Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 22.1.2025 / 14:51
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > august 25, 2006, please help
Show topics
 
Forums
Forums
august 25, 2006, please help
  Jump to:
 
Posted Message
katd
Newbie
_ 		25. August 2006 @ 19:10 _ Link to this message    Send private message to this user   
Sorry if I've done this wrong, I'm a newbie. New to pc's as well. I also am having annoying sysprotect and winantivirus pop ups. I did some scans that you suggested in other posts, but I'm unsure of what to remove. I also updated my java. Here is my results.
Logfile of HijackThis v1.99.1
Scan saved at 10:58:38 PM, on 25/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Steve B\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar

=

http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*

http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32

\Userinit.exe
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1

\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-

4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32

\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-

F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c

ab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405

10.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://software-

dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86

/client/muweb_site.cab?1126242338225
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownlo

ader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525}

(IWinAmpActiveX Class) -

http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}

(ZoneIntro Class) -

http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab2751

3.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautoc

omplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB}

(MSN Photo Upload Tool) -

http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -

http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/csswe

b.cab
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

(Java Runtime Environment 1.4.0_02) -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3}

(WheelofFortune Object) -

http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}

(IMDownloader Class) -

http://www2.incredimail.com/contents/setup/downloader/imloader.c

ab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743}

(Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}

(MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}

(Solitaire Showdown Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31

267.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) -

Eastman Kodak Company - C:\WINDOWS\system32

\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe


Then I ran Vundo, and did a fix, here are my results


VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.5

Java version is 1.5.0.6

Scan started at 9:56:31 PM 25/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\wvwtt.dll
C:\WINDOWS\system32\ttwvw.ini
C:\WINDOWS\system32\ttwvw.bak1
C:\WINDOWS\system32\ttwvw.bak2
C:\WINDOWS\system32\xxyawxy.dll
C:\WINDOWS\system32\avwjwuyr.exe
C:\WINDOWS\system32\hdfytnlf.exe
C:\WINDOWS\system32\ilxkkwrt.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\wvwtt.dll
C:\WINDOWS\system32\wvwtt.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ttwvw.ini
C:\WINDOWS\system32\ttwvw.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttwvw.bak1
C:\WINDOWS\system32\ttwvw.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttwvw.bak2
C:\WINDOWS\system32\ttwvw.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyawxy.dll
C:\WINDOWS\system32\xxyawxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\avwjwuyr.exe
C:\WINDOWS\system32\avwjwuyr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdfytnlf.exe
C:\WINDOWS\system32\hdfytnlf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilxkkwrt.exe
C:\WINDOWS\system32\ilxkkwrt.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.2

Checking Java version...

Java version is 1.4.2.5

Java version is 1.5.0.6

Scan started at 11:04:34 PM 25/08/2006

Listing files found while scanning....

C:\WINDOWS\system32\wvwtt.dll
C:\WINDOWS\system32\ttwvw.ini
C:\WINDOWS\system32\ttwvw.bak1


I'm still getting the pop ups, please help. Thank you, Katd
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		25. August 2006 @ 23:18 _ Link to this message    Send private message to this user   
Go here http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

Save the file to your desktop
Close all windows.
Rune VirtumundoBeGone.exe
Read the introductory information, and then click Continue
Click Start.
When asked if you want to continue, click Yes to run the fix
Click "Save Log".

Note: It is normal for the the fix to terminate by producing a BLUE SCREEN OF DEATH so don't be concerned when this happens. It requires you to manually reboot to restore your normal windows desktop.

The log created will be called VBG.TXT will be on located on your desktop.

Empty your Recyle Bin.

Reboot and post new HijackThis log file along with the VBG.TXT into this thread.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
katd
Newbie
_ 		26. August 2006 @ 08:29 _ Link to this message    Send private message to this user   
Here is my updated hijack this scan
Logfile of HijackThis v1.99.1
Scan saved at 12:26:06 PM, on 26/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Documents and Settings\Steve B\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar

=

http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*

http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32

\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-

9B51-7695ECA05670} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D

-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0

\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-

206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-

0090271D4F88} - C:\Program Files\Yahoo!

\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1

\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_06\bin\jusched.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program

Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-

4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32

\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-

F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet

Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsPAClient.c

ab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation Tool) -

http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(YInstStarter Class) -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405

10.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}

(MSN Photo Upload Tool) -

http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -

http://software-

dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86

/client/muweb_site.cab?1126242338225
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/MessengerStatsClient.cab

31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownlo

ader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525}

(IWinAmpActiveX Class) -

http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592}

(ZoneIntro Class) -

http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab2751

3.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} -

http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautoc

omplete.cab
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB}

(MSN Photo Upload Tool) -

http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -

http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/csswe

b.cab
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

(Java Runtime Environment 1.4.0_02) -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3}

(WheelofFortune Object) -

http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46}

(IMDownloader Class) -

http://www2.incredimail.com/contents/setup/downloader/imloader.c

ab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743}

(Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6}

(MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF}

(Solitaire Showdown Class) -

http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31

267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32

\WgaLogon.dll
O20 - Winlogon Notify: wineti32 - wineti32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file

missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT,

s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) -

Eastman Kodak Company - C:\WINDOWS\system32

\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\System32\nvsvc32.exe

And the VBG scan

[08/26/2006, 3:39:51] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Steve B\Desktop\VirtumundoBeGone.exe" )
[08/26/2006, 3:40:00] - Detected System Information:
[08/26/2006, 3:40:00] - Windows Version: 5.1.2600, Service Pack 2
[08/26/2006, 3:40:00] - Current Username: Steve B (Admin)
[08/26/2006, 3:40:00] - Windows is in NORMAL mode.
[08/26/2006, 3:40:00] - Searching for Browser Helper Objects:
[08/26/2006, 3:40:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/26/2006, 3:40:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[08/26/2006, 3:40:00] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/26/2006, 3:40:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2006, 3:40:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/26/2006, 3:40:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/26/2006, 3:40:00] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2006, 3:40:00] - BHO 5: {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} ()
[08/26/2006, 3:40:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2006, 3:40:00] - Checking for HKLM\...\Winlogon\Notify\wvwtt
[08/26/2006, 3:40:00] - Found: HKLM\...\Winlogon\Notify\wvwtt - This is probably Virtumundo.
[08/26/2006, 3:40:00] - Assigning {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} MSEvents Object
[08/26/2006, 3:40:00] - BHO list has been changed! Starting over...
[08/26/2006, 3:40:00] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/26/2006, 3:40:00] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[08/26/2006, 3:40:00] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/26/2006, 3:40:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2006, 3:40:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/26/2006, 3:40:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/26/2006, 3:40:00] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2006, 3:40:00] - BHO 5: {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0} (MSEvents Object)
[08/26/2006, 3:40:00] - ALERT: Found MSEvents Object!
[08/26/2006, 3:40:00] - Finished Searching Browser Helper Objects
[08/26/2006, 3:40:00] - *** Detected MSEvents Object
[08/26/2006, 3:40:00] - Trying to remove MSEvents Object...
[08/26/2006, 3:40:01] - Terminating Process: IEXPLORE.EXE
[08/26/2006, 3:40:03] - Terminating Process: RUNDLL32.EXE
[08/26/2006, 3:40:03] - Disabling Automatic Shell Restart
[08/26/2006, 3:40:03] - Terminating Process: EXPLORER.EXE
[08/26/2006, 3:40:06] - Suspending the NT Session Manager System Service
[08/26/2006, 3:40:06] - Terminating Windows NT Logon/Logoff Manager
[08/26/2006, 3:40:07] - Re-enabling Automatic Shell Restart
[08/26/2006, 3:40:07] - File to disable: C:\WINDOWS\system32\wvwtt.dll
[08/26/2006, 3:40:07] - Renaming C:\WINDOWS\system32\wvwtt.dll -> C:\WINDOWS\system32\wvwtt.dll.vir
[08/26/2006, 3:40:07] - ! File rename was unsucessful.
[08/26/2006, 3:40:07] - Attempting to Deny Access to C:\WINDOWS\system32\wvwtt.dll
[08/26/2006, 3:40:08] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[08/26/2006, 3:40:08] - processed file: C:\WINDOWS\system32\wvwtt.dll

[08/26/2006, 3:40:08] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[08/26/2006, 3:40:08] - Removing HKLM\...\Browser Helper Objects\{F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0}
[08/26/2006, 3:40:08] - Removing HKCR\CLSID\{F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0}
[08/26/2006, 3:40:08] - Adding Kill Bit for ActiveX for GUID: {F3FAA16C-EE6D-4A82-AD78-59F81E91F2F0}
[08/26/2006, 3:40:08] - Deleting ATLEvents/MSEvents Registry entries
[08/26/2006, 3:40:08] - Removing HKLM\...\Winlogon\Notify\wvwtt
[08/26/2006, 3:40:08] - Searching for Browser Helper Objects:
[08/26/2006, 3:40:08] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/26/2006, 3:40:08] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[08/26/2006, 3:40:08] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/26/2006, 3:40:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2006, 3:40:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/26/2006, 3:40:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/26/2006, 3:40:08] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2006, 3:40:08] - Finished Searching Browser Helper Objects
[08/26/2006, 3:40:08] - Finishing up...
[08/26/2006, 3:40:08] - A restart is needed.
[08/26/2006, 3:40:17] - Attempting to Restart via STOP error (Blue Screen!)

[08/26/2006, 3:43:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Steve B\Desktop\VirtumundoBeGone.exe" )
[08/26/2006, 3:43:44] - Detected System Information:
[08/26/2006, 3:43:44] - Windows Version: 5.1.2600, Service Pack 2
[08/26/2006, 3:43:44] - Current Username: Steve B (Admin)
[08/26/2006, 3:43:44] - Windows is in NORMAL mode.
[08/26/2006, 3:43:44] - Searching for Browser Helper Objects:
[08/26/2006, 3:43:44] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[08/26/2006, 3:43:44] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[08/26/2006, 3:43:44] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} ()
[08/26/2006, 3:43:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/26/2006, 3:43:44] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[08/26/2006, 3:43:44] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[08/26/2006, 3:43:44] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/26/2006, 3:43:44] - Finished Searching Browser Helper Objects
[08/26/2006, 3:43:44] - Finishing up...
[08/26/2006, 3:43:44] - Nothing found! Exiting...


Thank you for all your help. Kat
[ + quote]
Niobis
Senior Member
_ 		26. August 2006 @ 18:59 _ Link to this message    Send private message to this user   
Great!

Now, you'll need KillBox. Download it here http://www.downloads.subratam.org/KillBox.zip

Note: you may want to print these instructions as you will be in safe mode.

Restart your computer in safe mode.
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
You will be prompted to confirm, click Yes.

C:\WINDOWS\system32\wvwtt.dll

There are some to fix with HijackThis but, you log is to hard ro read.

Do this: Run a scan only with HijackThis. Click Save Log. Save to your desktop. Open the .txt with any word program. Set all margins to left.

Then, post back with that HijackThis log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 26. August 2006 @ 19:00
katd
Newbie
_ 		26. August 2006 @ 20:01 _ Link to this message    Send private message to this user   
Okay, here is the new hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:55:40 PM, on 26/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Documents and Settings\Steve B\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yauto...
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssw...
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineti32 - wineti32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Now I am having other problems. I can't defrag, keep getting this error message:
Action canceled
Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline.

For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index.


and when I tried to fix it I got this message:
RefSvr32 Load Library dfrgui.dll failed. The specified module could not be found.

I also can't even get into help and support. If I should ask these last questions on another thread, please let me know.
Again, thank you for all your help.
Kat
[ + quote]
Niobis
Senior Member
_ 		26. August 2006 @ 20:16 _ Link to this message    Send private message to this user   
In normal mode, run a "Scan Only" with HijackThis, check to fix these.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*...

O20 - Winlogon Notify: wineti32 - wineti32.dll (file missing)

Then get this http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip to your desktop.

Open the SmitfraudFix folder and open smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter.(This may take a while) Do not attemp to run other option unless advised!
When it finishes it will create a log name rapport.txt in C: drive.

Post that log with the Ewdio log and a new HijackThis log.

Viruses could be the culprits to your problems, let's rid them first and then I'll try to help with other problems.

Edited for spelling and confusion.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 26. August 2006 @ 20:46
katd
Newbie
_ 		26. August 2006 @ 20:39 _ Link to this message    Send private message to this user   
Here's the Killbox log:
Pocket Killbox version 2.0.0.648
Running on Windows XP as Steve B(Administrator)
was started @ Saturday, August 26, 2006, 11:48 PM

# 1 [Files to Delete]
Path = C:\WINDOWS\system32\wvwtt.dll
*File Was Deleted

Killbox Closed(Exit) @ 11:49:57 PM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Steve B(Administrator)
was started @ Sunday, August 27, 2006, 12:28 AM

Killbox Closed(Exit) @ 12:29:07 AM
__________________________________________________

Pocket Killbox version 2.0.0.648
Running on Windows XP as Steve B(Administrator)
was started @ Sunday, August 27, 2006, 12:35 AM

Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 12:38:14 AM, on 27/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Steve B\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.ca/0SEENCA/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst200405...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/15762d9e0d98a7b8b301/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yauto...
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} (MSN Photo Upload Tool) - http://sc.groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://threats.freedom.net/viruscenter/onlineviruscheck/cabs/cssw...
O16 - DPF: {CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_02) -
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

The SmitfraudFix log:

SmitFraudFix v2.81

Scan done at 0:33:45.55, 27/08/2006
Run from C:\Documents and Settings\Steve B\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Steve B\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://images-partners.google.com/images?q=tbn:_lhVDuGfiJwJ:http%...
"SubscribedURL"="http://images-partners.google.com/images?q=tbn:_lhVDuGfiJwJ:http%...
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://smileys.smileycentral.com/cat/23/23_5_105.gif"
"SubscribedURL"="http://smileys.smileycentral.com/cat/23/23_5_105.gif"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


Kat
[ + quote]
Niobis
Senior Member
_ 		26. August 2006 @ 20:53 _ Link to this message    Send private message to this user   
That's great!

Now, you should clean some "crap". Go here http://www.ccleaner.com
Download Ccleaner
Install and run both "Cleaner" and "Issues" Fix.

Then, please explain any problems you are having. I'll help where I can.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
katd
Newbie
_ 		26. August 2006 @ 22:46 _ Link to this message    Send private message to this user   
Thanks for all your help for the virsues. Now my other problems are, my windows xp disk degrament doesn't work, I get this error message:
Action canceled
Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline.

For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index.

I have tried to reinstall these: regsvr32 dfrgsnap.dll
regsvr32 dfrgui.dll

The first one installed, when I punched in the second one I got this error message:RefSvr32 Load Library dfrgui.dll failed. The specified module could not be found

I don't know how else to fix it, any help you can provide would be great.

I also can't get into my windows xp help and support, I click the button and nothing happens.

Those are the only two probs left at the moment.
Kat
[ + quote]
katd
Newbie
_ 		28. August 2006 @ 22:15 _ Link to this message    Send private message to this user   
Hello again, well I have fixed the help and support problem, it is now working.
I'm still having trouble getting my windows xp defrag to work. Is there a program to restore files. I think I'm missing some important ones to run the defrag. Let me know if you have any suggestions. I'm still working on it, so maybe one of us can figure it out.
Thank you, Kat
[ + quote]
katd
Newbie
_ 		29. August 2006 @ 17:30 _ Link to this message    Send private message to this user   
Just wanted to let you know that I fixed both problems, took some time and searching, but I did it.
Thanks again, Katd
[ + quote]
Niobis
Senior Member
_ 		29. August 2006 @ 18:29 _ Link to this message    Send private message to this user   
That's great to hear! What was causing the problem?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Advertisement
_ 		__
 
_
katd
Newbie
_ 		29. August 2006 @ 21:21 _ Link to this message    Send private message to this user   
For the help and support I found a link to repair it after running a reg cleaner. That was my fault. I clicked the link, ran it and it was fixed.

For the defrag, I spent hours online and I found someone with the same problem. I followed what they had done and it worked.
First, I went into Drive C, windows Service Pack file, then clicked on folder i386, moved dfrgntfs file into Drive C, windows, system 32 folder.
THen opened command prompt and typed in cd\windows\system32
then, regsvr32 dfrgsnap.dll
then, regsvr32 dfrgui.dll
and it worked.

I'm just glad to have it all fixed, it was driving me nuts, lol. Katd
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > august 25, 2006, please help
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork