Hijack this log. Need major help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Working on a lady's PC with scads of crap on it. I have run 2 antivirus programs, Adaware, Spybot, Ewido, Panda and it's still full. Please help me.

Logfile of HijackThis v1.99.1
Scan saved at 7:06:51 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\smncs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\AOL\1135556469\ee\aolsoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\banmanpro.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Lorraine\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
F3 - REG:win.ini: load=C:\AIM\dtect16.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\pmkjk.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvvt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 328512625
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: awvvt - awvvt.dll (file missing)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service 8 (Service Filter) - Unknown owner - C:\WINDOWS\smncs.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Jul 8, 2002
Messages
14,681
  • Please save or print these instructions for use in Safe Mode.
  • Save HijackThis to a permanent folder such as the Desktop.
  • Save VundoFix.exe to your Desktop.
  • Double-click VundoFix.exe. This will create a folder called VundoFix.
  • Start your computer in Safe Mode.
  • Open the VundoFix folder and double-click KillVundo.bat
  • You will first be presented with a warning that looks like this:
    VundoFix V2.15 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....
  • Press Enter once to continue.
  • Next you will see:
    Please Type in the filepath as instructed by the forum staff
    and then press enter:
  • Type the following file path exactly as it appears below:
    • C:\WINDOWS\system32\pmkjk.dll
  • Press Enter to continue with the fix.
  • Next you will see:
    Please type in the second filepath as instructed by the forum
    staff then press enter:
  • Type the following file path exactly as it is written below:
    • C:\WINDOWS\system32\kjkmp.*
  • Press Enter to continue.
  • If you have a script blocker running, you may get a warning about a malicious
    script. Allow the script to run.
  • At this point, HijackThis should open. If not, run HijackThis manually.
  • In HijackThis, put a check next to these entries and click Fix Checked:
    • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\pmkjk.dll[*]O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
  • Exit HijackThis.
  • Press Enter to exit the program.
  • Manually restart your computer by holding the power button down for about 5 seconds, then turning it back on.
    • Your computer may scan your disk for errors and take longer than normal to boot up. This is normal.
  • Download and install CleanUp!.
  • Click Options....
  • Move the arrow down to Custom CleanUp!.
  • Make sure only these options are checked:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch Files
    • Cleanup! All Users
  • Click OK then CleanUp!.
  • Choose No if asked to reboot your computer.
  • Run Kaspersky Online Scanner. Copy and paste the results here.
  • Post the contents of vundofix.txt from the VundoFix folder.
  • Post a new HijackThis log.
--Instructions generated by VundoFix.php
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Thanks for the Quick come-back Brendan. I working on it.
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Here you go Brendan.

VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\pmkjk.dll

The second filepath entered was C:\WINDOWS\system32\kjkmp.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 148 'smss.exe'

Killing PID 780 'explorer.exe'
Killing PID 780 'explorer.exe'
Killing PID 780 'explorer.exe'
Killing PID 780 'explorer.exe'


Killing PID 224 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\system32\pmkjk.dll Deleted sucessfully.
C:\WINDOWS\system32\kjkmp.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------

Kapersky log
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 07, 2006 20:42:24
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 8/01/2006
Kaspersky Anti-Virus database records: 159441
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 33497
Number of viruses found: 9
Number of infected objects: 164
Number of suspicious objects: 0
Duration of the scan process: 2421 sec

Infected Object Name - Virus Name
C:\drsmartloadb.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\Program Files\Norton AntiVirus\Quarantine\016D70F2 Infected: Trojan-Proxy.Win32.Ranky.bp
C:\Program Files\Norton AntiVirus\Quarantine\092309CF.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\10165AC5 Infected: Backdoor.Win32.SdBot.aad
C:\Program Files\Norton AntiVirus\Quarantine\10573D29.exe Infected: IM-Worm.Win32.Opanki.af
C:\Program Files\Norton AntiVirus\Quarantine\12010666 Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\12FD2894 Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\18E0218D.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\1A5C00B8 Infected: Email-Worm.Win32.Bagle.ct
C:\Program Files\Norton AntiVirus\Quarantine\204A5A32.exe Infected: Backdoor.Win32.SdBot.aad
C:\Program Files\Norton AntiVirus\Quarantine\29E17A63 Infected: Backdoor.Win32.SdBot.aad
C:\Program Files\Norton AntiVirus\Quarantine\3AC71E0F.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\4C484E87 Infected: Backdoor.Win32.SdBot.aad
C:\Program Files\Norton AntiVirus\Quarantine\504968A1 Infected: Backdoor.Win32.SdBot.aad
C:\Program Files\Norton AntiVirus\Quarantine\5357599E Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\5365018F Infected: Trojan-Downloader.Win32.Small.bke
C:\Program Files\Norton AntiVirus\Quarantine\53992156 Infected: Backdoor.Win32.SdBot.aad
C:\Program Files\Norton AntiVirus\Quarantine\57395470.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\5E2B6958 Infected: Backdoor.Win32.SdBot.aad
C:\Program Files\Norton AntiVirus\Quarantine\625B6318 Infected: Trojan-Downloader.Win32.Small.bke
C:\Program Files\Norton AntiVirus\Quarantine\6EAF2A63.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\79BE135A.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Program Files\Norton AntiVirus\Quarantine\7B3E5DB5 Infected: Backdoor.Win32.SdBot.aad
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0374883.dll Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376040.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376041.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376042.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376043.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376044.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376045.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376046.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376047.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376048.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376049.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376050.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376051.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376052.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376053.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376054.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376055.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376056.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376057.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376064.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376065.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376066.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376067.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376068.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376069.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376070.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376071.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376072.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376073.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376074.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376075.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376076.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376077.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376078.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376079.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376080.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376120.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376121.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376122.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376123.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376124.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376125.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376126.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376127.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376128.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376129.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376130.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376131.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376132.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376133.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376134.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376135.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376136.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376137.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376138.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376142.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376143.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376144.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376145.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376146.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376148.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376150.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376152.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376153.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376154.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376155.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376156.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376157.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376158.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376159.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376160.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376164.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376165.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376166.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376167.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376168.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376169.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376170.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376171.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376172.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376173.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376174.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376175.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376176.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0376177.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0377184.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0377186.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0377188.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378182.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378183.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378184.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378185.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378187.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378188.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378189.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378190.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378191.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378192.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378193.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378194.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378195.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378196.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378197.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378198.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378199.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378209.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378210.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378211.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378212.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378213.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378215.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378217.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378219.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378220.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378221.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378222.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378223.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378224.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378225.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378226.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378227.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378228.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378234.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378235.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378236.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378237.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378238.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378239.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378240.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378241.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378242.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378243.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378244.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378245.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378246.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378247.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378248.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\System Volume Information\_restore{38DB35C4-2B64-4801-8BA8-0742E1066340}\RP632\A0378249.DLL Infected: Trojan-Downloader.Win32.ConHook.w
C:\WINDOWS\banmanpro.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\enewsletterpro.exe Infected: Trojan.Win32.StartPage.aha
C:\WINDOWS\smncs.exe Infected: Backdoor.Win32.SdBot.aad

Scan process completed.

Hijack log to follow
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
New Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 8:52:09 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
C:\windows\banmanpro.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\smncs.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Lorraine\Desktop\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
F3 - REG:win.ini: load=C:\AIM\dtect16.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvvt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 328512625
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Sony Corporation - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service 8 (Service Filter) - Unknown owner - C:\WINDOWS\smncs.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Jul 8, 2002
Messages
14,681
Save KillBox to your Desktop

Run HijackThis and click Do a system scan only
Put a checkmark next to any of the following entries that appear, and click Fix Checked:

O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINDOWS\system32\awvvt.dll (file missing)
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [0sis0ijw.dll] RUNDLL32.EXE 0sis0ijw.dll,b 328512625
O4 - HKLM\..\Run: [ErrorSafe] C:\Program Files\ErrorSafe\ers.exe /scan
O4 - HKLM\..\Run: [enewsletterpro] C:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [banmanpro] C:\windows\banmanpro.exe


Run KillBox and select Delete on Reboot
Copy this list of file and folder locations:

C:\Program Files\Zango Programs\
0sis0ijw.dll
C:\Program Files\ErrorSafe\
C:\windows\enewsletterpro.exe
C:\windows\banmanpro.exe
Go to File>>Paste from clipboard. Click All Files
Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
C:\WINDOWS\smncs.exe
Exit HijackThis
Disable System Restore

Enable System Restore

Run HijackThis and click Do a system scan and save a log file
Your HijackThis log will open in Notepad. Post the contents of the log here

And let me know if you're still having problems.
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Brendan: Ran into a snag. Got a Warning: Pending file rename operations registry data has been removed by external process.
What do I do?
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Brendan: Ilost my internet on the infected machine.
Windows cannot find--Whoa, I just got it back
Log follows.
 
Joined
Jul 8, 2002
Messages
14,681
If you're still having internet problems:

Save LSPFix to your Desktop
Run LSPFix and check I know what I'm doing
Click Finish>> and exit LSPFix
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
I ran Killbox in safe mode and I got rid of those 4 files, I think. I don't understand what you mean by the lines following the WARNING: Your computer will be restarted etc.
To wit: C:\WINDOWS\smnce.exe
Exit Hijack this.
I disabled and then renabled System Restore.
Anyway here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 9:51:30 PM, on 1/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
F3 - REG:win.ini: load=C:\AIM\dtect16.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1135556469\ee\AOLSoftware.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA499} - https://activation.alltel.com/wizlet/ALLTEL/static/controls/WebflowActiveXInstaller_2-0-0.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - Unknown owner - C:\Program Files\ewido anti-malware\ewidoctrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Service 8 (Service Filter) - Unknown owner - C:\WINDOWS\smncs.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (file missing)
 
Joined
Jul 8, 2002
Messages
14,681
Ok, just fix these in HijackThis and let me know if you still have any problems:

O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - (no file)
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll (file missing)
 

Flags

Thread Starter
Joined
Sep 9, 2001
Messages
1,930
Brendan: Thank you very much for your help. I'm sure my friend will appreciate what you have done for her. Thanks again. I'm marking this thread solved.
If she has any more trouble, I'll call on you again if I may.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top