issadon.dll, help please

Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
I know Im stupid, sad thing is I knew better and still d/l the stupid active x file and I cant remove it so far through any means.

I tried to delete using add/remove - tells me to reboot first, lol
Trying to run different apps, Symantic/Microsoft - so far to no luck.

here is my Hijack thing I see you all told others to post:

Logfile of HijackThis v1.99.1
Scan saved at 5:19:04 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\downloads\Windows-KB890830-V1.24.exe
c:\f725635a59160c3387cd49f45a87ce26\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\downloads\FixAdix.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?

LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0

\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton

AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar3.dll
O2 - BHO: LosAngeles-Dodgers.net - {CD292324-974F-4224-D464-C4CA4244E732} - C:\PROGRA~1

\LOSANG~1.NET\Toolbar\Toolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common

Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet

Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: LosAngeles-Dodgers.net - {CD292324-974F-4224-D464-C4CA4244E732} - C:\PROGRA~1

\LOSANG~1.NET\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX

Object\iesplugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

(file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) -

https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) -

http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -

http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134506596156
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft

Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program

Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program

Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program

Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton

Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton

AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec

Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-

LC\symlcsvc.exe



All help is greatly appreciated, Thank you.
 

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
Here is my SmitFraudFix file:

SmitFraudFix v2.132

Scan done at 17:37:49.68, Tue 01/09/2007
Run from C:\Documents and Settings\Fred\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fred


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fred\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Fred\FAVORI~1

C:\DOCUME~1\Fred\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
 

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
uninstall list as well using hijack this:

AAA Logo 1.21
Adobe Reader 6.0.1
American Conquest - Divided Nation
Apple Software Update
Applet Headline Factory
Applet Marquee Wizard
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Bowl Bound College Football
Bowl Bound College Football Demo
Bowl Bound College Football Update 1.03
Bowl Bound College Football Update 1.04
Bowl Bound College Football Update 1.1
Bowl Bound College Football Update 1.51
CC_ccProxyExt
ccCommon
ccPxyCore
ChoiceMail Free 3.1
Cinemaware Marquee\Space Rangers 2
CivCity
CoffeeCup Direct FTP
CoffeeCup Flash Button Factory - Registered
CoffeeCup Flash Firestarter
CoffeeCup Flash Password Wizard
CoffeeCup HTML Editor 2006
CoffeeCup LockBox
Company of Heroes
Conexant AC-97 Audio
Conexant Data Fax Modem with SmartCP
Easy Internet Sign-up
Front Office Football 2007
Glory of the Roman Empire
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
Hijackthis 1.99.1
HijackThis 1.99.1
Horizons
Horizons Crafting Calculator
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Software Update
HP Wireless Assistant 1.01 A2
IGN Download Manager 2.2.2
Internet Explorer Security Plugin 2006
Internet Security Add-On
InterVideo WinDVD
iPod for Windows
iTunes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
LiveUpdate 3.0 (Symantec Corporation)
LosAngeles-Dodgers.net
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ .NET Standard 2003 - English
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Web Publishing Wizard 1.52
Microsoft Works
MSRedist
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
muvee autoProducer 4.0 - SE
NetZero For Riverdeep
NFL Head Coach
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
OOTP Baseball 2006
Public Messenger ver 2.03
PureSim Baseball 2007
Quick Launch Buttons 5.10 A2
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SPBBC
Starters Orders 2
Stronghold 2
Synaptics Pointing Device Driver
System Alert Popup
TeamSpeak 2 RC2
Texas Instruments PCIxx21/x515 drivers.
The Map Pack
The Print Shop 21
Total Pro Football
Total Pro Golf
Trillian
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Video ActiveX Object 2.07
Viewpoint Media Player
WD Backup
WD Firewire HID Driver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Worldwide Soccer Manager 2006
X3: Reunion v2.0.0
You've Got Gmail!
Zone Deluxe Games
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, You ran SmitFraudFix in Normal Mode....we usually post it to be used in Safe Mode,here are the steps we normally post, just let me know if you could not boot to Safe Mode.

I DO want you to run through this procedure again....

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm[/
Download AVG Anti-Spyware from HERE and save that file to your desktop.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.


  1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
  2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
  4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  5. Note: If you cannot access the internet with the infected PC, or you are having problems updating, you can download the signatures file from here.
    Once you have installed AVG A-S, double click avgas-signatures-full-current.exe to update it.
  6. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  7. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
    • Disabling the Resident Shield:

      By default the Resident Shield is active but as it may interfere with the process of cleaning your PC, it will need to be disabled.
      (When the PC has been cleaned you can activate the shield again, if you wish.)
      Click the Shield icon at the top and under "Resident shield is..." - click active.
      This should now change to inactive.
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.



  1. Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.

    Boot into Safe Mode:

    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

    Perform the following steps in safe mode:

    1. IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    2. Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    5. If you have any infections you will prompted, then select "Apply all actions"
    6. Next select the "Reports" icon at the top.
    7. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    8. Close AVG Anti-Spyware .
    While in Safe Mode, double-click on SmitfraudFix.exe

    **If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.

    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    * Go to Control Panel > Internet Options. Click on the Programs tab, then click the "Reset Web Settings" button. Click Apply then OK.

    * Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" Delete everything except for "My Current Home Page". Click OK then Apply and OK.

    HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Post the Smitfraudfix log, AVG report, and Panda log please. Attach any to your post if it's too long to fit in one reply.
 

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
SmitFraudFix v2.132

Scan done at 20:12:36.14, Tue 01/09/2007
Run from C:\Documents and Settings\Fred\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fred


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Fred\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Fred\FAVORI~1

C:\DOCUME~1\Fred\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Object\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


***** this is from SAFE MODE
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Do all the steps in my last reply, then post the logs. Pick a time when you can get through it.

First, save the directions so you can have them to read and refer to while in Safe Mode. Copy and paste them to a Notepad text file, name it something like steps.txt and save on the desktop.
Or, print them.

Get the downloads, install AVG using the guide, and update it, but don't scan, we boot to Safe Mode for that...

There are 2 parts to SmitfraudFix---, follow the steps in order, save the logs, then Panda scan, and finally Hijackthis and post it all.

I will probably be online tomorrow evening.
 

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:53:12 AM 1/10/2007

+ Scan result:



C:\Program Files\Video ActiveX Object -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\iesplugin.dll -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\iesuninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\isaddon.dll -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\isamini.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\isamonitor.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\isauninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\ot.ico -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\pmmon.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\pmsngr.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\pmuninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\ts.ico -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Video ActiveX Object\uninst.exe -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2149554714-2746529733-3249006678-1006\Software\Internet Security -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2149554714-2746529733-3249006678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2149554714-2746529733-3249006678-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\Documents and Settings\Fred\Cookies\fred@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ge.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@sportingnews.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@thomsoneducationdirect.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@reciperewards.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@news.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@e-2dj6wflickazckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@e-2dj6wfloegdzsco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@e-2dj6wflyohdzafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@e-2dj6wjk4gmdzsdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@e-2dj6wjkyamc5akq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-bestwestern.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-countryhomeproducts.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-directv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-espn.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-foxsports.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-fredericks.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-gaiam.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-gamespot.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-hollywoodmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-ignitemedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-ipm.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-learningco.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-linksys.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-oreilly.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-phe.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-pizzahut.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-rivals.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-sigames.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-speakeasy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-thehuddle.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-verizon.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-verizoncommunications.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-verizonwireless.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-viacom.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-westwoodcollege.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-y2m.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg-zoomerang.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@paycounter[2].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@stats2.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter10.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter12.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter15.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter4.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@sextracker[1].txt -> TrackingCookie.Sextracker : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ads.scot.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@oz.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@scot.valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Fred\Cookies\fred@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.


::Report end
 

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
SmitFraudFix v2.132

Scan done at 6:17:23.48, Wed 01/10/2007
Run from C:\Documents and Settings\Fred\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Fred\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
 

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
Incident Status Location

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Fred\Cookies\fred@adultfriendfinder[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Fred\Cookies\fred@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Fred\Cookies\fred@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Fred\Cookies\fred@atwola[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Fred\Cookies\fred@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Fred\Cookies\fred@bravenet[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Fred\Cookies\fred@ccbill[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Fred\Cookies\fred@ct.360i[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Fred\Cookies\fred@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Fred\Cookies\fred@dist.belnk[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Fred\Cookies\fred@entrepreneur[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Fred\Cookies\fred@go[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Fred\Cookies\fred@landing.domainsponsor[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Fred\Cookies\fred@media.adrevolver[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Fred\Cookies\fred@offeroptimizer[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Fred\Cookies\fred@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Fred\Cookies\fred@searchportal.information[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Fred\Cookies\fred@seeq[1].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Fred\Cookies\fred@systemdoctor[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Fred\Cookies\fred@target[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Fred\Cookies\fred@toplist[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Fred\Cookies\fred@webpower[2].txt
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Fred\Cookies\fred@www.systemdoctor[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Fred\Cookies\fred@www2.addfreestats[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Fred\Cookies\fred@www48.seeq[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Fred\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\downloads\SmitfraudFix.zip[SmitfraudFix/Process.exe]
 

ensto

Thread Starter
Joined
Jan 9, 2007
Messages
8
ogfile of HijackThis v1.99.1
Scan saved at 10:54:22 AM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\My Book\WD Backup\uBBMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: LosAngeles-Dodgers.net - {CD292324-974F-4224-D464-C4CA4244E732} - C:\PROGRA~1\LOSANG~1.NET\Toolbar\Toolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: LosAngeles-Dodgers.net - {CD292324-974F-4224-D464-C4CA4244E732} - C:\PROGRA~1\LOSANG~1.NET\Toolbar\Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O16 - DPF: {12F7F128-B36C-4843-8AA4-A5F71A969331} (Launcher Control) - https://horizons.istaria.com/controls/launcher.ocx
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.2.89.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134506596156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
 

Byteman

Gone but Never Forgotten
Joined
Jan 24, 2002
Messages
17,742
Hi, Good work! Run Hijackthis, put a check next to:

O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll (file missing)

Next, in Windows Explorer, find and

Delete the folder C:\Program Files\Video ActiveX Object


Restart the computer.

Post one last Hijackthis log.

The next thing you must do is turn off System Restore to remove infected Restore Points. You would not want to put back the malware you just removed, and System Restore backs up bad items, so do these steps:

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.Wait for hourglass to stop and it says
"Turned Off"

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
 
Status
This thread has been Locked and is not open to further replies. The original thread starter may use the Report button to request it be reopened but anyone else with a similar issue should start a New Thread. Watch our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Top