Tech Support banner
Status
Not open for further replies.
1 - 10 of 10 Posts

·
Registered
Joined
·
6 Posts
Discussion Starter · #1 ·
I have a conflict when i log into msn plus! msn crashes each time! can you have a quick look of my log and if its clean well ill have to look somewhere else for the problem thanks!

Tony!

Logfile of HijackThis v1.97.7
Scan saved at 11:53:58 AM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hpbpro.exe
C:\WINDOWS\System32\hpboid.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Documents and Settings\Owner\My Documents\My Received Files\Programs\HijackThis.exe
C:\WINDOWS\system32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] sxrose.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0057021D-5C87-0E28-1AD8-4572484FC01D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {00596178-5CA2-11EE-E001-33075A817960} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0106DA61-D229-07B1-27B9-2AC264197055} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01337909-FB9D-459F-E2B9-46AF36CB276E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01894FD5-2613-68E9-5611-7579495FF00A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01E80C26-AA8B-216F-B849-6C171FE86740} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {01F9B15F-9C83-5592-EEAF-24F811861733} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {022499D3-0E47-1861-0DD2-75C4571EE945} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {025AFA62-7F7C-454B-86FB-485C3AA7F255} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {031AC2BC-577C-621C-29C2-70DB687A6A5A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {039A96FB-9414-7724-44CE-249A06747174} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {03BF8D6F-14AA-1727-B108-648A24EA80E5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0406952A-8AD5-307B-FDBB-052F3A86F25C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {04F43BC9-3275-2D09-1DE3-6E43018715CE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {053AD634-4EAD-3085-46D3-55D73ACABBEA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {05FDB661-6543-56C4-FB6F-6A3248EBF844} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0632592B-6767-128A-ECA0-60D47892AF04} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {063F3002-E6F3-54C9-056C-063E4A51A597} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {06577042-D83D-0860-BCB2-4B1B156B6725} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {07B1FE0A-177B-7657-6F4C-38774DB773A6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {083EC786-41FE-6F46-6A81-1136507A75EE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {092363CE-5FDD-136A-4799-0A1D5E9D9090} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {09EE660C-9D8C-6993-8498-47D925BDED4A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0A8DB75C-3A1B-3696-C549-0DB30AD9BC7C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0A8E16D1-EBE2-392E-3AC6-45952860F04E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0A94D97A-C4DD-7B07-040A-434D785C35DF} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0AA6971E-85EC-3E54-DD01-3E8B3A97FC80} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0ADAF062-673A-2E9D-019E-6F655B62F3F5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0B210DED-F2C2-481D-6A2C-2380015903BD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0BC94640-8B1F-0328-4B81-5D064880ED35} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0C86CC27-A113-08FB-0B3F-1FC97BBF5C6B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0C9D36A2-87D4-3D92-5ADD-44F050F1EF93} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0D526D04-7CA3-5739-311D-55400A7923A7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0D56A299-C743-6E4D-460A-29173EDB7E2A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0D80F9E4-BF36-2EC2-DB14-09F3095028EE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0E56FA58-0DD5-1E1C-40A5-1FCA13988460} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0E667B52-BBCD-6EBF-B7D8-6211209BB46D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0ECEEF43-5AAA-4202-9188-31ED27131A72} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {0F764714-64B1-2364-2C77-0A561F7FFF86} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1092CBA7-C5A7-636F-90C4-034C5E0B3D48} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {111A9EE6-A7C8-7BB4-52DA-2A3D47286ED0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1153B596-755B-7FB8-FD3E-6D83580FA501} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {118B3734-DE16-3028-8091-689E19A1882D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {11FB222A-601F-3623-FA9D-36DC01352D8E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1205EB47-FD1A-4705-176F-39E975FED4C0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1206F00B-0EB2-6660-8B32-29BE43269AB4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {12F14DD2-687F-1CF2-E368-7EFF4C30ED27} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {13D23FE0-A71C-7FEC-56FB-3CE15152C70E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {147AF756-47B3-2EAE-D4DD-519D7165857C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {149C44C7-AF30-000D-1FDD-1B551F3E1F43} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {14F30C02-1D78-0F0C-05D6-25CF0291CDA5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {14F7E4D9-35C6-4337-783D-58A1058FA714} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {16A4EAD1-51C0-1E79-4E61-304B60518002} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1701C909-5704-4711-5E75-2F9753B06830} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {188A6117-0AA9-7D7A-14D4-26F257851375} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {19997406-7EC3-7ED8-8EAC-57487198346C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {199ACDDD-687B-58B4-D38D-69D32D638C0C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {19A2617E-77A6-19CC-201A-110C19153C03} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {19CDFCEC-8D13-451C-2746-2A321BECDF49} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1A67BDA0-B6E5-62F1-F646-566A36723A2F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1AB91CDD-EDCA-3F9E-FE1B-212412BF9805} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1ABC91B7-5C3E-4F92-47A2-3D8B3D8FF2C1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1B9FCAAF-EFE4-4C4E-2986-2E43590CF554} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1C4ABED2-E001-3F5E-CBF4-641B4C13FCF1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1C593A8E-7B64-3449-AD54-05A8137EFAB8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1D51309B-9755-3519-9480-57C96CAEFDA3} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1D664BA6-F90B-45A4-522D-5F134AB8C14F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1ED2BFB7-6966-62F4-887C-31C765548B32} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1F84F9F9-1D70-729B-158F-248936CAF600} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1F8DEA9C-E297-4E23-D152-7E755C011771} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {1FA3CB75-1ADF-1E0E-CA15-26391506BB2C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2082ED57-A1BB-4CC7-0AA7-4A317715A115} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {211DE085-6DCE-7EDB-4AFC-6C8F677C4C2A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {227D711B-03B8-71F8-DF53-714B06C6F6A1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {22DC24F3-52E5-4A85-6CA4-6E71618C5767} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2318E65B-694C-7D4F-A2EF-4B6E2B52D154} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {24BA1558-42B5-5B91-F27F-62FF465B4DD5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {26910EA4-1046-539B-7BFB-44377162A734} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {26B9DAE0-CAFA-26D6-ECC8-68687D657831} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {26D64F5E-4603-6C8D-64D5-679762EFDCBB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {26E7D922-9F02-4F26-A0FB-0C655EB03222} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2714C7F2-F223-0DAC-7194-18787335CEA1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {27C4632A-1682-5906-9A33-0C6B1A8E9389} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {27CD26C8-A587-2952-088D-38896931741F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {27EFAFB9-6EA1-3518-0374-02F95176B09E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {27F2F810-00D1-4E30-825D-7B8D44BCBB27} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {28F63822-86D5-31BB-1F16-35532044AA45} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {295AD0EA-F025-6660-BFA2-69B757DFFE31} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2A9D75C0-A9A9-4055-6576-305F6D7A0A4E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2A9F0EC9-41B7-61B3-106A-009D580E74C2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2B415FA9-5437-3E76-F0E4-18EF38319F8D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2BCD978B-D8D3-5273-FCEB-0C045C0DE06F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2C3E646B-5A8F-6728-D758-33FD6E281943} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2CA86A8A-D421-5A12-F0D0-64D600F4D811} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2D49F471-A94A-6333-8FCF-7B303C75F6B8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2D9759DC-A22B-1948-0499-51045347AEA2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2DFD2851-C414-38F2-6C45-0D0B60F1261A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2E25565B-E0FB-5EAC-4E63-48685E51C1AC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2F0B0FA2-A014-78BA-2EF5-4C614752AEB7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2FA56D34-AF0C-27DF-A058-334D6A21B65F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {2FC50F0C-930D-656A-616A-5BAF5CC001EB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3150FFE7-8F59-3E70-E346-165D322E2FAA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3158C3C2-96F8-55B4-49DB-41F14F951F82} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {31A64B9E-2201-4260-01FB-66B368F70C99} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {31CB4D5B-E286-55F6-EEBD-1F880780EDF2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {33178DA6-A1E0-456B-0D04-50D366E8EFF6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {33EE8D99-AAEA-55F3-D3BE-1B3C593181D6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {34489FBF-86A3-1AC5-E6A1-1A465D6E8B66} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {344EF53A-BCD4-0D34-1D6D-077C74620D86} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {37529992-718D-3F3A-A991-12B63677ADED} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {382B5518-23FD-243C-5B90-34371CC3FA37} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3830E191-A007-06F2-3E4B-0BBE526D7219} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {3B7D2270-5320-39E1-E4D6-77F016C18C85} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3B870C29-338C-1685-91CE-3DA309C2EBDA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3BC57F8A-F58D-54BB-0119-5C5A4453FA3D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3C4D9ACA-99B4-4D35-8341-61D853F62E79} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3CA2813F-BAFE-74A4-8667-0C8C0021C813} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3E97DD1F-BEC9-4FC9-8E91-5E8111E8C98F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3E9803F1-04E5-2458-2BE1-356223C66792} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F0E1087-1B2E-545E-1685-4F810425AE9D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F652219-CD29-5913-6593-15DF6B783D32} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F6F85EA-7A66-6AFF-51DC-7F5E3D132370} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {3F788AC8-DEBB-1182-2CEE-7DF46CDC7456} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {401284C7-584C-4D9F-7060-4A8C6DBB0860} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4132B416-A838-35D6-052F-4BCB263C2A30} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {41465C04-9A47-2F5C-B9CA-604D70C5BD07} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {41B999BD-5188-5EEA-F874-4C7B2DE8BEAE} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4266D73F-AE1C-00AF-B16E-63304A30E8FB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {42A4DDFC-EEB9-2C91-E0F7-104E51BA6FDC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {43E27D00-29F5-5CA6-BBF9-1C507FDC3AA0} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4570D485-6ED0-0417-5F8D-437018E20CE8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {45F072AA-CB41-4A83-B5EA-46FE2B6BB64F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {46D60CA2-B459-0E3D-AD9A-387D365BDAB4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {46E653C2-1266-187E-60D6-6BFD047C53B1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {473CBAE6-3C0B-3AAD-6729-5CDC6960789D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {473DC6A2-80AC-7997-86E3-155D56FF9C3D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {47D45C4A-DF41-7D24-5A46-65E66A6A3A03} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {48079D76-5CDA-55FE-1625-1D0E4CAA1108} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4837CC54-4736-5D31-A770-4BF04D0DC3D5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4A5439CD-4ACF-2AB7-7A90-723300A77727} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4AF8DF5D-4D9D-4EF3-FA54-5D46058E7D0F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4B0E0F1F-9D44-22DE-D22A-17261892E25A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4BE245CD-AF07-3DCF-DD32-342213BE1B90} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4C8C65AA-1C80-57A2-9961-144C5D0D1406} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4CBD1B22-6AA0-0B35-CCDD-29103E19044A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4CF71FE2-7BDA-3834-8C6B-3F630F6C40A8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4CFBDCFC-5904-7300-4128-1E356BAB657E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4E7F548D-D7AE-5AB0-6A31-61FE0974AAFB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4E8F85E3-8A33-4363-593C-59BD5E9A782D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4F9F586D-2FA1-1C86-5E15-27232153523B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {4FDE657D-0FA1-73C1-C548-66A652FCC3BB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {50FEE3A0-016F-495D-8BD2-0F7B2A5E0D39} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5111E992-CEC3-73C4-5544-07CD162029DD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {518A2BA6-2CC0-4D1D-2039-4FCB51D1C341} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {51C338BD-4D1F-1AF9-CD89-63BC660C7E11} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {520064B9-A1CC-7FB9-EAD5-65D226A776B8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {52017ADC-0246-6703-7D53-32417057B4B7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {522D28AB-27A3-6B9A-8ECD-0F0C15367B8D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {524319EA-638E-08BE-44ED-691D3D998EAD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {529E7022-06B5-0892-0289-4BBA36866C96} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab
O16 - DPF: {533F0DAE-CC87-5BED-739A-67A365CA9DF8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {540C45BA-0F9B-539A-78B9-7F0C0E0250AB} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {541A6D46-55BF-0CD0-3D8A-25AE7C04E60A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {541FE0BF-E346-6BB4-7034-76461025D29C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {557D27DA-5131-4CE3-2D7D-27AD2C774FBC} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {55991719-329F-239A-0E7C-6C455E9BFCC4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {55B473D7-908E-6A85-CF3B-252C4FB64663} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {57D7402D-F78C-4521-1411-3F457ACCE278} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {57F3404B-FFBC-1E2C-AE41-71CE422A0F6D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {58E04FC4-377E-71B3-B41A-711972C42F30} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {58F67D28-EAD7-6AF8-AEF2-56FE4CBE58C2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {59ACB40A-87C0-405E-58F5-250E78E647C9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {59D394DB-4F30-02AC-6E6B-0D565977CF5D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5C1D3F72-3B3A-3806-126A-2A6B0C42F2F9} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5E8A24DA-DD7C-3772-D5EF-0B706E36DF06} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5ED05567-1CE7-09EA-100B-34CC227F64B2} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {5EF178B9-6395-6829-10BD-7F591DE9D52F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5F693D3F-0EDA-5ADA-F73A-21DC760DF458} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {601AA31D-C293-5DEA-C8DC-65816F53E1E4} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {604DEB4B-D14E-49C8-6B25-3AC2253D1F0A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {606A7CF8-A312-1483-A4F3-4B487B12B32D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6190A409-8708-0842-F2F8-7A7800A2145B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {61BB7F66-DD98-34EC-381B-324429B752A6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {61FDE45F-8374-2F8A-4398-66956E6BF02D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141087476843
O16 - DPF: {646DDD51-39F0-7288-2732-48CF000B9671} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {64F1B4F8-6470-0A6E-D028-255B22B54F33} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {654EBDA6-5283-2C2D-AB1F-6C77627CBB85} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6554EE07-C6A8-57AF-52FF-37180C288D5B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6593E5A3-1B54-7E10-4152-4BBD4BA71D2C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {676FB4F3-7EEF-04B4-46CF-27C44E20CF58} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {678513C9-926D-50EB-2508-2F79171F7480} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {67C76ED3-9D3D-4DD6-5B12-605C1C16D72B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {681893AC-D68C-4781-E222-315D6DF46D5C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6837FDF1-7793-750A-E3C8-29293B20A3AD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {688A7A49-10A3-2E0C-BBF7-4744459780E7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6A66A705-6CD4-55D9-AC71-138A72328B46} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6AF760A2-7DB5-7C78-E0F9-63F73C552E66} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6B85A3EF-5DFB-66A5-4004-4DC14ED42464} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6CA8A03A-BC3D-3D0B-F46F-709A4F27D386} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6D01DFFF-B1AD-7E73-CFB4-0A497E2021B6} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {6E279707-75CC-7F5E-3265-45DD7B9391D3} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {70D67F5E-EFA9-1EE5-EB6D-0BE25417EC94} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {71413D88-EB03-18A0-68A4-785A00117080} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7170087A-41AF-29BA-2F35-5C7B32C88E73} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7266CF6A-0F63-126E-AEDE-48133B00A39F} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {739B0F1C-557E-4238-A094-42B730776397} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {73D7DE2A-4AA4-3A73-B466-57B97A7A633D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {740643F9-CAC9-7F77-BCAC-4021092C544A} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {75974204-376D-0331-08D6-6A5639896767} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {75AF8459-D072-4D21-FB29-04265F863FF7} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {760A7A02-8E98-7FC7-974D-39406D6822F8} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {760E2CC6-549D-7114-26F1-069B1435727D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {762EAD4C-05E4-3467-418D-003921341383} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {77440775-6C90-1DE6-E506-1E11312A2F76} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {79182EF6-B219-1976-C4AA-30B879327586} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7932A8CE-A8AC-1B0A-E0AE-1C4351745209} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7A2A7BCB-E16F-7583-F4D2-0F8F4C6E3A28} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7A7B0086-D6AE-531A-252F-640F62E068EA} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7A85F436-1F34-46EC-407E-48A81BABF8C5} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7AB0BD6D-7BDC-3DDC-D3B7-73921041CD18} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7B070CE0-901C-6B85-2A38-0CBE1BDFFA42} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7B983758-EBE3-40CC-24CF-5D7F2DE6C9C1} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7C204BC4-6CD1-28A1-EBB6-2EC77AD4642C} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7DB69963-DBBE-1B66-B887-4F6351D2503E} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7EE57B7E-4459-27A5-12C7-76BD6C1F84DD} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {7F65D08E-6DE6-5E04-9DE2-1C4B3B57473B} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B10BB849-D5C9-4345-86ED-DE3D691F3943}: NameServer = 212.139.132.41 212.139.132.42
 

·
Registered
Joined
·
2,506 Posts
Hello bigt58, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.


Download CleanUp!
Download and install CleanUp! but do not run it yet. (alternate link if main link isn't working: http://www.greyknight17.com/spy/CleanUp.exe)

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.
  1. Load AVG Anti-Spyware and then click the Shield tab at the top
    • Click on the word active to change it to inactive.
  2. Click the Update tab at the top:
    • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
    • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
  3. Click the Scanner tab at the top and then the Settings sub-tab:
    • Under How to act?, click Recommended actions and select Quarantine.
    • Under Reports, select Automatically generate report after every scan
  4. Close AVG Anti-Spyware. Do not run a scan with it yet.

Download SDFix
Please download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (the drive that contains the Windows directory, typically C:\SDFix). Don't do anything else with this tool yet.


Download SmitfraudFix
Please download SmitfraudFix (by S!Ri) and save it to your Desktop.
  1. Double-click the SmitfraudFix.exe file.
  2. Select option #1 - Search by typing 1 and pressing "Enter".
  3. A text file will appear which lists infected files (if present). This file will be saved as C:\rapport.txt.
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
O2 - BHO: (no name) - {686a161d-5bd1-4999-8832-6393f41e564c} - C:\WINDOWS\system32\hp100.tmp (file missing)
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp (file missing)
O4 - HKLM\..\RunServices: [Compaq Service Drivers] sxrose.exe
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
Also select all the O16 lines that have http://85.255.113.214/1/gdnFR2218.exe.

Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Find and delete the following file indicated in RED using Start>Search:
sxrose.exe


Run SDFix
  • Open the SDFix folder (typically C:\SDFix) and double click RunThis.bat.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC. Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads, the Fixtool will complete the removal and display Finished. Press any key to end the script and load your desktop icons.
  • The tool will produce a file called Report.txt in the SDFix folder. Please post this log with your next post.

Reboot
Reboot your system back into Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
    • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
    Click OK.
  • Press the CleanUp! button to start the program.
Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run AVG Anti-Spyware
  • Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
  • If Set all elements to is not set to Quarantine (1), please click Recommended Action and choose Quarantine from the popup menu (2).
  • At the bottom of the window, click on the Apply all actions button (3).
  • When it has finished, click the Save Scan Report button (4), then click Save Report As and save the report it to your desktop.
  • Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded, click on NEXT.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database: extended
    • Scan Options: Scan Archives and Scan Mail Bases
  • Click OK
  • Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
  • Now under select a target to scan, select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run all the way.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button and save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.


Download Autoruns
  • Please download Autoruns and AutoCmd.
  • Extract the contents of Autoruns into a new folder.
  • Now extract the contents of AutoCmd into the same folder as Autoruns. This is important!
  • Double-click on AutoCmd.cmd & select option '1'
  • It will produce a log called autoruns_X_Y.txt (where X and Y are the date and time respectively). Please attach the log in your next reply.

Generate An Uninstall List
  • Open HijackThis.
  • Click on the "Configure" button on the bottom right.
  • Click on the tab "Misc Tools".
  • Click on the Box that says "Open Uninstall Manager".
  • Click on the button "Save list"
Please save a copy and paste the contents with your next reply.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The contents of C:\rapport.txt,
  2. the contents of C:\SDFix\Report.txt,
  3. AVG Anti-Spyware scan report,
  4. Kaspersky scan report,
  5. your Autoruns log,
  6. your uninstall list, and
  7. a new HiJackThis log taken after Kaspersky finishes.
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #3 ·
ok i got to the stage after high jack this no sxrose.exe found on computer so moved onto the SDFix stage! but i cant open the bat file nothin happens and i cant run it either!
 

·
Registered
Joined
·
2,506 Posts
Try this: go to Start>Run and type "cmd" (without the quotes) and press return. You should get a black window with a prompt. Type the following:

cd \sdfix
runthis.bat​

Do you get any errors?
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #5 ·
Many thanks for your help i completed everything required please see text doc it was to big to enter as a reply!

Tony :pray:
 

Attachments

·
Registered
Joined
·
2,506 Posts
Can you give me a new log from HijackThis, also? I'm working on the next set of instructions for you, but I need to see your HijackThis log. Make sure you copy and paste everything for me.
 

·
Registered
Joined
·
6 Posts
Discussion Starter · #7 ·
Logfile of HijackThis v1.99.1
Scan saved at 9:50:38 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\SnoopFreeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\SnoopFreeUI.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
C:\Documents and Settings\Owner\My Documents\My Received Files\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SnoopFreeUI] SnoopFreeUI.exe
O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM [email protected] 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe
O16 - DPF: {4E8F85E3-8A33-4363-593C-59BD5E9A782D} - http://85.255.113.214/1/gdnFR2218.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/download/scanner/wlscbase5059.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1141087476843
O17 - HKLM\System\CCS\Services\Tcpip\..\{B10BB849-D5C9-4345-86ED-DE3D691F3943}: NameServer = 212.139.132.4 212.139.132.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SnoopFree Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe

There you go:wave:
 

·
Registered
Joined
·
2,506 Posts
P2P Software
I see you have P2P software (i.e. BitComet, BitTorrent, LimeWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.


Download Attachment
Download the file attached to this post and save it to your desktop. Extract it and double-click on the bigt58.reg file. It will ask you if you want to merge/add it to the registry -- choose Yes. You may delete both files now.


Download FixWareout
Please download FixWareout from one of these sites and save it to your Desktop:
  1. http://downloads.subratam.org/Fixwareout.exe
  2. http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Now double-click on Fixwareout.exe to run it.
  • Click Next, then Install. Make sure Run fixit is checked and click Finish.
  • The fix will begin. Please follow the prompts.
  • You will be asked to reboot your computer. Please do so.
  • Your system may take longer than usual to load. This is normal.
Once the desktop loads, a text file will open (report.txt). You can close it -- the file has already been saved. However, please include the contents of that report with your next post.


Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
NudgeMania 3.0 for Messenger
Please let me know if any of these were unable to uninstall.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):


O4 - HKLM\..\Run: [SDFix] C:\SDFix\RunThis.bat /second
O16 - DPF: {4E8F85E3-8A33-4363-593C-59BD5E9A782D} - http://85.255.113.214/1/gdnFR2218.exe
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Program Files\MSN Messenger\riched20.dll
C:\Program Files\NudgeMania
C:\Program Files\SearchRelevant
C:\Documents and Settings\All Users.WINDOWS\Documents\transfer\My albums\download1093371635121297703.dat
C:\Documents and Settings\All Users.WINDOWS\Documents\transfer\My Received Files\Downlaods\mirc616.exe
C:\Documents and Settings\Owner\My Documents\My albums\download1093371635121297703.dat
C:\Documents and Settings\Owner\My Documents\My Received Files\Programs\mirc616.exe
C:\WINDOWS\system32\f3PSSavr.scr


Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.
  1. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
  2. Enter your e-mail address, country, and state and click Scan Now.
  3. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
  4. Begin the scan by selecting My Computer. Note:
    • Please turn off the real time scanner of any existing antivirus program while performing the online scan.
    • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
    • Click on See report then click Save report.
    • It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The contents of report.txt from FixWareout,
  2. Panda ActiveScan report,
  3. a new HiJackThis log taken after Panda finishes.
Also let me know how your machine is behaving now.
 

Attachments

·
Registered
Joined
·
2,506 Posts
I think something has screwed up your .bat file association, but I want to double-check what you have before I start blindly trying to fix it. Download and extract the attachment. Double-click on bigt58.cmd -- with any lucky, you should get a Notepad with some text in it. Copy and paste that text here for me.
 

Attachments

1 - 10 of 10 Posts
Status
Not open for further replies.
Top