Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Monday 10.3.2025 / 16:13
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my gijack log. windows live messenger virus
Show topics
 
Forums
Forums
My Gijack log. Windows Live messenger Virus
  Jump to:
 
Posted Message
borhan9
AfterDawn Addict

6 product reviews
_ 		22. September 2007 @ 14:10 _ Link to this message    Send private message to this user   
Hi all Borhan here.

Yesterday i got this file via a friend that i thought was sending it to me and it downloaded from my windows live messenger and it apparently has been sent to everyone on my list. I ran the Hijack log this morning and i did a antivirus scan last night with avast that did not find anything and i also removed windows live messenger for the time being i am going to post the log bellow because it seems to me that everything is fine however i just want you guys to have a look and let me know if there is still something there.

Thanks.

SmitFraudFix v2.227

Scan done at 7:38:49.04, Sun 23/09/2007
Run from C:\Program Files\Gran Paradiso\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}"="Windows DreamScene"

[HKEY_CLASSES_ROOT\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A0C7B68D-12E2-4AB5-8E3C-4ED511CD2240}: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CCS\Services\Tcpip\..\{A722637B-AC5C-4C8A-BB35-7980272C0D8E}: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A0C7B68D-12E2-4AB5-8E3C-4ED511CD2240}: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A722637B-AC5C-4C8A-BB35-7980272C0D8E}: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A0C7B68D-12E2-4AB5-8E3C-4ED511CD2240}: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A722637B-AC5C-4C8A-BB35-7980272C0D8E}: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=203.88.240.88 203.88.255.99
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=203.88.240.88 203.88.255.99


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E31004D1-A431-41B8-826F-E902F9D95C81}"="Windows DreamScene"

[HKEY_CLASSES_ROOT\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\InProcServer32]
@="%SystemRoot%\System32\DreamScene.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End

Thanxs asap if you could please i dont want to effect anymore people.
[ + quote]
Edited by DVDBack23


"the mediocre teacher tells. the good teacher explains. the superior teacher demonstrates. the great teacher inspires."- William Aruthur Ward
Website: http://www.ampleblaze.com
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > my gijack log. windows live messenger virus
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork