1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Help me please

Discussion in 'Windows - Virus and spyware problems' started by hurley9, May 3, 2007.

  1. hurley9

    hurley9 Member

    Joined:
    May 3, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    my computer has been redirecting all my searches to another website for about a week but if i refreshed it it went to the right page i got WOW for a present today and cant play it till i get this virus/trojan or wateva the heck it is gone blizzard said to run fix wareout so i have heres the log from that


    Fixwareout Last edited 4/5/2007
    Post this report in the forums please
    ...
    »»»»»Prerun check

    »»»»» System restarted

    »»»»» Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"="kduif.exe"
    ....
    ....
    »»»»» Misc files.
    ....
    »»»»» Checking for older varients.
    ....

    Search five digit cs, dm, kd, jb, other, files.
    The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



    Click browse, find the file then click submit.
    http://www.virustotal.com/flash/index_en.html
    Or http://virusscan.jotti.org/

    »»»»» Other



    »»»»» Current runs
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE"
    "ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
    "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
    "ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
    "nwiz"="nwiz.exe /install"
    "MsMovies"="C:\\Program Files\\MsMovies\\MsMovies.exe /auto"
    "virtual-ie"="winlogi.exe"
    "IST Service"="C:\\Program Files\\ISTsvc\\istsvc.exe"
    "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\ccApp]
    "Desc"="ccApp"
    "CmdLine"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
    "Icon"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000003
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\ccRegVfy]
    "Desc"="ccRegVfy"
    "CmdLine"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
    "Icon"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000008
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\IST Service]
    "Desc"="IST Service"
    "CmdLine"="C:\\Program Files\\ISTsvc\\istsvc.exe"
    "Icon"="ThisFileWillNeverExists.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:0000000c
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\MsMovies]
    "Desc"="MsMovies"
    "CmdLine"="C:\\Program Files\\MsMovies\\MsMovies.exe /auto"
    "Icon"="ThisFileWillNeverExists.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:0000000a
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\NvCplDaemon]
    "Desc"="NvCplDaemon"
    "CmdLine"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
    "Icon"="C:\\WINDOWS\\system32\\NvCpl.dll"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000009
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\NvMediaCenter]
    "Desc"="NvMediaCenter"
    "CmdLine"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
    "Icon"="C:\\WINDOWS\\system32\\NvMcTray.dll"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000010
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\nwiz]
    "Desc"="nwiz"
    "CmdLine"="nwiz.exe /install"
    "Icon"="C:\\WINDOWS\\system32\\nwiz.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:0000000d
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\QuickTime Task]
    "Desc"="QuickTime Task"
    "CmdLine"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "Icon"="C:\\Program Files\\QuickTime\\qttask.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000004
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\SoundMan]
    "Desc"="SoundMan"
    "CmdLine"="SOUNDMAN.EXE"
    "Icon"="C:\\WINDOWS\\SOUNDMAN.EXE"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:0000000e
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\Startup Faster Agent]
    "Desc"="Startup Faster Agent"
    "CmdLine"="C:\\Program Files\\Startup Faster 2004\\sfagent.exe"
    "Icon"="C:\\Program Files\\Startup Faster 2004\\sfagent.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:0000000f
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\SunJavaUpdateSched]
    "Desc"="SunJavaUpdateSched"
    "CmdLine"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "Icon"="C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000011
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\Symantec NetDriver Monitor]
    "Desc"="Symantec NetDriver Monitor"
    "CmdLine"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
    "Icon"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000001
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\virtual-ie]
    "Desc"="virtual-ie"
    "CmdLine"="winlogi.exe"
    "Icon"="ThisFileWillNeverExists.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000006

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\Creative Detector]
    "Desc"="Creative Detector"
    "CmdLine"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
    "Icon"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000007
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\ctfmon.exe]
    "Desc"="ctfmon.exe"
    "CmdLine"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "Icon"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:0000000b
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\msnmsgr]
    "Desc"="msnmsgr"
    "CmdLine"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Icon"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe"
    "DelayTime"=dword:00000fa0
    "Enable"=dword:00000001
    "Order"=dword:00000000
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\Steam]
    "Desc"="Steam"
    "CmdLine"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
    "Icon"="C:\\Program Files\\Valve\\Steam\\steam.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000000
    "Order"=dword:00000005
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\StartupFaster\updateMgr]
    "Desc"="updateMgr"
    "CmdLine"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"
    "Icon"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe"
    "DelayTime"=dword:00000000
    "Enable"=dword:00000001
    "Order"=dword:00000002
    ....
    Hosts file was reset, If you use a custom hosts file please replace it
    »»»»» End report »»»»»
     
  2. hurley9

    hurley9 Member

    Joined:
    May 3, 2007
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    11
    thought you might want this also note i updated adaware to the new build inbetween these

    Logfile of HijackThis v1.99.1
    Scan saved at 6:28:00 PM, on 3/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16414)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\NISUM.EXE
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Norton Internet Security\ccPxySvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\program files\valve\steam\steam.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\DIRECWAY\BIN\dpcnav.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Hurley Family\Local Settings\Temporary Internet Files\Content.IE5\3XUL6W85\aawsepersonal[1].exe
    C:\WINDOWS\system32\MSIEXEC.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\HJT\HijackThis.exe
    C:\Program Files\Xfire\Xfire.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:83
    R3 - URLSearchHook: ScriptInocUI Class - - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\BitComet\tools\BitCometBHO_1.1.3.19.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-au\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [MsMovies] C:\Program Files\MsMovies\MsMovies.exe /auto
    O4 - HKLM\..\Run: [virtual-ie] winlogi.exe
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunServices: [virtual-ie] winlogi.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O8 - Extra context menu item: &D&ownload &with BitComet - res://F:\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://F:\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://F:\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: IEToolbarCab - http://www.animetoolbar.com/DailyToolbarAff.CAB
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccess/ie/bridge-c420.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/FunBuddyIconsFWBInitialSetup1.0.0.8-2.cab
    O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
    O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\IntraLaunch.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {F57D17AE-CE37-4BC8-B232-EA57747BE5E7} - http://66.230.146.53/EPlugin.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
    O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://www.35mb.com/downloadapplet.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED403109-3190-439A-A805-855441E30F4F}: Domain = telstra.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED403109-3190-439A-A805-855441E30F4F}: NameServer = 139.134.5.51,139.134.2.190
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: DIRECWAY Webcast (DPC_SRV_WEBCAST) - Hughes Network Systems - C:\PROGRA~1\DIRECWAY\bin\dpcproxy.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

     
  3. blake123

    blake123 Guest

    R3 - URLSearchHook: ScriptInocUI Class - - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - F:\BitComet\tools\BitCometBHO_1.1.3.19.dll (file missing)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O16 - DPF: IEToolbarCab - http://www.animetoolbar.com/DailyToolbarAff.CAB
    fix these
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED403109-3190-439A-A805-855441E30F4F}: Domain = telstra.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ED403109-3190-439A-A805-855441E30F4F}: NameServer = 139.134.5.51,139.134.2.190

    Please download VundoFix.exe to your desktop.

    * Double-click VundoFix.exe to run it.
    * When VundoFix re-opens, click the Scan for Vundo button.
    * Once it's done scanning, click the Remove Vundo button.
    * You will receive a prompt asking if you want to remove the files, click YES
    * Once you click yes, your desktop will go blank as it starts removing Vundo.
    * When completed, it will prompt that it will reboot your computer, click OK.



    Note: It is possible that VundoFix encountered a file it could not remove.
    In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the

    vundofix :http://www.atribune.org/content/view/24/2/

    run this in safe mode
    http://www.filepedia.com/desktop_softwar...mitfraudfix.cfm
    and post log
    press enter
    then 2 and enter
    Good luck

    while your there run sdfix
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    and do another hijack this log and post it
     
    Last edited by a moderator: May 11, 2007

Share This Page