IE BROWSER HIJACK! SECURITY BULLETIN.NET HELP?!!?

AfterDawn.com

Mobile/PDA About Us Advertise here


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Sunday 24.11.2024 / 14:51

Search AfterDawn Forums:

In English

Suomeksi

På svenska

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > ie browser hijack! security bulletin.net help?!!?

Browse by topic

Forums

Forums

Start a new thread

IE BROWSER HIJACK! SECURITY BULLETIN.NET HELP?!!?

Jump to:

Posted

Message

Page:	1	2	3	Next >

suhayb

Suspended due to non-functional email address

2. May 2006 @ 08:37

Link to this message

I've recently had some problems with pop ups and this browser hijacking which automatically links my homepage to www.securitybulletin.net/ Heres my HJT LOG! SOMEONE TLEL ME WHAT'S GOING ON?! THANKS!

Logfile of HijackThis v1.99.1
Scan saved at 17:36:14, on 02/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp8B78.tmp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - J:\Software\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscb...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - J:\Software\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Advertisement

Senior Member

2. May 2006 @ 10:34

Link to this message

Hi suhayb,

You don't have a firewall on your computer. Please Download and install one firewall.

Microsoft one isn't good enought. (propably you have noticed already)

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

After that :

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Boot your computer to SAFEMODE.

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd

Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Send fresh hijack log too.

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

3. May 2006 @ 13:07

Link to this message

I did what you said, but i seem to have other problems! PLZ HELP! heres my HjT log:

Logfile of HijackThis v1.99.1
Scan saved at 22:06:04, on 03/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - J:\Software\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscb...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - J:\Software\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Senior Member

4. May 2006 @ 06:29

Link to this message

Hi suhayb,
Sorry delay, what problem? Can you describe it.

Please send fresh log with answers

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

4. May 2006 @ 07:12

Link to this message

At the bottom of my taskbar i get a logo that looks like a green disabled sign and a red symbol. its a circle with a diagonal line through it. Erm and it keeps coming up everytime i start my computer. When i click on it, it goes to the website www.spywarequake.com. It keeps asking to download and install malware scanners and stuff? Here have a look at HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 16:11:42, on 04/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - J:\Software\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscb...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - J:\Software\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

This message has been edited since posting. Last time this message was edited on 4. May 2006 @ 07:15

Senior Member

4. May 2006 @ 07:20

Link to this message

Smitfraudfix has been updated last night. Please download new version

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

4. May 2006 @ 07:28

Link to this message

HERE

SmitFraudFix v2.39

Scan done at 16:27:20.52, 04/05/2006
Run from C:\Documents and Settings\Asif Bhatti\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dvdcap.dll FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Asif Bhatti\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ASIFBH~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}"="CD-DVD Device"

[HKEY_CLASSES_ROOT\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\dvdcap.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E}\InProcServer32]
@="C:\WINDOWS\system32\dvdcap.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Senior Member

4. May 2006 @ 07:30

Link to this message

Yes, that is new variant, why smitfraudfix was updated.

Boot your computer to SAFEMODE.

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd

Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.
Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Send fresh hijack log too.

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

4. May 2006 @ 07:40

Link to this message

SmitFraudFix v2.39

Scan done at 16:33:32.67, 04/05/2006
Run from C:\Documents and Settings\Asif Bhatti\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dvdcap.dll Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

HJT LOG:

Logfile of HijackThis v1.99.1
Scan saved at 16:38:48, on 04/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\slrundll.exe
C:\Program Files\Avant Browser\avant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - J:\Software\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscb...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - J:\Software\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Senior Member

4. May 2006 @ 07:46

Link to this message

check that line in hijack:

O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll (file missing)

Close all windows and click Fix checked.

Reboot comp.

Is a bustard away ?

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

4. May 2006 @ 07:49

Link to this message

That icon has dissapeared. But a few dyas later i will encounter rubbish again and again. Its a real Piss take. Anyway thanks for the help. You got any EXCELLENT software to recommend other than those stated on the forums already?

Senior Member

4. May 2006 @ 07:55

Link to this message

Yes i'll think.

Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Boot your comp to safe mode,
Launch Ewido, please goto settings and choose "all files" . Scan with Ewido Complete system scan.
Save the report.

Boot normally and send fresh hijack log and ewidos report.

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

4. May 2006 @ 12:26

Link to this message

IT KEEPS COMING BACK!!!!! ARGH!!!!!!!!!!!! I KEEP GETTING THE SAME PROBLEM OVER AND OVER!

HJT LOG!!!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 21:24:28, on 04/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\SHVRTF.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\SigmaTel\C-MAJO~1\CONTRO~1\stacsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\WINDOWS\slrundll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [StacSysTray] C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\StacSysTray.exe -invisible
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Protect] SHVRTF.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Open In New Avant Browser - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - J:\Software\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.eXentiasupport.com/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/en-us/wlscb...
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSSc...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup161.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sigmatel PassThru (PassThru) - Unknown owner - C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - J:\Software\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PLZZZ HELP SUM1?!

Senior Member

4. May 2006 @ 12:40

Link to this message

Turn off your system restore:

http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q306084

Please download CCleaner:
http://www.snapfiles.com/get/ccleaner.html

instructions:
http://www.ccleaner.com/help/tour1.asp

Run with CCleaner "cleaner" And "Issues" options

Then boot your comp.

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

4. May 2006 @ 13:32

Link to this message

I TRIED CLEANING! IT STILL SUCKS HARD!

SmitFraudFix v2.39

Scan done at 22:25:57.07, 04/05/2006
Run from C:\Documents and Settings\Asif Bhatti\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\1024\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» End

Senior Member

4. May 2006 @ 20:47

Link to this message

Ok, maybe there is something new.

Please download prosess explorer
http://www.sysinternals.com/files/procexpnt.zip

Unzip it to own folder and run it.
Choose ?View? and check that these lines are marked

Show processes form all users.
Show Lower Pane
Lower Pane View DLL's

Then click in that window Explorer.exe
Then select ?File? > Save As > and save log.
Send that log here please.

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

4. May 2006 @ 21:55

Link to this message

here

Process PID CPU Description Company Name
System Idle Process 0 96.92
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 644 Windows NT Session Manager Microsoft Corporation
csrss.exe 684 Client Server Runtime Process Microsoft Corporation
winlogon.exe 708 Windows NT Logon Application Microsoft Corporation
services.exe 752 Services and Controller app Microsoft Corporation
ati2evxx.exe 932
svchost.exe 948 Generic Host Process for Win32 Services Microsoft Corporation
stacsrv.exe 488 1.54 StacSrv Module
ehmsas.exe 576 Media Center Media Status Aggregator Service Microsoft Corporation
svchost.exe 1024 Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1064 Service Executable Microsoft Corporation
svchost.exe 1104 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1204 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1236 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1592 Spooler SubSystem App Microsoft Corporation
avgamsvr.exe 1764 AVG Alert Manager GRISOFT, s.r.o.
avgupsvc.exe 1780 AVG Update Service GRISOFT, s.r.o.
svchost.exe 1956 Generic Host Process for Win32 Services Microsoft Corporation
cisvc.exe 1976 Content Index service Microsoft Corporation
cidaemon.exe 2928 Indexing Service filter daemon Microsoft Corporation
ehRecvr.exe 2064 Media Center Receiver Service Microsoft Corporation
ehSched.exe 2076 Media Center Scheduler Service Microsoft Corporation
MDM.EXE 2132 Machine Debug Manager Microsoft Corporation
locator.exe 2368 Rpc Locator Microsoft Corporation
slserv.exe 2452 User-Level Modem Service
slrundll.exe 4048
svchost.exe 2484 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 2508 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 3384 Application Layer Gateway Service Microsoft Corporation
dllhost.exe 3480 COM Surrogate Microsoft Corporation
svchost.exe 1988 Generic Host Process for Win32 Services Microsoft Corporation
lsass.exe 764 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1792
explorer.exe 1876 Windows Explorer Microsoft Corporation
stacsystray.exe 2012 Sigmatel
atiptaxx.exe 2044 ATI Desktop Control Panel ATI Technologies, Inc.
MsgPlus.exe 140 Messenger Plus! Patchou
SHVRTF.EXE 184 Application MFC Angel
ehtray.exe 212 Media Center Tray Applet Microsoft Corporation
issch.exe 208 InstallShield Update Service Scheduler InstallShield Software Corporation
MSASCui.exe 216 User Interface Microsoft Corporation
jusched.exe 252 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
avgcc.exe 336 AVG Control Center GRISOFT, s.r.o.
realsched.exe 404 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 496 CTF Loader Microsoft Corporation
GoogleWebAccWarden.exe 508
GoogleWebAccClient.exe 3404
msnmsgr.exe 2344 MSN Messenger Microsoft Corporation
FireFox.exe 1444 Firefox Mozilla Corporation
procexp.exe 3640 1.54 Sysinternals Process Explorer Sysinternals

Process: Procexp Pid: -2

Name Description Company Name Version

Senior Member

4. May 2006 @ 23:06

Link to this message

Sorry to say, you didn't follow instructions.

Quote:
Choose ?View? and check that these lines are marked

Show processes form all users.
Show Lower Pane
Lower Pane View DLL's

Please do it.

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

aabbccdd

Suspended permanently

5. May 2006 @ 00:01

Link to this message

suhayb , iam having the same problem i got my IE back using spysweeper in safe mode but still having all kinds of stuff coming back ,whatever this is it is very nasty to get rid of

tapiiri, theres mine any help would be great

Process PID CPU Description Company Name
System Idle Process 0 96.97
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 596 Windows NT Session Manager Microsoft Corporation
csrss.exe 652 Client Server Runtime Process Microsoft Corporation
winlogon.exe 680 Windows NT Logon Application Microsoft Corporation
services.exe 724 Services and Controller app Microsoft Corporation
ati2evxx.exe 912 ATI External Event Utility EXE Module ATI Technologies Inc.
svchost.exe 924 Generic Host Process for Win32 Services Microsoft Corporation
IEXPLORE.EXE 2168 1.52 Internet Explorer Microsoft Corporation
svchost.exe 1024 Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1120 Service Executable Microsoft Corporation
svchost.exe 1164 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1256 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1640 Spooler SubSystem App Microsoft Corporation
aswUpdSv.exe 1784
ashServ.exe 1812 avast! antivirus service
PcCtlCom.exe 1984 PcCtlCom Module Trend Micro Incorporated.
pccguide.exe 4036 PCCGuide Trend Micro Incorporated.
SMAgent.exe 140 SoundMAX service agent component Analog Devices, Inc.
svchost.exe 176 Generic Host Process for Win32 Services Microsoft Corporation
WRSSSDK.exe 224 Spy Sweeper SDK Webroot Software, Inc.
Tmntsrv.exe 2100 Tmntsrv Trend Micro Incorporated.
wdfmgr.exe 2208 Windows User Mode Driver Manager Microsoft Corporation
MsPMSPSv.exe 2280 WMDM PMSP Service Microsoft Corporation
TmPfw.exe 2336 TmPfw Trend Micro Inc.
ashMaiSv.exe 2952 avast! e-Mail Scanner Service ALWIL Software
ashWebSv.exe 3260 avast! Web Scanner ALWIL Software
alg.exe 3540 Application Layer Gateway Service Microsoft Corporation
tmproxy.exe 2456 TmProxy.exe Trend Micro Inc.
lsass.exe 736 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 252 ATI External Event Utility EXE Module ATI Technologies Inc.
explorer.exe 404 Windows Explorer Microsoft Corporation
procexp.exe 3248 1.52 Sysinternals Process Explorer Sysinternals

Process: IEXPLORE.EXE Pid: 2168

Name Description Company Name Version
actxprxy.dll ActiveX Interface Marshaling Library Microsoft Corporation 6.00.2900.2180
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180
browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2861
c_28591.nls
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cryptui.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
ctype.nls
dciman32.dll DCI Manager Microsoft Corporation 5.01.2600.2180
ddraw.dll Microsoft DirectDraw Microsoft Corporation 5.03.2600.2180
ddrawex.dll Direct Draw Ex Microsoft Corporation 5.03.2600.2180
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.01.2600.2180
dxtmsft.dll DirectX Media -- Image DirectX Transforms Microsoft Corporation 6.03.2900.2180
dxtmsft.dll DirectX Media -- Image DirectX Transforms Microsoft Corporation 6.03.2900.2180
dxtrans.dll DirectX Media -- DirectX Transform Core Microsoft Corporation 6.03.2900.2861
dxtrans.dll DirectX Media -- DirectX Transform Core Microsoft Corporation 6.03.2900.2861
Flash8.ocx Macromedia Flash Player 8.0 r22 Macromedia, Inc. 8.00.0022.0000
Flash8.ocx Macromedia Flash Player 8.0 r22 Macromedia, Inc. 8.00.0022.0000
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.01.2600.2180
IEXPLORE.EXE Internet Explorer Microsoft Corporation 6.00.2900.2180
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
imgutil.dll IE plugin image decoder support DLL Microsoft Corporation 6.00.2900.2180
imm32.dll Windows XP IMM32 API Client DLL Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2180
jscript.dll Microsoft (r) JScript Microsoft Corporation 5.06.0000.8820
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2180
locale.nls
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
mlang.dll Multi Language Support DLL Microsoft Corporation 6.00.2900.2180
MpOAv.dll IOfficeAntiVirus Module Microsoft Corporation 1.01.1347.0000
MpShHook.dll Shell Execution Monitor Microsoft Corporation 1.01.1347.0000
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180
mshtml.dll Microsoft (R) HTML Viewer Microsoft Corporation 6.00.2900.2873
mshtml.tlb Microsoft (R) MSHTML Typelib Microsoft Corporation 6.00.2900.2180
mshtmled.dll Microsoft (R) HTML Editing Component Microsoft Corporation 6.00.2900.2861
msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
MSIMGSIZ.DAT
MSIMTF.dll Active IMM Server DLL Microsoft Corporation 5.01.2600.2180
msls31.dll Microsoft Line Services library file Microsoft Corporation 3.10.0349.0000
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
msvcp80.dll Microsoft® C++ Runtime Library Microsoft Corporation 8.00.50727.0042
msvcr80.dll Microsoft® C Runtime Library Microsoft Corporation 8.00.50727.0042
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.01.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
pngfilt.dll IE PNG plugin image decoder Microsoft Corporation 6.00.2900.2861
psapi.dll Process Status Helper Microsoft Corporation 5.01.2600.2180
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.01.2600.2180
rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.2180
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
sfc_os.dll Windows File Protection Microsoft Corporation 5.01.2600.2180
shdoclc.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2180
shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2877
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2869
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2861
sortkey.nls
sorttbls.nls
stdole2.tlb Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating Systems Microsoft Corporation 3.50.5014.0000
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.2180
Syncor11.dll SynthCore R2.0 Midi Interface Driver SoundMAX 0.01.0002.0003
tapi32.dll Microsoft® Windows(TM) Telephony API Client DLL Microsoft Corporation 5.01.2600.2180
unicode.nls
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.00.2900.2870
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.2861
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
winphook.dll Pivot Software Support DLL Portrait Displays, Inc. 7.00.0000.0000
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.01.2600.2180
wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
wuapi.dll Windows Update Client API Microsoft Corporation 5.08.0000.2469
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180
xpsp3res.dll Service Pack 3 Messages Microsoft Corporation 5.01.2600.2877

This message has been edited since posting. Last time this message was edited on 5. May 2006 @ 00:10

Senior Member

5. May 2006 @ 02:46

Link to this message

Hi aabbccdd

Your process list is ok. SpySweeper is very good, Ewido finds some different bustards.

Download and install Ewido, UPDATE it, but do NOT run a scan yet. -> http://www.ewido.net/en/download/

Boot your comp to safe mode,
Launch Ewido, please goto settings and choose "all files" . Scan with Ewido Complete system scan.
Save the report.

Boot normally and send fresh hijack log and ewidos report.

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

5. May 2006 @ 06:57

Link to this message

I did do exactly what you said.

Process PID CPU Description Company Name
System Idle Process 0 97.69
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 644 Windows NT Session Manager Microsoft Corporation
csrss.exe 684 Client Server Runtime Process Microsoft Corporation
winlogon.exe 708 Windows NT Logon Application Microsoft Corporation
services.exe 752 Services and Controller app Microsoft Corporation
ati2evxx.exe 928
svchost.exe 944 Generic Host Process for Win32 Services Microsoft Corporation
stacsrv.exe 384 1.54 StacSrv Module
ehmsas.exe 552 Media Center Media Status Aggregator Service Microsoft Corporation
svchost.exe 1020 Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1060 Service Executable Microsoft Corporation
svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 252 Automatic Updates Microsoft Corporation
svchost.exe 1192 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1232 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1600 Spooler SubSystem App Microsoft Corporation
avgupsvc.exe 1776 AVG Update Service GRISOFT, s.r.o.
svchost.exe 1832 Generic Host Process for Win32 Services Microsoft Corporation
cisvc.exe 1856 Content Index service Microsoft Corporation
ehRecvr.exe 2020 Media Center Receiver Service Microsoft Corporation
ehSched.exe 1256 Media Center Scheduler Service Microsoft Corporation
MDM.EXE 2084 Machine Debug Manager Microsoft Corporation
locator.exe 2232 Rpc Locator Microsoft Corporation
slserv.exe 2296 User-Level Modem Service
slrundll.exe 1476
svchost.exe 2444 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 2460 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 3452 Application Layer Gateway Service Microsoft Corporation
dllhost.exe 3924 COM Surrogate Microsoft Corporation
svchost.exe 336 Generic Host Process for Win32 Services Microsoft Corporation
avgamsvr.exe 3644 AVG Alert Manager GRISOFT, s.r.o.
lsass.exe 764 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1880
explorer.exe 1972 Windows Explorer Microsoft Corporation
stacsystray.exe 212 Sigmatel
atiptaxx.exe 228 ATI Desktop Control Panel ATI Technologies, Inc.
MsgPlus.exe 244 Messenger Plus! Patchou
SHVRTF.EXE 256 Application MFC Angel
ehtray.exe 288 Media Center Tray Applet Microsoft Corporation
issch.exe 400 InstallShield Update Service Scheduler InstallShield Software Corporation
MSASCui.exe 432 User Interface Microsoft Corporation
jusched.exe 448 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
realsched.exe 528 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 544 CTF Loader Microsoft Corporation
GoogleWebAccWarden.exe 620
GoogleWebAccClient.exe 3436
msnmsgr.exe 2608 MSN Messenger Microsoft Corporation
FireFox.exe 1864 Firefox Mozilla Corporation
procexp.exe 2920 0.77 Sysinternals Process Explorer Sysinternals
avgcc.exe 3752 AVG Control Center GRISOFT, s.r.o.

Process: Procexp Pid: -2

Name Description Company Name Version

Senior Member

5. May 2006 @ 07:04

Link to this message

Yes, paste the rest off log then :)

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

suhayb

Suspended due to non-functional email address

5. May 2006 @ 07:05

Link to this message

OK THIS TIME I HIGHLIGHTED EXPLORER AS I DID IT. THIS IS WOT I GOT:

Process PID CPU Description Company Name
System Idle Process 0 96.27
Interrupts n/a Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
smss.exe 644 Windows NT Session Manager Microsoft Corporation
csrss.exe 684 Client Server Runtime Process Microsoft Corporation
winlogon.exe 708 Windows NT Logon Application Microsoft Corporation
services.exe 752 0.75 Services and Controller app Microsoft Corporation
ati2evxx.exe 928
svchost.exe 944 Generic Host Process for Win32 Services Microsoft Corporation
stacsrv.exe 384 0.75 StacSrv Module
ehmsas.exe 552 Media Center Media Status Aggregator Service Microsoft Corporation
svchost.exe 1020 Generic Host Process for Win32 Services Microsoft Corporation
MsMpEng.exe 1060 Service Executable Microsoft Corporation
svchost.exe 1100 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1192 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1232 Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 1600 Spooler SubSystem App Microsoft Corporation
avgupsvc.exe 1776 AVG Update Service GRISOFT, s.r.o.
svchost.exe 1832 Generic Host Process for Win32 Services Microsoft Corporation
cisvc.exe 1856 Content Index service Microsoft Corporation
cidaemon.exe 2792 Indexing Service filter daemon Microsoft Corporation
ehRecvr.exe 2020 Media Center Receiver Service Microsoft Corporation
ehSched.exe 1256 Media Center Scheduler Service Microsoft Corporation
MDM.EXE 2084 Machine Debug Manager Microsoft Corporation
locator.exe 2232 Rpc Locator Microsoft Corporation
slserv.exe 2296 User-Level Modem Service
slrundll.exe 1476
svchost.exe 2444 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 2460 Windows User Mode Driver Manager Microsoft Corporation
alg.exe 3452 Application Layer Gateway Service Microsoft Corporation
dllhost.exe 3924 COM Surrogate Microsoft Corporation
svchost.exe 336 Generic Host Process for Win32 Services Microsoft Corporation
avgamsvr.exe 3644 AVG Alert Manager GRISOFT, s.r.o.
lsass.exe 764 LSA Shell (Export Version) Microsoft Corporation
ati2evxx.exe 1880
explorer.exe 1972 Windows Explorer Microsoft Corporation
stacsystray.exe 212 0.75 Sigmatel
atiptaxx.exe 228 ATI Desktop Control Panel ATI Technologies, Inc.
MsgPlus.exe 244 Messenger Plus! Patchou
SHVRTF.EXE 256 Application MFC Angel
ehtray.exe 288 Media Center Tray Applet Microsoft Corporation
issch.exe 400 InstallShield Update Service Scheduler InstallShield Software Corporation
MSASCui.exe 432 User Interface Microsoft Corporation
jusched.exe 448 Java(TM) 2 Platform Standard Edition binary Sun Microsystems, Inc.
realsched.exe 528 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 544 CTF Loader Microsoft Corporation
GoogleWebAccWarden.exe 620
GoogleWebAccClient.exe 3436
msnmsgr.exe 2608 MSN Messenger Microsoft Corporation
procexp.exe 1848 1.49 Sysinternals Process Explorer Sysinternals
FireFox.exe 2972 Firefox Mozilla Corporation
avgcc.exe 3752 AVG Control Center GRISOFT, s.r.o.

Process: explorer.exe Pid: 1972

Name Description Company Name Version
AcGenral.dll Windows Compatibility DLL Microsoft Corporation 5.01.2600.2180
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.01.2600.2180
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.01.2600.2180
asfsipc.dll ASFSipc Object Microsoft Corporation 1.01.0000.3917
atl.dll ATL Module for Windows XP (Unicode) Microsoft Corporation 3.05.2284.0000
batmeter.dll Battery Meter Helper DLL Microsoft Corporation 6.00.2900.2180
browselc.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2180
browseui.dll Shell Browser UI Library Microsoft Corporation 6.00.2900.2861
clbcatq.dll Microsoft Corporation 2001.12.4414.0308
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.2900.2180
comctl32.dll Common Controls Library Microsoft Corporation 5.82.2900.2180
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.2900.2180
comres.dll Microsoft Corporation 2001.12.4414.0258
credui.dll Credential Manager User Interface Microsoft Corporation 5.01.2600.2180
crypt32.dll Crypto API32 Microsoft Corporation 5.131.2600.2180
cryptui.dll Microsoft Trust UI Provider Microsoft Corporation 5.131.2600.2180
cscdll.dll Offline Network Agent Microsoft Corporation 5.01.2600.2180
cscui.dll Client Side Caching UI Microsoft Corporation 5.01.2600.2180
ctype.nls
davclnt.dll Web DAV Client DLL Microsoft Corporation 5.01.2600.2180
drprov.dll Microsoft Terminal Server Network Provider Microsoft Corporation 5.01.2600.2180
duser.dll Windows DirectUser Engine Microsoft Corporation 5.01.2600.2180
explorer.exe Windows Explorer Microsoft Corporation 6.00.2900.2180
fxsapi.dll Microsoft Fax API Support DLL Microsoft Corporation 5.02.2600.2180
fxsst.dll Fax Service Microsoft Corporation 5.02.2600.2180
gdi32.dll GDI Client DLL Microsoft Corporation 5.01.2600.2818
imagehlp.dll Windows NT Image Helper Microsoft Corporation 5.01.2600.2180
index.dat
index.dat
index.dat
index.dat
iphlpapi.dll IP Helper API Microsoft Corporation 5.01.2600.2180
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.01.2600.2180
linkinfo.dll Windows Volume Tracking Microsoft Corporation 5.01.2600.2751
locale.nls
MCPS.DLL Media Catalog Proxy/Stub Microsoft Corporation 11.00.6551.0000
mfc42.dll MFCDLL Shared Library - Retail Version Microsoft Corporation 6.02.4131.0000
midimap.dll Microsoft MIDI Mapper Microsoft Corporation 5.01.2600.2180
mpr.dll Multiple Provider Router DLL Microsoft Corporation 5.01.2600.2180
MpShHook.dll Shell Execution Monitor Microsoft Corporation 1.01.1051.0000
msacm32.dll Microsoft ACM Audio Filter Microsoft Corporation 5.01.2600.2180
msacm32.drv Microsoft Sound Mapper Microsoft Corporation 5.01.2600.0000
msasn1.dll ASN.1 Runtime APIs Microsoft Corporation 5.01.2600.2180
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.01.2600.2180
MsgPlusLoader1.dll Messenger Plus! Process Monitor Patchou 3.63.0004.0000
msi.dll Windows Installer Microsoft Corporation 3.01.4000.2435
msimg32.dll GDIEXT Client DLL Microsoft Corporation 5.01.2600.2180
msisip.dll MSI Signature SIP Provider Microsoft Corporation 3.01.4000.1823
mslbui.dll LangageBar Add In Microsoft Corporation 5.01.2600.2180
msv1_0.dll Microsoft Authentication Package v1.0 Microsoft Corporation 5.01.2600.2180
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.2600.2180
netapi32.dll Net Win32 API DLL Microsoft Corporation 5.01.2600.2180
netrap.dll Net Remote Admin Protocol DLL Microsoft Corporation 5.01.2600.2180
netshell.dll Network Connections Shell Microsoft Corporation 5.01.2600.2180
netui0.dll NT LM UI Common Code - GUI Classes Microsoft Corporation 5.01.2600.2180
netui1.dll NT LM UI Common Code - Networking classes Microsoft Corporation 5.01.2600.2180
ntdll.dll NT Layer DLL Microsoft Corporation 5.01.2600.2180
ntlanman.dll Microsoft® Lan Manager Microsoft Corporation 5.01.2600.2180
ntmarta.dll Windows NT MARTA provider Microsoft Corporation 5.01.2600.2180
ntshrui.dll Shell extensions for sharing Microsoft Corporation 5.01.2600.2180
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.01.2600.2726
oleaut32.dll Microsoft Corporation 5.01.2600.2180
pdfshell.dll PDF Shell Extension Adobe Systems, Inc. 7.00.0000.0000
powrprof.dll Power Profile Helper DLL Microsoft Corporation 6.00.2900.2180
rasapi32.dll Remote Access API Microsoft Corporation 5.01.2600.2180
rasman.dll Remote Access Connection Manager Microsoft Corporation 5.01.2600.2180
reglogs.dll
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.01.2600.2180
rsaenh.dll Microsoft Enhanced Cryptographic Provider Microsoft Corporation 5.01.2600.2161
rtutils.dll Routing Utilities Microsoft Corporation 5.01.2600.2180
samlib.dll SAM Library DLL Microsoft Corporation 5.01.2600.2180
secur32.dll Security Support Provider Interface Microsoft Corporation 5.01.2600.2180
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.01.2600.2180
serwvdrv.dll Unimodem Serial Wave driver Microsoft Corporation 5.01.2600.0000
setupapi.dll Windows Setup API Microsoft Corporation 5.01.2600.2180
shdocvw.dll Shell Doc Object and Control Library Microsoft Corporation 6.00.2900.2877
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.2900.2869
shimeng.dll Shim Engine DLL Microsoft Corporation 5.01.2600.2180
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.2900.2861
sortkey.nls
sorttbls.nls
stobject.dll Systray shell service object Microsoft Corporation 5.01.2600.2180
sxs.dll Fusion 2.5 Microsoft Corporation 5.01.2600.2180
tapi32.dll Microsoft® Windows(TM) Telephony API Client DLL Microsoft Corporation 5.01.2600.2180
themeui.dll Windows Theme API Microsoft Corporation 6.00.2900.2180
umdmxfrm.dll Unimodem Tranform Module Microsoft Corporation 5.01.2600.0000
unicode.nls
urlmon.dll OLE32 Extensions for Win32 Microsoft Corporation 6.00.2900.2870
user32.dll Windows XP USER API Client DLL Microsoft Corporation 5.01.2600.2622
userenv.dll Userenv Microsoft Corporation 5.01.2600.2180
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.2900.2180
version.dll Version Checking and File Installation Libraries Microsoft Corporation 5.01.2600.2180
wdmaud.drv WDM Audio driver mapper Microsoft Corporation 5.01.2600.2180
webcheck.dll Web Site Monitor Microsoft Corporation 6.00.2900.2180
wininet.dll Internet Extensions for Win32 Microsoft Corporation 6.00.2900.2861
winmm.dll MCI API DLL Microsoft Corporation 5.01.2600.2180
winspool.drv Windows Spooler Driver Microsoft Corporation 5.01.2600.2180
winsta.dll Winstation Library Microsoft Corporation 5.01.2600.2180
wintrust.dll Microsoft Trust Verification APIs Microsoft Corporation 5.131.2600.2180
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.01.2600.2180
wmpband.dll Windows Media Player Microsoft Corporation 10.00.0000.3646
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.01.2600.2180
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.01.2600.2180
wshext.dll Microsoft (r) Shell Extension for Windows Script Host Microsoft Corporation 5.06.0000.8820
wsock32.dll Windows Socket 32-Bit DLL Microsoft Corporation 5.01.2600.2180
wtsapi32.dll Windows Terminal Server SDK APIs Microsoft Corporation 5.01.2600.2180
wzcsapi.dll Wireless Zero Configuration service API Microsoft Corporation 5.01.2600.2180
xpsp2res.dll Service Pack 2 Messages Microsoft Corporation 5.01.2600.2180

Senior Member

5. May 2006 @ 07:12

Link to this message

Yes, that I want to check.

Please check this files logation
reglogs.dll

propably here :
C:\WINDOWS\System32\reglogs.dll

Scan it here:

http://virusscan.jotti.org/

Copy ansvers to your reply, please.

This can be a new variant off smithfraud. If is, We have to deliver it to S!ri

Jaa- ei tuollaasia spämmäreitä ookkaa -> tapiiri

http://www.virustorjunta.net/index.php

Advertisement

suhayb

Suspended due to non-functional email address

5. May 2006 @ 07:17

Link to this message

I cant find the folder system32 ?

Page:	1	2	3	Next >

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > ie browser hijack! security bulletin.net help?!!?

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team

© 1999-2024 by AfterDawn Ltd.