View Single Post - Unknown virus or trojan HijackThis log file

A49ers2121 · 11-26-2006, 04:44 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:39:51 PM, on 11/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Common Files\AOL\1144176182\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Alex\Desktop\HijackThis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe"
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144176182\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwot.dll,startup
O4 - HKLM\..\Run: [jezmesh.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jezmesh.dll,zadrarc
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Etrh] "C:\WINDOWS\system32\SKS~1\services.exe" -vt yazb
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.ex e (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9t\command.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:31:30 PM 11/25/2006

+ Scan result:

C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000539.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000564.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000594.dll -> Adware.Agent : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000547.exe -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000549.dll -> Adware.CommAd : Cleaned.
C:\Program Files\Common Files\{3074DF77-07D9-1033-1028-050507270001}\Activate.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{3074DF77-07D9-1033-1028-050507270001}\Uninstall.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000124.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000125.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000126.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000184.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000185.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000186.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000505.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000506.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000191.exe -> Adware.Trymedia : Cleaned.
C:\WINDOWS\temp\win90.tmp.exe -> Adware.Virtumonde : Cleaned.
C:\WINDOWS\temp\win25.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\WINDOWS\temp\win3C.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\WINDOWS\temp\win41.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\WINDOWS\temp\win7F.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\WINDOWS\temp\win99.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\WINDOWS\temp\winB3.tmp.exe -> Downloader.PurityScan.dc : Cleaned.
C:\Documents and Settings\Mom\Local Settings\Temp\efhgbmwp.dll -> Logger.VBStat.h : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000153.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned.
C:\WINDOWS\temp\mst3B.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned.
C:\WINDOWS\temp\mst3E.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned.
C:\WINDOWS\temp\mst7E.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned.
C:\WINDOWS\temp\mst9A.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned.
C:\WINDOWS\temp\mstB2.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned.
C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000548.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@boostmobile.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@dillards.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@entrepreneur.122.2o 7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@readersdigest.122.2 o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mom\Cookies\mom@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Mom\Cookies\mom@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Mom\Cookies\mom@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@e-2dj6wjlooncjilo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@e-2dj6wjmiciajsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Mom\Cookies\mom@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Mom\Cookies\mom@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Alex\Cookies\alex@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Mom\Cookies\mom@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@h.starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Greg\Cookies\greg@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Maddie\Cookies\maddie@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Mom\Cookies\mom@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\temp\win22.tmp -> Trojan.Agent.vg : Cleaned.

::Report end

SmitFraudFix v2.124

Scan done at 21:01:02.93, Sat 11/25/2006
Run from C:\Documents and Settings\Alex\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

11-26-2006, 04:44 AM	#6 (permalink)
A49ers2121 New Member Join Date: Nov 2006 Posts: 13	Logfile of HijackThis v1.99.1 Scan saved at 9:39:51 PM, on 11/25/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Program Files\Common Files\AOL\1144176182\ee\AOLSoftware.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\AOL\ACS\AOLDial.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\Alex\Desktop\HijackThis\HijackThis.exe O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1144176182\ee\AOLSoftware.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwot.dll,startup O4 - HKLM\..\Run: [jezmesh.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\jezmesh.dll,zadrarc O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Etrh] "C:\WINDOWS\system32\SKS~1\services.exe" -vt yazb O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\PROGRA~1\Symantec\LiveUpdate\ALUSchedulerSvc.ex e (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW9t\command.exe (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing) --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 9:31:30 PM 11/25/2006 + Scan result: C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000539.dll -> Adware.Agent : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000564.dll -> Adware.Agent : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000594.dll -> Adware.Agent : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000547.exe -> Adware.CommAd : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000549.dll -> Adware.CommAd : Cleaned. C:\Program Files\Common Files\{3074DF77-07D9-1033-1028-050507270001}\Activate.exe -> Adware.Softomate : Cleaned. C:\Program Files\Common Files\{3074DF77-07D9-1033-1028-050507270001}\Uninstall.exe -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000124.dll -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000125.exe -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000126.exe -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000184.dll -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000185.exe -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000186.exe -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000505.dll -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000506.exe -> Adware.Softomate : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000191.exe -> Adware.Trymedia : Cleaned. C:\WINDOWS\temp\win90.tmp.exe -> Adware.Virtumonde : Cleaned. C:\WINDOWS\temp\win25.tmp.exe -> Downloader.PurityScan.dc : Cleaned. C:\WINDOWS\temp\win3C.tmp.exe -> Downloader.PurityScan.dc : Cleaned. C:\WINDOWS\temp\win41.tmp.exe -> Downloader.PurityScan.dc : Cleaned. C:\WINDOWS\temp\win7F.tmp.exe -> Downloader.PurityScan.dc : Cleaned. C:\WINDOWS\temp\win99.tmp.exe -> Downloader.PurityScan.dc : Cleaned. C:\WINDOWS\temp\winB3.tmp.exe -> Downloader.PurityScan.dc : Cleaned. C:\Documents and Settings\Mom\Local Settings\Temp\efhgbmwp.dll -> Logger.VBStat.h : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000153.dll -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned. C:\WINDOWS\temp\mst3B.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned. C:\WINDOWS\temp\mst3E.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned. C:\WINDOWS\temp\mst7E.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned. C:\WINDOWS\temp\mst9A.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned. C:\WINDOWS\temp\mstB2.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned. C:\System Volume Information\_restore{8D077847-2814-437C-9117-EA7A694B02FC}\RP2\A0000548.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@boostmobile.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@dillards.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@entrepreneur.122.2o 7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@readersdigest.122.2 o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Mom\Cookies\mom@2o7[2].txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Mom\Cookies\mom@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Mom\Cookies\mom@com[1].txt -> TrackingCookie.Com : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@e-2dj6wjlooncjilo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@e-2dj6wjmiciajsep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Mom\Cookies\mom@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Mom\Cookies\mom@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned. C:\Documents and Settings\Alex\Cookies\alex@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Mom\Cookies\mom@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@h.starware[2].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@try.starware[1].txt -> TrackingCookie.Starware : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned. C:\Documents and Settings\Greg\Cookies\greg@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Maddie\Cookies\maddie@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Documents and Settings\Mom\Cookies\mom@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\WINDOWS\temp\win22.tmp -> Trojan.Agent.vg : Cleaned. ::Report end SmitFraudFix v2.124 Scan done at 21:01:02.93, Sat 11/25/2006 Run from C:\Documents and Settings\Alex\Desktop\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End