Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 28.8.2025 / 19:15
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > major virus problems help!!!!
Show topics
 
Forums
Forums
Major virus problems HELP!!!!
  Jump to:
 
Posted Message
blb061803
Suspended due to non-functional email address
_ 		24. October 2006 @ 17:17 _ Link to this message    Send private message to this user   
I have ran Ad-Aware and Spybot s&d. Here is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:13:19 PM, on 10/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\ICROSO~1.NET\smss.exe
C:\Documents and Settings\jjjjjjjj\Application Data\?ecurity\w?nspool.exe
C:\Windows\Twain_32\ScanWiz5\SDII.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Program Files\Olympus\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\jjjjjjjj\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7FD09661-2CA6-1706-D7BD-56A7025BE691} - C:\WINDOWS\system32\jvzdjf.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\tynxmvtt.dll (file missing)
O2 - BHO: (no name) - {3CF049B6-5383-4567-978D-3DCCA8F357B3} - C:\WINDOWS\system32\mllli.dll (file missing)
O2 - BHO: (no name) - {3D28D3A3-5D2E-974C-EB2D-01F85300CC8C} - C:\WINDOWS\system32\uhbigwc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7FD09661-2CA6-1706-D7BD-56A7025BE691} - C:\WINDOWS\system32\jvzdjf.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll
O2 - BHO: (no name) - {C742E521-A13C-11D9-B343-00B0C0E16668} - C:\WINDOWS\SYSTEM32\OOAH.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [fxbomx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fxbomx.dll,hfnitid
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\PROGRA~1\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Otsu] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Bmnihuqy] C:\Documents and Settings\jjjjjjjj\Application Data\?ecurity\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\Twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\WordPerfect Office 11\Programs\GLCOM97.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O20 - Winlogon Notify: mllli - C:\WINDOWS\system32\mllli.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjnr32 - winjnr32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		24. October 2006 @ 20:55 _ Link to this message    Send private message to this user   
Kind of overrun with logs since there's not much help around here, but you're very infected so I'll try to help. :)

Download ComboFix.exe to the desktop from here
Open ComboFix.exe and follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick ComboFix's window while it's running, it may cause it to stall.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
blb061803
Suspended due to non-functional email address
_ 		25. October 2006 @ 15:06 _ Link to this message    Send private message to this user   
COMBOFIX LOG:

jjjjjjjj - 06-10-25 18:00:22.75 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\Program Files\Safety Bar
C:\WINDOWS\system32\components
C:\Program Files\Common Files\{07D10310-035F-1033-1107-010719000001}

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
C:\QooBox\Purity\Program Files\Common Files\FNTS~1
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET\?icrosoft.NET
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET\smss.exe
C:\QooBox\Purity\Documents and Settings\jjjjjjjj\Application Data\ECURIT~1
C:\QooBox\Purity\Documents and Settings\jjjjjjjj\Application Data\ECURIT~1\w?nspool.exe


((((((((((((((((((((((((((((((( Files Created from 2006-09-25 to 2006-10-25 ))))))))))))))))))))))))))))))))))


2006-10-24 18:03 73,216 ---h----- C:\WINDOWS\svchost.exe
2006-10-20 12:42 20,096 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AnyDVD.sys
2006-10-19 23:03 778,656 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7core.sys
2006-10-19 23:03 4,992 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgtdi.sys
2006-10-19 23:03 4,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsw.sys
2006-10-19 23:03 27,904 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avg7rsxp.sys
2006-10-19 23:03 23,104 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\avgmfrs.sys
2006-10-19 21:31 67,604 --a------ C:\WINDOWS\SYSTEM32\qbigfgis.exe
2006-10-19 21:31 131,072 --a------ C:\WINDOWS\SYSTEM32\jvzdjf.dll
2006-10-18 20:52 2 --a------ C:\WINDOWS\SYSTEM32\wnscpsv.exe
2006-10-18 20:51 94,208 --a------ C:\WINDOWS\SYSTEM32\fxbomx.dll
2006-10-18 20:51 72,704 --a------ C:\WINDOWS\SYSTEM32\uhbigwc.dll
2006-10-06 23:13 515,102 ---hs---- C:\WINDOWS\SYSTEM32\illlm.bak2
2006-10-05 22:08 524,224 ---hs---- C:\WINDOWS\SYSTEM32\illlm.bak1
2006-10-05 22:08 143,380 --a------ C:\WINDOWS\SYSTEM32\jcmnnhha.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-24 23:20 85 ---hs---- C:\Documents and Settings\jjjjjjjj\Application Data\.zreglib
2006-10-24 22:55 433 --a------ C:\AUTOEXEC.BAT
2006-10-24 20:25 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-24 20:25 -------- d-------- C:\Documents and Settings\jjjjjjjj\Application Data\Mozilla
2006-10-21 15:28 -------- d-------- C:\Program Files\Zone Labs
2006-10-21 15:08 -------- d-------- C:\Program Files\Ultimate Cleaner
2006-10-19 23:20 -------- d-------- C:\Program Files\a-squared Free
2006-10-19 23:03 -------- d-------- C:\Documents and Settings\jjjjjjjj\Application Data\AVG7
2006-10-19 23:02 -------- d-------- C:\Program Files\Grisoft
2006-10-06 22:22 73216 ---h----- C:\Program Files\Common Files\svchost.exe
2006-09-14 19:31 -------- d-------- C:\Program Files\DVDFab Decrypter 3
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\SYSTEM32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\SYSTEM32\fltMc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\SYSTEM32\6to4svc.dll
2006-07-30 23:49 278528 --a------ C:\WINDOWS\SYSTEM32\migicons.exe
2006-07-30 23:37 62 --ahs---- C:\Documents and Settings\jjjjjjjj\Application Data\desktop.ini
2006-07-27 08:24 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-07-21 15:59 495 --a------ C:\Documents and Settings\jjjjjjjj\Application Data\dw.log


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"AnyDVD"="C:\\PROGRA~1\\SlySoft\\AnyDVD\\AnyDVD.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Otsu"="\"C:\\PROGRA~1\\COMMON~1\\ICROSO~1.NET\\smss.exe\" -vt yazb"
"Bmnihuqy"="C:\\Documents and Settings\\jjjjjjjj\\Application Data\\?ecurity\\w?nspool.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"fxbomx.dll"="C:\\WINDOWS\\system32\\rundll32.exe C:\\WINDOWS\\system32\\fxbomx.dll,hfnitid"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"RAM Idle Professional"="C:\\Program Files\\RAM Idle LE\\RAM_XP.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=hex:00,00,00,00
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"svchost.exe"="C:\\WINDOWS\\svchost.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"CDRAutoRun"=hex:00,00,00,00
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000000
"CDRAutoRun"=hex:00,00,00,00
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"SYSWB6"="SYSWB6"
"OEMCleanup"="C:\\WINDOWS\\OPTIONS\\OEMRESET.EXE"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"Soundmx"="\\soundmx.exe"
"Bart Station"="C:\\Program Files\\ISP50\\BIN\\PPCOLink -STATION"
"mdac_runonce"="C:\\WINDOWS\\SYSTEM32\\RUNONCE.EXE"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM32\\STIMON.EXE"
"sp"="rundll32 C:\\WINDOWS\\TEMP\\SE.DLL,DllInstall"
"LoadQM"="loadqm.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mllli
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjnr32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\Scan For Viruses.job

Completion time: 06-10-25 18:01:54.34
C:\ComboFix.txt ... 06-10-25 18:01
[ + quote]
Niobis
Senior Member
_ 		25. October 2006 @ 21:23 _ Link to this message    Send private message to this user   
I'm sorry, I didn't ask you to post a new HijackThis log. Can you please post one?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
blb061803
Suspended due to non-functional email address
_ 		26. October 2006 @ 04:23 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 7:06:02 AM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\PROGRA~1\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\ICROSO~1.NET\smss.exe
C:\Documents and Settings\jjjjjjjj\Application Data\?ecurity\w?nspool.exe
C:\Windows\Twain_32\ScanWiz5\SDII.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Program Files\Olympus\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jjjjjjjj\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {7FD09661-2CA6-1706-D7BD-56A7025BE691} - C:\WINDOWS\system32\jvzdjf.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\tynxmvtt.dll (file missing)
O2 - BHO: (no name) - {3CF049B6-5383-4567-978D-3DCCA8F357B3} - C:\WINDOWS\system32\mllli.dll (file missing)
O2 - BHO: (no name) - {3D28D3A3-5D2E-974C-EB2D-01F85300CC8C} - C:\WINDOWS\system32\uhbigwc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7FD09661-2CA6-1706-D7BD-56A7025BE691} - C:\WINDOWS\system32\jvzdjf.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {C742E521-A13C-11D9-B343-00B0C0E16668} - C:\WINDOWS\SYSTEM32\OOAH.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [fxbomx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fxbomx.dll,hfnitid
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\PROGRA~1\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Otsu] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Bmnihuqy] C:\Documents and Settings\jjjjjjjj\Application Data\?ecurity\w?nspool.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\Twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\WordPerfect Office 11\Programs\GLCOM97.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O20 - Winlogon Notify: mllli - C:\WINDOWS\system32\mllli.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjnr32 - winjnr32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
[ + quote]
Niobis
Senior Member
_ 		26. October 2006 @ 10:48 _ Link to this message    Send private message to this user   
Download SmitfraudFix.zip to the desktop from here.
Extract the files to the desktop, but do not run yet, we will later.
Download KillBox from here and save to the desktop. Do not run yet, we will later in safe mode.
Download ATF Cleaner from here and save to the desktop. Do not run yet, we will will later.

Run a scan only with HijackThis, check these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - URLSearchHook: (no name) - {7FD09661-2CA6-1706-D7BD-56A7025BE691} - C:\WINDOWS\system32\jvzdjf.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\tynxmvtt.dll (file missing)
O2 - BHO: (no name) - {3CF049B6-5383-4567-978D-3DCCA8F357B3} - C:\WINDOWS\system32\mllli.dll (file missing)
O2 - BHO: (no name) - {3D28D3A3-5D2E-974C-EB2D-01F85300CC8C} - C:\WINDOWS\system32\uhbigwc.dll
O2 - BHO: (no name) - {7FD09661-2CA6-1706-D7BD-56A7025BE691} - C:\WINDOWS\system32\jvzdjf.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {C742E521-A13C-11D9-B343-00B0C0E16668} - C:\WINDOWS\SYSTEM32\OOAH.DLL (file missing)
O4 - HKLM\..\Run: [fxbomx.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fxbomx.dll,hfnitid
O4 - HKCU\..\Run: [Otsu] "C:\PROGRA~1\COMMON~1\ICROSO~1.NET\smss.exe" -vt yazb
O4 - HKCU\..\Run: [Bmnihuqy] C:\Documents and Settings\jjjjjjjj\Application Data\?ecurity\w?nspool.exe
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O20 - Winlogon Notify: mllli - C:\WINDOWS\system32\mllli.dll (file missing)
O20 - Winlogon Notify: winjnr32 - winjnr32.dll (file missing)
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)

Close all windows except HijackThis then click "Fix checked".
Close HijackThis.

Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines below one at a time then click the red button with a white X after you enter each file.
You will be prompted to confirm, click Yes.
Note: KillBox may prompt "File does not seem to exist". If so, continue with next file, but do not miss any.

C:\WINDOWS\system32\jvzdjf.dll
C:\WINDOWS\system32\uhbigwc.dll
C:\WINDOWS\system32\fxbomx.dll
C:\Program Files\Common Files\Microsoft.NET\smss.exe
Exit KillBox.

Locate and delete this file(file name may or may not contain "?"):
C:\Documents and Settings\jjjjjjjj\Application Data\?ecurity\w?nspool.exe
Empty the Recycle Bin.

Close all open windows.
Open ATF Cleaner.
Check "Select All".
Click "Empty Selected".

Restart in normal mode.

Open the SmitfraudFix folder.
Double-click smitfraudfix.cmd
Select 1 and hit Enter to create a report of the infected files. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Post back with the contents of rapport.txt and a new HijackThis log.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 26. October 2006 @ 10:50
blb061803
Suspended due to non-functional email address
_ 		26. October 2006 @ 19:43 _ Link to this message    Send private message to this user   
SmitFraudFix v2.114

Scan done at 22:40:07.27, Thu 10/26/2006
Run from C:\Documents and Settings\jjjjjjjj\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\svchost.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\migicons.exe FOUND !
C:\WINDOWS\system32\ot.ico FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jjjjjjjj


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\jjjjjjjj\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\jjjjjjjj\FAVORI~1

C:\DOCUME~1\jjjjjjjj\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Logfile of HijackThis v1.99.1
Scan saved at 10:42:31 PM, on 10/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\RAM Idle LE\RAM_XP.exe
C:\PROGRA~1\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Windows\Twain_32\ScanWiz5\SDII.exe
C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
C:\Program Files\Olympus\CAMEDIA Master 4.1\CM_camera.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\jjjjjjjj\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle LE\RAM_XP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\PROGRA~1\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microtek Scanner Finder.lnk = C:\WINDOWS\Twain_32\ScanWiz5\SDII.exe
O4 - Global Startup: Album Fast Start.lnk = C:\Program Files\Ulead Systems\Ulead PhotoImpact 5 Bundled Edition\Abmtsr.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\America Online 4.0\aoltray.exe
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\WordPerfect Office 11\Programs\GLCOM97.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
[ + quote]
Niobis
Senior Member
_ 		26. October 2006 @ 22:03 _ Link to this message    Send private message to this user   
Good! Not much more. :)

Note: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet.

* Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
* Open the SmitFruadFix folder.
* Double-click smitfraudfix.cmd
* Select 2 and hit Enter to delete infect files.
* You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
* The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
* A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt.

Restart in normal mode.
Go here and run Kaspersky Online Scanner.
Accept the terms.
After downloading, click "My Computer".
After scanning, click "Save report as".
Save as a text file and post it here along with the contents of rapport.txt.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
blb061803
Suspended due to non-functional email address
_ 		27. October 2006 @ 19:33 _ Link to this message    Send private message to this user   
KASPERSKY ONLINE SCANNER REPORT
Friday, October 27, 2006 10:30:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/10/2006
Kaspersky Anti-Virus database records: 222240
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 36099
Number of viruses found: 1
Number of infected objects: 1 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:39:59

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\REPOSITORY\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\config\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\TEMP\ZLT038f2.TMP Object is locked skipped
C:\WINDOWS\TEMP\ZLT0056b.TMP Object is locked skipped
C:\WINDOWS\SchedLog.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\OEMCOMPUTER.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\hh.htt Infected: Trojan.JS.Zapchast.a skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Program Files\Common Files\svchost.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\jjjjjjjj\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Temp\Perflib_Perfdata_658.dat Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\History\History.IE5\MSHist012006102720061028\index.dat Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Local Settings\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\parent.lock Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\cert8.db Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\key3.db Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\history.dat Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\search.sqlite Object is locked skipped
C:\Documents and Settings\jjjjjjjj\Application Data\Mozilla\Firefox\Profiles\azpta8ff.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\jjjjjjjj\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET\smss.exe Object is locked skipped

Scan process completed.


SmitFraudFix v2.114

Scan done at 18:53:59.94, Fri 10/27/2006
Run from C:\Documents and Settings\jjjjjjjj\Desktop\Virus Protection\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\svchost.exe Deleted
C:\WINDOWS\system32\migicons.exe Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\DOCUME~1\jjjjjjjj\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
[ + quote]
Niobis
Senior Member
_ 		27. October 2006 @ 21:52 _ Link to this message    Send private message to this user   
Turn off System Restore.
Right click My Computer > Properties > System Restore tab > check "Turn off System Restore".
Click Apply then OK.

Restart in safe mode and delete these with KillBox.
C:\Program Files\Common Files\svchost.exe <--svchost.exe in System32 folder is the only legit svchost.
C:\QooBox
C:\WINDOWS\hh.htt

Restart in normal mode and turn System Restore back on.
Should be clean now. How are things? Any problems or questions?

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 27. October 2006 @ 21:53
blb061803
Suspended due to non-functional email address
_ 		29. October 2006 @ 12:33 _ Link to this message    Send private message to this user   
My system is clean!!!! Thanks for all the help.

Jeff
[ + quote]
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		29. October 2006 @ 16:31 _ Link to this message    Send private message to this user   
You're welcome!
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > major virus problems help!!!!
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork