\system32\kpfwcfqi.dll
2007-06-06 06:56 131,124 --a------ C:\WINDOWS\system32\gpglgpni.dll
2007-06-06 06:35 14,868 --a------ C:\WINDOWS\system32\ygpmcvox.exe
2007-06-06 06:35 10,752 --a------ C:\WINDOWS\system32\j6211032.dll
2007-06-05 06:39 2,580 --a------ C:\WINDOWS\system32\grtpljfo.exe
2007-06-05 06:36 131,124 --a------ C:\WINDOWS\system32\efndrnva.dll
2007-06-03 21:32 <DIR> d-------- C:\Program Files\Cyberathlete Amateur League
2007-06-02 23:07 2,580 --a------ C:\WINDOWS\system32\ikcoxsve.exe
2007-06-02 00:49 <DIR> d-------- C:\Program Files\World In Conflict - Closed MP Beta
2007-06-01 23:07 2,580 --a------ C:\WINDOWS\system32\tvntntsr.exe
2007-05-30 22:52 <DIR> d-------- C:\DOCUME~1\ADRIAN~1\APPLIC~1\Help
2007-05-30 17:37 <DIR> d-------- C:\Program Files\ZyX
2007-05-30 06:49 <DIR> d-------- C:\progam files
2007-05-27 01:22 <DIR> d-------- C:\BFU
2007-05-27 01:20 1,468 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-27 01:19 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-05-27 01:19 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-05-27 01:19 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-05-26 16:21 967 --a------ C:\WINDOWS\ScUnin.pif
2007-05-26 16:21 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-05-26 16:21 35,382 --a------ C:\WINDOWS\scunin.dat
2007-05-26 16:21 <DIR> d-------- C:\Program Files\Starcraft
2007-05-24 21:06 530 --a------ C:\WINDOWS\eReg.dat
2007-05-24 20:44 <DIR> d-------- C:\Program Files\EA GAMES
2007-05-22 14:33 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-05-19 05:20 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-05-16 21:43 <DIR> d-------- C:\VundoFix Backups
2007-05-14 21:56 <DIR> d-------- C:\Program Files\Tor
2007-05-12 12:23 <DIR> d-------- C:\Program Files\Trillian Pro
2007-05-11 07:07 <DIR> d-------- C:\DOCUME~1\ADRIAN~1\APPLIC~1\Aim
2007-05-11 07:06 <DIR> d-------- C:\Program Files\AIM95


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2038-03-05 19:30:03 -------- d-----w C:\Program Files\Winamp
2007-06-09 16:31:51 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-06-09 15:50:15 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\Xfire
2007-06-09 15:49:53 -------- d-s---w C:\Program Files\Xfire
2007-06-08 22:15:34 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\Azureus
2007-06-08 22:15:33 -------- d-----w C:\Program Files\PeerGuardian2
2007-06-08 19:25:31 22,584 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-06-08 19:25:25 99,904 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-06-08 16:14:23 -------- d-----w C:\Program Files\Steam
2007-06-07 18:44:19 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\OpenOffice.org2
2007-06-07 00:22:01 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\dvdcss
2007-06-06 01:53:21 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\LimeWire
2007-06-02 04:57:00 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-02 04:49:54 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-31 22:38:31 -------- d-----w C:\Program Files\mIRC
2007-05-30 18:54:16 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\Creative
2007-05-29 23:20:08 1,324 ----a-w C:\WINDOWS\system32\d3d9caps.dat
2007-05-28 05:30:27 -------- d-----w C:\Program Files\Project64 1.6
2007-05-28 05:29:57 -------- d-----w C:\Program Files\InterActual
2007-05-28 05:29:20 -------- d-----w C:\Program Files\Sony Ericsson
2007-05-25 11:09:36 -------- d-----w C:\Program Files\Folding@Home
2007-05-24 23:19:34 -------- d-----w C:\Program Files\Blaze Media Pro
2007-05-24 21:14:49 -------- d-----w C:\Program Files\MyWay
2007-05-18 02:51:01 -------- d-----w C:\Program Files\Movie Joiner
2007-05-17 20:07:25 -------- d-----w C:\Program Files\DivX
2007-05-10 18:35:43 -------- d-----w C:\Program Files\Joost
2007-05-08 01:20:10 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\Joost
2007-05-08 00:24:24 -------- d-----w C:\Program Files\Call of Duty
2007-05-01 00:12:50 -------- d-----w C:\Program Files\Orb Networks
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-30 00:46:45 -------- d-----w C:\Program Files\CCP
2007-04-26 18:51:38 -------- d-----w C:\Program Files\Opera
2007-04-23 00:52:04 8,704 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2007-04-23 00:12:58 -------- d-----w C:\Program Files\Folding@Home2
2007-04-20 00:45:56 -------- d-----w C:\Program Files\Atari
2007-04-17 04:44:18 -------- d-----w C:\Program Files\TVUPlayer
2007-04-15 17:57:44 -------- d--h--w C:\DOCUME~1\ADRIAN~1\APPLIC~1\Move Networks
2007-04-11 03:50:04 -------- d-----w C:\DOCUME~1\ADRIAN~1\APPLIC~1\Skype
2007-04-02 23:52:44 63,040 ----a-w C:\WINDOWS\system32\PnkBstrA.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C}=C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL [2006-10-31 02:55]
{60BF5EE3-0105-4858-AD98-17C19F86B042}=C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll [2007-01-15 22:06]
{906DC9BE-E962-443B-BCF3-B602F5212EA9}=C:\WINDOWS\system32\jkkll.dll []
{bf00e119-21a3-4fd1-b178-3b8537e75c92}=C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2007-02-15 20:25]
{D75D14C6-7C56-493F-AD5E-FB035AB2C49c}=C:\WINDOWS\system32\rbgsrpia.dll []
{E12BFF69-38A7-406e-A8EF-2738107A7831}=C:\WINDOWS\system32\tkknlgjo.dll [2007-06-08 06:49]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 21:43 C:\WINDOWS\system32\nvmctray.dll]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 11:42]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 06:48]
"razer"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 11:53]
"Copperhead"="C:\Program Files\Razer\Copperhead\razerhid.exe" [2005-11-25 11:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fraps"="C:\FRAPS\FRAPS.EXE" [2005-08-15 09:12]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2007-04-06 20:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"combofix"=C:\WINDOWS\system32\cmd.exe /c C:\ComboFix\Combobatch.bat
"!CleanupNetMeetingDispDriver"="C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkhge]
ljjkhge.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrkq32]
winrkq32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Adrian Shaw^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Adrian Shaw\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Adrian Shaw^Start Menu^Programs^Startup^GigaTribe.lnk]
path=C:\Documents and Settings\Adrian Shaw\Start Menu\Programs\Startup\GigaTribe.lnk
backup=C:\WINDOWS\pss\GigaTribe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Adrian Shaw^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Adrian Shaw\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
"C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApachInc]
rundll32.exe "C:\WINDOWS\system32\efndrnva.dll",realset

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
"C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
"C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" /SCB

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j6211032]
rundll32 C:\WINDOWS\system32\j6211032.dll sook

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
Logi_MwX.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F 310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\D]
AutoRun\command- D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{85cf697c-6612-11db-aa13-00121769b42d}]
AutoRun\command- L:\gt.exe
open\command- L:\gt.exe


**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-09 12:42:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-09 12:43:13 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-09 12:43

--- E O F ---











And here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:45:49 PM, on 6/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\FRAPS\FRAPS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Adrian Shaw\Desktop\HiJackThis_v2.exe
C:\Program Files\Winamp\winamp.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Burn4Free Toolbar Helper - {60BF5EE3-0105-4858-AD98-17C19F86B042} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll
O2 - BHO: (no name) - {906DC9BE-E962-443B-BCF3-B602F5212EA9} - C:\WINDOWS\system32\jkkll.dll (file missing)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {D75D14C6-7C56-493F-AD5E-FB035AB2C49c} - C:\WINDOWS\system32\rbgsrpia.dll (file missing)
O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\tkknlgjo.dll
O3 - Toolbar: Burn4Free Toolbar - {55FAF0F2-44D4-425F-B5F5-6B275B621EAB} - C:\Program Files\Burn4Free Toolbar\v3.2.0.0\Burn4Free_Toolbar.dll
O3 - Toolbar: MEGAUPLOADTOOLBAR - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [Copperhead] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" /background
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1161920617140
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42320AAC-8765-412C-BB05-7DA2FBE975F0}: NameServer = 68.87.66.196,68.87.64.196
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ljjkhge - ljjkhge.dll (file missing)
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FAH@C:+Documents and Settings+Adrian Shaw+Desktop+FAH504-Console.exe - Unknown owner - C:\Documents and Settings\Adrian Shaw\Desktop\FAH504-Console.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: WMP54GSSVC - GEMTEKS - C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe

--
End of file - 7585 bytes


I read somewhere that these malware install and duplicate themsleves differently on different machines, so I can't follow the directions in the other thread exactly, so, what should I do next?
Thanks.
cybertech's Avatar
Computer Specs
Moderator with 68,815 posts.
  
Join Date: Apr 2002
Location: Washington State
11-Jun-2007, 11:42 AM #2
Hi, Welcome to TSG!!


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.




Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply with a new hijackthis log.
  • Click Close to exit the program.
__________________
Microsoft MVP/Windows - Consumer Security
Closed Thread Bookmark and Share   techguy.org/582516

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Smart Search

Find your solution!


« Previous Thread | Malware Removal & HijackThis Logs | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.

Thread Tools


Twitter Twitter! | Podcast | Mobile | Advertise
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -5. The time now is 03:02 PM.
Copyright © 1996 - 2010 TechGuy, Inc. All rights reserved.
Powered by vBulletin, Copyright © 2000 - 2010, Jelsoft Enterprises Ltd.
 Powered by Cermak Technologies, Inc.