1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Intcodec hijack! Please help!

Discussion in 'Virus & Other Malware Removal' started by AURORA1, Aug 9, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. AURORA1

    AURORA1 Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    3
    Hello Tech Support Guy team! This is my first time to post here. I have not had any viruses or malware in almost a year. My brother's PC had a memory stick crash and he has been using my PC temporarily. Today my browser is hijacked. I asked him what he did and luckily he saved the downloaded file before installing. I have already done some cleaning out and hope this will not confuse you. Here is the file he installed (attached) maybe it will ward off a few people and also maybe you can check it out to see what all it has in it. I have already installed hijackthis and Smitfraudfix. Please help me remove this hijack and also I have everything in startup turned on. If you see anything I dont need or dont need to run in start up please let me know. I dont like anything running in startup but i usually just turn them off with msconfig. Is there another way? Ok, here are my logs.

    Logfile of HijackThis v1.99.1
    Scan saved at 6:50:43 PM, on 8/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\IntCodec\isamonitor.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\Corsair Memory\Corsair Memory Dashboard\md.exe
    C:\Program Files\IntCodec\pmmon.exe
    C:\Program Files\Electronic Arts\EA Downloader\Core.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\IntCodec\isamini.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www,aol.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - C:\Program Files\IntCodec\isaddon.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [Corsair Memory Dashboard] "C:\Program Files\Corsair Memory\Corsair Memory Dashboard\md.exe" /AUTOLOAD
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\system32\viruxz.dll
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    SmitFraudFix v2.81

    Scan done at 18:51:36.00, Wed 08/09/2006
    Run from C:\Documents and Settings\Robert Bledsoe\My Documents\Downloaded Programs\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\viruxz.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Robert Bledsoe\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ROBERT~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\IntCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi and welcome to TSG! :)


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Run the SmitfraudFix:
    • Open the SmitfraudFix folder again and double-click the smitfraudfix.cmd file.
    • Select option #2 - Clean by typing 2 and press "Enter" to delete the infected files.
    • You will receive this prompt:
      • "Registry cleaning - Do you want to clean the registry ?"
    • Answer "Yes" by typing Y and press "Enter" and it will begin cleaning the infection.
    • Next the tool will check to see if wininet.dll is infected.
    • You may be prompted to replace the infected wininet.dll file if it is found.
    • Answer "Yes" by typing Y and press "Enter".
    • The tool may need to restart your computer to finish the cleaning process.
    • If it doesn't restart your computer automatically when it is finished, restart it back to Windows normally yourself.
    • A text file will appear onscreen, with results from the cleaning process.
    • Copy and paste the contents of that report into your next reply to this thread along with a new Hijack This log.
    • If the report doesn't open after you restart back to Windows normally, the report can be found at the root of the system drive, usually C:\rapport.txt.

    * Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
     
  3. AURORA1

    AURORA1 Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    3
    Seems to have worked lost my desktop background but no biggie there. Ok here are my reply lists and logs.

    SmitFraudFix v2.81

    Scan done at 22:38:22.65, Wed 08/09/2006
    Run from C:\Documents and Settings\Robert Bledsoe\My Documents\Downloaded Programs\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\viruxz.dll -> Hoax.Win32.Renos.gen.bHoax.Win32.Renos.gen.c
    C:\WINDOWS\system32\viruxz.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\Program Files\IntCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:07 PM, on 8/9/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\dvd43\dvd43_tray.exe
    C:\Program Files\Corsair Memory\Corsair Memory Dashboard\md.exe
    C:\Program Files\Electronic Arts\EA Downloader\Core.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"
    O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
    O4 - HKLM\..\Run: [Corsair Memory Dashboard] "C:\Program Files\Corsair Memory\Corsair Memory Dashboard\md.exe" /AUTOLOAD
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    3DMark05
    3DMark06
    Adobe Flash Player 9 ActiveX
    Adobe Reader 7.0.5 Language Support
    Adobe Reader 7.0.8
    AlienGUIse
    Battlefield 2(TM)
    Battlefield 2: Special Forces
    Click'N Design 3D (V5)
    Corsair Memory Dashboard v1.00
    DigitalPersona Password Manager 1.0.1
    DVD X Copy Platinum 4.0.3
    DVD X Rescue
    DVD43 v3.7.0
    EA downloader
    EPSON Printer Software
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Internet Explorer Security Plugin 2006
    Internet Security Add-On
    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    LimeWire PRO 4.9.28
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Word 2000 SR-1
    Nero 7 Demo
    Nero Suite
    NVIDIA Drivers
    NVIDIA nTune
    NVIDIA WDM Drivers
    PowerDVD
    Public Messenger ver 2.03
    Real Alternative 1.46
    Realtek AC'97 Audio
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893066)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896422)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB896688)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899588)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB905915)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB908531)
    Security Update for Windows XP (KB911280)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912812)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913446)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB921883)
    Spybot - Search & Destroy 1.4
    Theme Manager
    Update for Windows XP (KB894391)
    Update for Windows XP (KB896727)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB916595)
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2

    Also I play BF2 all the time and would like to minimize as much as possible stuff running in background!
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I apologize for not getting back to you sooner. My son was admitted to the hospital early yesterday morning with a mysterious infection. I have been unable to be online until now. I don't know how prompt I will be with my replies for the next few days, but I will do my best to reply a quickly as possible.

    The desktop change is normal. You should be able to reset it to what you want now.

    * Go to Add/Remove programs and uninstall these old versions of Java:

    J2SE Runtime Environment 5.0 Update 3
    J2SE Runtime Environment 5.0 Update 4



    * Run ActiveScan online virus scan here

    When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from ActiveScan
     
  5. AURORA1

    AURORA1 Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    3
    No problem!! Hope your son gets well soon! Ok here is the activescan and HJT logs.


    Incident Status Location

    Adware:adware/dyfuca Not disinfected c:\windows\wsem303.dll
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][2].txt
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][2].txt
    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][2].txt
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][1].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][1].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][1].txt
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][2].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][1].txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][2].txt
    Spyware:Cookie/Safetyhomepage Not disinfected C:\Documents and Settings\Robert Bledsoe\Cookies\robert [email protected][1].txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Robert Bledsoe\My Documents\Downloaded Programs\SmitfraudFix\SmitfraudFix\Process.exe

    Logfile of HijackThis v1.99.1
    Scan saved at 1:09:26 AM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\DigitalPersona\Bin\DPWinLct.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    C:\Program Files\AlienGUIse\wbload.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft IntelliType Pro\type32.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [DPAgnt] C:\Program Files\DigitalPersona\Bin\DPAgnt.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O20 - Winlogon Notify: DPWLN - C:\WINDOWS\System32\DPWLEvHd.dll
    O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DPFUSMgr.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHost.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Click here to download ATF Cleaner by Atribune and save it to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
      • If you use Firefox:
        • Click Firefox at the top and choose: Select All
        • Click the Empty Selected button.
        • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
      • If you use Opera:
        • Click Opera at the top and choose: Select All
        • Click the Empty Selected button.
          [*]NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.


    * Click Here and download Killbox and save it to your desktop.

    * Double-click on Killbox.exe to run it.
    • Put a tick by Delete on Reboot.
    • In the "Full Path of File to Delete" box, copy and paste the following line:

      c:\windows\wsem303.dll

    • Click on the button that has the red circle with the X in the middle.
    • It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
    • Click Yes and let the computer reboot.
    * After it reboots, go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

    Note: You have to use Internet Explorer to do the online scan.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490921

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice