1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Hijack this log. Need major help

Discussion in 'Virus & Other Malware Removal' started by Flags, Jan 7, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Working on a lady's PC with scads of crap on it. I have run 2 antivirus programs, Adaware, Spybot, Ewido, Panda and it's still full. Please help me.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:06:51 PM, on 1/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\smncs.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\AOL\1135556469\ee\aolsoftware.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\windows\banmanpro.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Lorraine\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    F3 - REG:win.ini: load=C:\AIM\dtect16.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\pmkjk.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvvt.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 328512625
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
    O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
    O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
    O20 - Winlogon Notify: awvvt - awvvt.dll (file missing)
    O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Service 8 (Service Filter) - Unknown owner - C:\WINDOWS\smncs.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    • Please save or print these instructions for use in Safe Mode.
    • Save HijackThis to a permanent folder such as the Desktop.
    • Save VundoFix.exe to your Desktop.
    • Double-click VundoFix.exe. This will create a folder called VundoFix.
    • Start your computer in Safe Mode.
    • Open the VundoFix folder and double-click KillVundo.bat
    • You will first be presented with a warning that looks like this:
    • Press Enter once to continue.
    • Next you will see:
    • Type the following file path exactly as it appears below:
      • C:\WINDOWS\system32\pmkjk.dll
    • Press Enter to continue with the fix.
    • Next you will see:
    • Type the following file path exactly as it is written below:
      • C:\WINDOWS\system32\kjkmp.*
    • Press Enter to continue.
    • If you have a script blocker running, you may get a warning about a malicious
      script. Allow the script to run.
    • At this point, HijackThis should open. If not, run HijackThis manually.
    • In HijackThis, put a check next to these entries and click Fix Checked:
      • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\pmkjk.dll[*]O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
    • Exit HijackThis.
    • Press Enter to exit the program.
    • Manually restart your computer by holding the power button down for about 5 seconds, then turning it back on.
      • Your computer may scan your disk for errors and take longer than normal to boot up. This is normal.
    • Download and install CleanUp!.
    • Click Options....
    • Move the arrow down to Custom CleanUp!.
    • Make sure only these options are checked:
      • Empty Recycle Bins
      • Delete Cookies
      • Delete Prefetch Files
      • Cleanup! All Users
    • Click OK then CleanUp!.
    • Choose No if asked to reboot your computer.
    • Run Kaspersky Online Scanner. Copy and paste the results here.
    • Post the contents of vundofix.txt from the VundoFix folder.
    • Post a new HijackThis log.
    --Instructions generated by VundoFix.php
     
  3. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Thanks for the Quick come-back Brendan. I working on it.
     
  4. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Here you go Brendan.

    VundoFix V2.15 by Atri
    --------------------------------------------------------------------------------------

    Listing files contained in the vundofix folder.
    --------------------------------------------------------------------------------------

    killvundo.bat
    process.exe
    ReadMe.txt
    vundo.reg
    vundofix.txt

    --------------------------------------------------------------------------------------

    Filepaths entered
    --------------------------------------------------------------------------------------

    The filepath entered was C:\WINDOWS\system32\pmkjk.dll

    The second filepath entered was C:\WINDOWS\system32\kjkmp.*

    --------------------------------------------------------------------------------------

    Log from Process
    --------------------------------------------------------------------------------------


    Killing PID 148 'smss.exe'

    Killing PID 780 'explorer.exe'
    Killing PID 780 'explorer.exe'
    Killing PID 780 'explorer.exe'
    Killing PID 780 'explorer.exe'


    Killing PID 224 'winlogon.exe'
    --------------------------------------------------------------------------------------

    C:\WINDOWS\system32\pmkjk.dll Deleted sucessfully.
    C:\WINDOWS\system32\kjkmp.* Deleted sucessfully.

    Fixing Registry
    --------------------------------------------------------------------------------------

    Kapersky log
    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, January 07, 2006 20:42:24
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 8/01/2006
    Kaspersky Anti-Virus database records: 159441
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 33497
    Number of viruses found: 9
    Number of infected objects: 164
    Number of suspicious objects: 0
    Duration of the scan process: 2421 sec

    Infected Object Name - Virus Name
    C:\drsmartloadb.exe Infected: Trojan-Downloader.Win32.Adload.l
    C:\Program Files\Norton AntiVirus\Quarantine\016D70F2 Infected: Trojan-Proxy.Win32.Ranky.bp
    C:\Program Files\Norton AntiVirus\Quarantine\092309CF.exe Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\10165AC5 Infected: Backdoor.Win32.SdBot.aad
    C:\Program Files\Norton AntiVirus\Quarantine\10573D29.exe Infected: IM-Worm.Win32.Opanki.af
    C:\Program Files\Norton AntiVirus\Quarantine\12010666 Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\12FD2894 Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\18E0218D.exe Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\1A5C00B8 Infected: Email-Worm.Win32.Bagle.ct
    C:\Program Files\Norton AntiVirus\Quarantine\204A5A32.exe Infected: Backdoor.Win32.SdBot.aad
    C:\Program Files\Norton AntiVirus\Quarantine\29E17A63 Infected: Backdoor.Win32.SdBot.aad
    C:\Program Files\Norton AntiVirus\Quarantine\3AC71E0F.exe Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\4C484E87 Infected: Backdoor.Win32.SdBot.aad
    C:\Program Files\Norton AntiVirus\Quarantine\504968A1 Infected: Backdoor.Win32.SdBot.aad
    C:\Program Files\Norton AntiVirus\Quarantine\5357599E Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\5365018F Infected: Trojan-Downloader.Win32.Small.bke
    C:\Program Files\Norton AntiVirus\Quarantine\53992156 Infected: Backdoor.Win32.SdBot.aad
    C:\Program Files\Norton AntiVirus\Quarantine\57395470.exe Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\5E2B6958 Infected: Backdoor.Win32.SdBot.aad
    C:\Program Files\Norton AntiVirus\Quarantine\625B6318 Infected: Trojan-Downloader.Win32.Small.bke
    C:\Program Files\Norton AntiVirus\Quarantine\6EAF2A63.exe Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\79BE135A.exe Infected: Trojan-Clicker.Win32.VB.kc
    C:\Program Files\Norton AntiVirus\Quarantine\7B3E5DB5 Infected: Backdoor.Win32.SdBot.aad
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0374883.dll Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376040.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376041.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376042.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376043.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376044.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376045.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376046.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376047.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376048.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376049.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376050.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376051.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376052.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376053.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376054.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376055.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376056.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376057.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376064.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376065.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376066.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376067.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376068.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376069.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376070.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376071.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376072.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376073.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376074.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376075.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376076.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376077.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376078.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376079.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376080.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376120.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376121.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376122.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376123.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376124.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376125.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376126.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376127.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376128.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376129.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376130.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376131.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376132.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376133.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376134.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376135.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376136.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376137.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376138.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376142.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376143.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376144.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376145.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376146.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376148.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376150.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376152.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376153.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376154.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376155.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376156.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376157.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376158.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376159.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376160.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376164.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376165.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376166.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376167.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376168.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376169.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376170.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376171.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376172.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376173.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376174.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376175.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376176.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376177.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0377184.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0377186.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0377188.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378182.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378183.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378184.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378185.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378187.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378188.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378189.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378190.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378191.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378192.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378193.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378194.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378195.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378196.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378197.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378198.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378199.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378209.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378210.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378211.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378212.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378213.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378215.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378217.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378219.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378220.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378221.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378222.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378223.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378224.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378225.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378226.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378227.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378228.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378234.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378235.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378236.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378237.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378238.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378239.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378240.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378241.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378242.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378243.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378244.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378245.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378246.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378247.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378248.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378249.DLL Infected: Trojan-Downloader.Win32.ConHook.w
    C:\WINDOWS\banmanpro.exe Infected: Trojan-Clicker.Win32.VB.kc
    C:\WINDOWS\enewsletterpro.exe Infected: Trojan.Win32.StartPage.aha
    C:\WINDOWS\smncs.exe Infected: Backdoor.Win32.SdBot.aad

    Scan process completed.

    Hijack log to follow
     
  5. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    New Hijack log.

    Logfile of HijackThis v1.99.1
    Scan saved at 8:52:09 PM, on 1/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
    C:\windows\banmanpro.exe
    C:\Program Files\Ares\Ares.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\smncs.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Lorraine\Desktop\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    F3 - REG:win.ini: load=C:\AIM\dtect16.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvvt.dll (file missing)
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 328512625
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
    O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
    O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
    O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Service 8 (Service Filter) - Unknown owner - C:\WINDOWS\smncs.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  6. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Save KillBox to your Desktop

    Run HijackThis and click Do a system scan only
    Put a checkmark next to any of the following entries that appear, and click Fix Checked:

    O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvvt.dll (file missing)
    O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
    O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 328512625
    O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
    O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
    O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe


    Run KillBox and select Delete on Reboot
    Copy this list of file and folder locations:

    C:\Program Files\Zango Programs\
    0sis0ijw.dll
    C:\Program Files\ErrorSafe\
    C:\windows\enewsletterpro.exe
    C:\windows\banmanpro.exe
    Go to File>>Paste from clipboard. Click All Files
    Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
    C:\WINDOWS\smncs.exe
    Exit HijackThis
    Disable System Restore

    Enable System Restore

    Run HijackThis and click Do a system scan and save a log file
    Your HijackThis log will open in Notepad. Post the contents of the log here

    And let me know if you're still having problems.
     
  7. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    I'm on it.
     
  8. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Brendan: Ran into a snag. Got a Warning: Pending file rename operations registry data has been removed by external process.
    What do I do?
     
  9. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Brendan: Ilost my internet on the infected machine.
    Windows cannot find--Whoa, I just got it back
    Log follows.
     
  10. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    If you're still having internet problems:

    Save LSPFix to your Desktop
    Run LSPFix and check I know what I'm doing
    Click Finish>> and exit LSPFix
     
  11. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    I ran Killbox in safe mode and I got rid of those 4 files, I think. I don't understand what you mean by the lines following the WARNING: Your computer will be restarted etc.
    To wit: C:\WINDOWS\smnce.exe
    Exit Hijack this.
    I disabled and then renabled System Restore.
    Anyway here is the new log.

    Logfile of HijackThis v1.99.1
    Scan saved at 9:51:30 PM, on 1/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Unable to get Internet Explorer version!

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis.exe

    R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    F3 - REG:win.ini: load=C:\AIM\dtect16.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
    O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
    O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
    O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
    O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
    O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
    O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Service 8 (Service Filter) - Unknown owner - C:\WINDOWS\smncs.exe (file missing)
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
     
  12. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    Ok, just fix these in HijackThis and let me know if you still have any problems:

    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
    O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
     
  13. Flags

    Flags Thread Starter

    Joined:
    Sep 9, 2001
    Messages:
    1,930
    Brendan: Thank you very much for your help. I'm sure my friend will appreciate what you have done for her. Thanks again. I'm marking this thread solved.
    If she has any more trouble, I'll call on you again if I may.
     
  14. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/432071

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice