Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

TARGETED pop ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

TARGETED pop ups

Unread postby beljar2 » August 1st, 2007, 2:41 pm

My computer is having pop up problems and I suspect for whatever randon reason that it may be more. Many programs except the C-smitfruad on spy bot detect nothing. After getting a program specificly designed to combat smitfruad in all its evil forms and it doing nothing I gave up on trying to remove it. If you can help me with that great but right now im more worried about the CONSTANT pop ups of random things or whatever the general theme of the web site I would be on. Its blue title bar normaly says TARGETED in caps or is blank in the same type of window also only an exit mark in top corner and when clicked the window fades out unlike normal window boxes that just blink out of existance.



My hijack log

Logfile of HijackThis v1.99.1
Scan saved at 1:50:57 PM, on 8/1/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mt\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmasy\Tmasy.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2324991012
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8808152820
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm
Advertisement
Register to Remove

Unread postby beljar2 » August 2nd, 2007, 8:08 pm

I just noticed that my securiety and priviacy setting were set on as low as they could go and I dont remember doing that ever.
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm

Unread postby Scotty » August 3rd, 2007, 6:26 am

Hi! Welcome to the MWR forums.
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient and I'd be grateful if you would note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Please be patient as my posts to you have to be checked before I reply, so they make take longer.

Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby beljar2 » August 4th, 2007, 1:04 pm

Logfile of HijackThis v1.99.1
Scan saved at 12:05:38 PM, on 8/4/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mt\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinTouch] C:\Program Files\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2324991012
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8808152820
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe











7-Zip 4.42
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Advanced WindowsCare 2.30 Personal
Apple Software Update
ArcSoft VideoImpression 2
Avery® Wizard 2.03 for Microsoft® Word 97
AVI Codec Pack
Azureus Vuze
B.I.S.S. Hosts Manager
CCleaner (remove only)
CoffeeCup Free Zip Wizard
Free Registry Fix 3.10
Google Video Player
HijackThis 1.99.1
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
ImageMate CompactFlash USB (SDDR-31) Ver. 5.04
Java(TM) SE Runtime Environment 6 Update 1
Knight Online
Macromedia Shockwave Player
Microsoft Office 97, Professional Edition
MSXML 4.0 SP2 (KB927978)
NVIDIA Windows 2000/XP Display Drivers
OIN
PCTEL Platinum V.90 Modem
PrintMaster Platinum 4.00
QuickTime
Real Alternative 1.52
Rhapsody Player Engine
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Shockwave
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
StompSoft Registry Repair
The ClueFinders' 4th Grade Adventures
The KMPlayer (remove only)
The Print Shop
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.6b
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinTouch
WinZip
Xvid 1.1.2 final uninstall
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm

Unread postby Scotty » August 6th, 2007, 3:01 pm

Hello beljar

P2P Warning!
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation
Additional information on the safety of Peer to Peer programs themselves is here :
Clean/Infected P2P Programs

You have no anti-virus on your computer. It is important you install one now before we continue with your fix. Check this out for a list of free AV scanners, AVG is highly recommended

A firewall helps keep attackers at bay and keeps malicious processes from 'calling home'. It is important you install one now.
Check this out for a list of free firewalls. Zone Alarm is considered the easiest to use.

Uninstall/delete whatever tool it was used for the Smitfraud infection, even if it was the same tool Im about to ask you to download. This way, Ill know you have the latest version.

Download and Run SmitfraudFix
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Download and Run ComboFix

  • Download this file from below:

    Here
  • Disconnect from the Internet, than disable your anti-virus and any real-time anti-spyware monitors that are running.
  • Then double click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply with a new HijackThis log.

Note 1: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Note 2:Remember to re-enable your anti-virus and anti-spyware before reconnecting to the Internet.

Post back with the Smitfraudfix log, the Combofix log and a new HijackThis log, please.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby Scotty » August 10th, 2007, 7:01 am

Still needing help here?
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby beljar2 » August 10th, 2007, 5:31 pm

In smithfraud fix the old one I havent downloaded the new one I cant find any uninstall program and it is not in add remove programs. Also I havent been on my computer of late because I am moving soon and have been spending my free time cleaning the entire house. Also some web sites that the regular pop ups always seem to take me to are

http://www.heavy.com/?partner=aff60

http://www.broadcaster.com/video/player ... ium=onload

and pcsecurietysheild.com

also since running the fire wall while typing zone alarm said winntouch was trying to access the internet.
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm

Unread postby beljar2 » August 10th, 2007, 5:38 pm

Also a common pop up http://sb.pch.com/ops/billme/aq/05/25-0 ... 204UW4204D

none of these pop ups are the targeted titled pop ups I origionaly talked about I think they might of faded away in a system cleaning program or something. That or one just hasent happened yet. Other than spy bot and smitfraud a virus has yet to be found.
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm

Unread postby Scotty » August 10th, 2007, 5:39 pm

Hi beljar2

There's no uninstaller with Smitfraud fix. Just delete the folder that should be on your Desktop.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby beljar2 » August 10th, 2007, 5:46 pm

Also reciving iexplorer.exe errors registry cleaning programs do nothing to stop it.
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm

Unread postby Scotty » August 10th, 2007, 6:08 pm

Well delete that folder, install the new one and follow the earlier instructions, then I can have a look through the logs. Hopefully, we can have you clean before you move house. :)
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby beljar2 » August 10th, 2007, 6:16 pm

SmitFraudFix v2.210

Scan done at 17:10:29.16, Fri 08/10/2007
Run from C:\Documents and Settings\mt\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\WinTouch\WinTouch.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\Program Files\Grisoft\AVG7\avgwb.dat
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\NOTEPAD.EXE

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mt


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mt\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mt\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components




[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{94524218-9af3-4643-9687-cbc2880e54da}"="fagging"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="kdbzb.exe"

kdbzb.exe detected !
use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: USB Cable Modem Driver 1.12
DNS Server Search Order: 65.32.5.74
DNS Server Search Order: 65.32.5.75

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End





also feel free to tell me of usless deletable programs
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm

Unread postby Scotty » August 10th, 2007, 6:20 pm

Could you do the Combofix instruction too and provide a new HijackThis log, after you have run Combofix.
User avatar
Scotty
Retired Graduate
 
Posts: 4138
Joined: August 4th, 2006, 5:31 am
Location: Haggistown, Kiltland

Unread postby beljar2 » August 12th, 2007, 11:12 am

SmitFraudFix v2.210

Scan done at 10:01:41.50, Sun 08/12/2007
Run from C:\Documents and Settings\mt\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\notepad.exe
C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mt


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\mt\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\mt\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://sailornight.narod.ru/gif/chib/gif_chi9.gif"
"SubscribedURL"="http://sailornight.narod.ru/gif/chib/gif_chi9.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="file:///C:/Documents%20and%20Settings/mt/My%20Documents/Azureus%20Downloads/Ten%20posting!%BF/4Chan%20-%20Alter/Reality/Discord/Distortion!/Siccion/Detonation!/Induration/ZIPPOW/Huh/1142886925363.gif"
"SubscribedURL"="file:///C:/Documents%20and%20Settings/mt/My%20Documents/Azureus%20Downloads/Ten%20posting!%BF/4Chan%20-%20Alter/Reality/Discord/Distortion!/Siccion/Detonation!/Induration/ZIPPOW/Huh/1142886925363.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: USB Cable Modem Driver 1.12
DNS Server Search Order: 65.32.5.74
DNS Server Search Order: 65.32.5.75

HKLM\SYSTEM\CCS\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\..\{56626B40-1408-4E6D-B565-27AC829FA11B}: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=65.32.5.74 65.32.5.75


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



























ComboFix 07-08-12.5 - "mt" 08/12/2007 9:42:09.1 - FAT32x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.106 [GMT -5:00]


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\mt\APPLIC~1.\fnts~1
C:\DOCUME~1\mt\APPLIC~1.\icroso~1.net
C:\Program Files\Common Files\{23461~1
C:\Program Files\Common Files\{23461~2
C:\Program Files\Common Files\{33461~1
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\wintouch
C:\Program Files\wintouch\wintouch.cfg
C:\Program Files\wintouch\WinTouch.exe
C:\Program Files\wintouch\WTUninstaller.exe
C:\WINNT\cnsinfo.dat
C:\WINNT\system32\drivers\core.cache.dsk
C:\WINNT\system32\drivers\core.sys
C:\WINNT\system32\unsvchosts.lzma


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_COM+_MESSAGES
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\core


((((((((((((((((((((((((( Files Created from 2007-07-12 to 2007-08-12 )))))))))))))))))))))))))))))))


2007-08-12 09:50 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_4c8.dat
2007-08-12 09:40 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-09 19:06 4,212 ---h----- C:\WINNT\system32\zllictbl.dat
2007-08-09 19:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
2007-08-09 19:05 75,932 --a------ C:\WINNT\system32\drivers\klick.dat
2007-08-09 19:05 75,248 --a------ C:\WINNT\zllsputility.exe
2007-08-09 19:05 74,396 --a------ C:\WINNT\system32\drivers\klin.dat
2007-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox2.dat
2007-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox.dat
2007-08-09 19:05 11,264 --a------ C:\WINNT\system32\SpOrder.dll
2007-08-09 19:04 110,360 --a------ C:\WINNT\system32\drivers\kl1.sys
2007-08-09 19:03 1,086,952 --a------ C:\WINNT\system32\zpeng24.dll
2007-08-09 19:03 <DIR> d-------- C:\WINNT\system32\ZoneLabs
2007-08-09 19:02 <DIR> d-------- C:\WINNT\Internet Logs
2007-08-08 09:39 270,336 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-08-08 09:39 208,896 --a------ C:\WINNT\system32\wmpns.dll
2007-08-08 09:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Help
2007-08-08 09:27 259,007,198 --a------ C:\WINNT\Untitled.scr
2007-08-07 20:13 <DIR> d-------- C:\xatshow
2007-08-07 20:06 <DIR> d-------- C:\Program Files\xat.com xatshow
2007-08-07 19:45 94,208 --a------ C:\WINNT\system32\ScrUnZip.dll
2007-08-07 19:41 <DIR> d-------- C:\Program Files\My Screensaver Maker
2007-08-06 15:45 26,944 --a------ C:\WINNT\system32\drivers\avg7rsnt.sys
2007-08-06 09:46 <DIR> d-------- C:\FOUND.009
2007-08-01 13:02 76,560 --a------ C:\WINNT\system32\drivers\tmcomm.sys
2007-08-01 13:02 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-31 23:07 <DIR> d-------- C:\FOUND.008
2007-07-26 21:47 19,677 -ra------ C:\WINNT\system32\drivers\xlink.sys
2007-07-17 20:58 <DIR> d-------- C:\Program Files\7-Zip
2007-07-12 13:33 <DIR> d-------- C:\Program Files\AVI Codec Pack
2007-07-12 13:32 <DIR> d-------- C:\WINNT\system32\quicktime
2007-07-12 13:04 155,648 --a------ C:\WINNT\system32\AvidAVICodec.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

07-08-10 17:29 1554 --a------ C:\WINNT\system32\tmp.reg
07-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox2.idx
07-08-09 19:05 32 --ahs---- C:\WINNT\system32\drivers\fidbox.idx
07-07-06 23:55 --------- d-------- C:\Program Files\LimeWire
07-06-25 09:43 --------- d-------- C:\Program Files\Bluetack
07-06-25 09:23 --------- d-------- C:\Program Files\SpywareBlaster
07-06-23 10:59 10412 --a------ C:\dnsbak.reg
07-06-22 21:03 --------- d-------- C:\DOCUME~1\mt\APPLIC~1\TrojanHunter
07-06-22 20:33 --------- d-------- C:\Program Files\TrojanHunter 4.6
07-06-22 18:32 --------- d-------- C:\Program Files\FileMap By BB v405
07-06-22 17:51 --------- d-------- C:\DOCUME~1\mt\APPLIC~1\RegSweep
07-06-22 17:24 --------- d-------- C:\Program Files\New Folder
07-06-21 10:24 --------- d-------- C:\Program Files\Windows Installer Clean Up
07-06-21 10:23 --------- d-------- C:\Program Files\MSECACHE
07-06-13 00:21 --------- d-------- C:\Program Files\Lavasoft
07-06-13 00:10 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
07-06-04 10:37 0 --a------ C:\AUTOEXEC.BAT
03-10-29 21:58 271 ---h----- C:\Program Files\desktop.ini
03-10-29 21:58 21952 ---h----- C:\Program Files\folder.htt
01-05-08 12:00 32528 --a------ C:\WINNT\inf\wbfirdma.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86C510E9-97EF-4749-914F-0280247BE3A6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [03-06-19 14:05 C:\WINNT\system32\mobsync.exe]
"NvCplDaemon"="C:\WINNT\system32\NvCpl.dll" [03-07-28 15:19 ]
"nwiz"="nwiz.exe" [03-07-28 15:19 C:\WINNT\system32\nwiz.exe]
"SandIcon"="C:\ImageMate CompactFlash USB\SandIcon.Exe" [00-11-13 11:36 ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [06-09-01 15:57 ]
"projselector"="C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" [03-01-13 14:15 ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 03:43 ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [07-08-06 15:45 ]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [07-06-21 21:54 ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)
"NoResolveSearch"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"LinkResolveIgnoreLinkInfo"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R0 amd751;AMD AGP Bus Filter;C:\WINNT\system32\DRIVERS\amd751.sys
R1 Avg7RsNT;AVG7 Resident Driver NT;C:\WINNT\system32\Drivers\avg7rsnt.sys
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys
R1 pwd_2k;pwd_2k;C:\WINNT\system32\drivers\pwd_2k.sys
R1 UdfReadr;UdfReadr;C:\WINNT\system32\drivers\UdfReadr.sys
R3 mmc_2K;mmc_2K;C:\WINNT\system32\drivers\mmc_2K.sys
S3 dvd_2K;dvd_2K;C:\WINNT\system32\drivers\dvd_2K.sys
S3 XDva014;XDva014;\??\C:\WINNT\system32\XDva014.sys
S3 XDva016;XDva016;\??\C:\WINNT\system32\XDva016.sys
S3 XDva020;XDva020;\??\C:\WINNT\system32\XDva020.sys
S3 XDva022;XDva022;\??\C:\WINNT\system32\XDva022.sys
S3 xlink;XLink Driver (xlink.sys);C:\WINNT\system32\Drivers\xlink.sys

*Newly Created Service* - IPNAT
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS

Contents of the 'Scheduled Tasks' folder
2007-08-09 00:56:56 C:\WINNT\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-07 14:24:34 C:\WINNT\Tasks\Registry Repair.job - C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe
2007-08-12 08:30:02 C:\WINNT\Tasks\RegSweep Scheduled Scan.job - C:\Program Files\RegSweep\RegSweep.exe
2007-06-27 01:06:42 C:\WINNT\Tasks\Uniblue SpeedUpMyPC.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-06 01:06:02 C:\WINNT\Tasks\Uniblue SpeedUpMyPC Nag.job - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
2007-08-02 08:22:22 C:\WINNT\Tasks\Registry Repair4.job - C:\Program Files\StompSoft\RegistryRepair4\Registry Repair.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-12 09:50:44
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-12 9:53:37 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 07-08-12 09:53

--- E O F ---
















7-Zip 4.42
Ad-Aware 2007
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Advanced WindowsCare 2.30 Personal
Apple Software Update
ArcSoft VideoImpression 2
Avery® Wizard 2.03 for Microsoft® Word 97
AVG 7.5
AVI Codec Pack
Azureus Vuze
B.I.S.S. Hosts Manager
CCleaner (remove only)
CoffeeCup Free Zip Wizard
Google Video Player
HijackThis 1.99.1
Hotfix for MDAC 2.53 (KB911562)
Hotfix for MDAC 2.53 (KB927779)
ImageMate CompactFlash USB (SDDR-31) Ver. 5.04
Java(TM) SE Runtime Environment 6 Update 1
Macromedia Shockwave Player
Microsoft Office 97, Professional Edition
MSXML 4.0 SP2 (KB927978)
My Screensaver Maker 4.52
NVIDIA Windows 2000/XP Display Drivers
OIN
PCTEL Platinum V.90 Modem
PrintMaster Platinum 4.00
QuickTime
Real Alternative 1.52
Rhapsody Player Engine
Scientific Atlanta WebSTAR 2000 series Cable Modem
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Shockwave
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
StompSoft Registry Repair
The ClueFinders' 4th Grade Adventures
Update Rollup 1 for Windows 2000 SP4
VideoLAN VLC media player 0.8.6b
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB922616
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925454
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinZip
xat.com xatshow
Xvid 1.1.2 final uninstall
ZoneAlarm
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm

Unread postby beljar2 » August 12th, 2007, 11:16 am

Just in case you meant this kind of hijackthis log.\



Logfile of HijackThis v1.99.1
Scan saved at 10:25:51 AM, on 8/12/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mt\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {86C510E9-97EF-4749-914F-0280247BE3A6} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug ... porter.cab?
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net ... taller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2324991012
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8808152820
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
beljar2
Regular Member
 
Posts: 17
Joined: June 22nd, 2007, 9:06 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 24 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware