Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Security Center?


  • This topic is locked This topic is locked
8 replies to this topic

#1 MatreX

MatreX

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 14 January 2007 - 09:45 AM

Ok, last night i was just looking around on the net with internet explorer 7 and i go to a website that i have been to before but my browser like redirects me to this //assureprotection.com/ with a dialog popup saying i got a virus, so I, without reading click ok to the dialog and retype the link to the website and it brings me to the website i wanted to go to.
Now, ever since i hit OK on that dialog i have been getting all these things on my computer telling me i got a virus, and every like 7 websites i try to go to it will redirect me to that assureprotection.com.

Here are a few screenshots of the thing i have been getting. (Dont go to the website assureprotection.com to try to see what im talking about cause it might infect you)
Im just going to leave a link instead of putting the image in my post so they wont break the forums.

http://matrex.omivu.net/virus/systemalert.jpg
This is the little tooltip i get every few mins.

http://matrex.omivu.net/virus/2.jpg
This is that website, assureprotection.com. Notice the yellow icon at the bottom, that i have never gotten before now, it is usually just the first one i showed you. Also, that toolbar i got on my browser, that also poped up after i hit yes and now when i right click to hide the toolbar it doesnt let me.

http://matrex.omivu.net/virus/new.jpg
This poped up just now, never seen it before.


I cant tell if this is a real virus alert or if this is a fake virus alert getting me to buy a stupid virus scanner.

I know i was supposed to run virus scanners before i posted this but i couldnt, last night after i got this i was running McAfee, Stinger, and Houscall all at the same time and they were taking a long time so i left them overnight and my mom got on this morning and decided to restart the computer so i didnt get to see what the scanners found, Im not sure if she deleted the files they found or not, i dont think she did.
Housecall took almost an hour to get to the accual scanning, then it said the estimate time was going to be 4 hours and it was already 1:30 in the morning here.




HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 9:37:48 AM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Object\isamonitor.exe
C:\Program Files\Video ActiveX Object\pmsngr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Video ActiveX Object\pmmon.exe
C:\Program Files\Video ActiveX Object\isamini.exe
C:\Program Files\FlashFXP\FlashFXP.exe
C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Video ActiveX Object\isaddon.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Video ActiveX Object\iesplugin.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\system32\gwquvw.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

Edited by KoanYorel, 14 January 2007 - 09:57 AM.

Current Sig:
Posted Image

BC AdBot (Login to Remove)

 


m

#2 Linkmaster

Linkmaster

    HJT Team Member


  • Members
  • 152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:04:34 PM

Posted 14 January 2007 - 10:12 AM

Hi MatreX,

You may wish to print out a copy of these instructions to follow while you complete this procedure

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download SmitfraudFix© by S!Ri to your Desktop.

Download ATF (Atribune Temp File) Cleaner© by Atribune

Download and Install AVG Anti-Spyware© by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Double-click smitfraudfix.exe
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert you
You will be prompted : Registry cleaning - Do you want to clean the registry ? answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll
Answer Yes to the question Replace infected file ? by typing Y and hit Enter.
The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed
A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually
Reboot back into Safe mode

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program

Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Now close AVG Anti-Spyware

Reboot into Normal Mode

Please run Panda's ActiveScan and perform a full system scan.
Once you are on the Panda site click the Scan your PC button (be sure to disable your popup blocker first )
A new window will open...click the big Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
Click on Local Disks to start the scan
Click on see report Then click Save report

Post a fresh HijackThis log, the contents of the rapport.txt file, the AVG Anti-Spyware log, and the Panda ActiveScan log here
(You may need to use several replies as the logs may be cut off)

Thank you !
Linkmaster
If I can't find it, it doesn't exist !!

UNITE Member

#3 MatreX

MatreX
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 14 January 2007 - 01:41 PM

I'm really sorry i posted in the wrong place. :thumbsup: I didn't realize where I was.


Progress Report (Because I'm bored):
I'm running the Panda ActiveScan now...
The problem I was having went away right after I ran smitfraudfix and all them toolbars that I don't like and I did not install in IE are gone. :D

I will post my logs once this panda scan is done.
Current Sig:
Posted Image

#4 Linkmaster

Linkmaster

    HJT Team Member


  • Members
  • 152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:04:34 PM

Posted 14 January 2007 - 01:57 PM

OK Ill check back in later !!
Linkmaster
If I can't find it, it doesn't exist !!

UNITE Member

#5 MatreX

MatreX
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 14 January 2007 - 05:15 PM

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 5:11:45 PM, on 1/14/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Justin\Desktop\hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab50727.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe


SmitFraudFix report.txt:
SmitFraudFix v2.132

Scan done at 11:16:58.59, Sun 01/14/2007
Run from C:\Documents and Settings\Justin\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\system32\gwquvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\gwquvw.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\system32\gwquvw.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url Deleted
C:\DOCUME~1\Justin\FAVORI~1\Online Security Test.url Deleted
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted
C:\Program Files\Video ActiveX Object\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


AVG log:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:	1:09:14 PM 1/14/2007

 + Scan result:	



C:\Documents and Settings\Justin\Desktop\hijackthis\backups\backup-20060528-133851-270.dll -> Adware.ArcadeRock : Cleaned with backup (quarantined).
C:\Program Files\ArcadeRockstar\arcaderockstarlib32.dll -> Adware.ArcadeRock : Cleaned with backup (quarantined).
C:\Program Files\ArcadeRockstar\clutil.dll -> Adware.ArcadeRock : Cleaned with backup (quarantined).
C:\Program Files\ArcadeRockstar\poplib.dll -> Adware.ArcadeRock : Cleaned with backup (quarantined).
C:\Program Files\ArcadeRockstar\shcfglib.dll -> Adware.ArcadeRock : Cleaned with backup (quarantined).
HKU\S-1-5-21-507921405-1229272821-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-507921405-1229272821-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\NK v5.7 _Update_.rar/NK v5.7\nk hack.dll -> Adware.StartPage : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\NK v5.7 _Update_.rar/NK v5.7\nk hack.exe -> Adware.StartPage : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\NK v5.7 _Update_\NK v5.7\nk hack.dll -> Adware.StartPage : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\NK v5.7 _Update_\NK v5.7\nk hack.exe -> Adware.StartPage : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\nK 5.6.rar/nk hack.dll -> Adware.StartPage : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\nK 5.6.rar/nk hack.exe -> Adware.StartPage : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{53EE3A1C-EE1E-4B1F-A1CB-95E291CE2E6B}\RP434\A0114801.dll -> Adware.WorldSecurityOnline : Cleaned with backup (quarantined).
C:\Documents and Settings\Justin\Desktop\hijackthis\backups\backup-20060719-153308-103.dll -> Trojan.Delf.px : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\release435.zip/siprj.exe -> Trojan.Delf.px : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\release435\siprj.exe -> Trojan.Delf.px : Cleaned with backup (quarantined).
C:\WINDOWS\bh.dll -> Trojan.Delf.px : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\HackProviders-X Public.zip/HackProviders-X Public/HackProviders-X.exe -> Trojan.Mygot : Cleaned with backup (quarantined).
C:\Program Files\Steam\CS Hacks\HackProviders-X Public\HackProviders-X Public\HackProviders-X.exe -> Trojan.Mygot : Cleaned with backup (quarantined).
C:\My Downloads\Tom Clancy Splinter Cell Double Agent XBOX (WORKING ISO).zip/Setup.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end


Activescan log:
Incident																		Status						Location																																																														

Potentially unwanted tool:Application/MotherboardMonitor.A					  Not disinfected			   C:\mIRC\v1.5-r4sys[07-09].zip[moo.dll]																																																						  
Spyware:Spyware/ArcadeRock													  Not disinfected			   C:\Program Files\ArcadeRockstar\wshlib.dll																																																					  
Hacktool:Hacktool/Hammer														Not disinfected			   C:\Program Files\Robster Productions\Halflife Logo Creator\HLC.exe																																															  
Potentially unwanted tool:Application/RealSpy								   Not disinfected			   C:\WINDOWS\system32\actskn45.ocx

Current Sig:
Posted Image

#6 Linkmaster

Linkmaster

    HJT Team Member


  • Members
  • 152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:04:34 PM

Posted 14 January 2007 - 07:15 PM

Your log seems to be OK now !!

Just one more thing :
**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

How is your system running now ??

Here are a few recommendations for protecting your system and reducing your risk of infection again !!

** Windows Update **
It is very important to keep your system up to date with the latest Critical Updates to avoid unnecessary security risks
Visit Microsoft's Windows Update page at the very least monthly to check for updates !!

** Make Your Internet Explorer More Secure **
This can be done by following these simple instructions :
From within Internet Explorer click on the Tools menu and then click on Options
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
Change the Allow paste operations via script to Disable
When all these settings have been made, click on the OK button
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

** Real Time Prevention **
SpywareBlaster© by Javacool Software :
*Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests
*Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
*Restrict the actions of potentially dangerous sites in Internet Explorer.
*Consumes no system resources

*Download, run, check for updates, download updates, select all, protect against checked. All done
*Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

** File Cleaners (temp, prefetch, cookie, etc) **
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

** Spyware Scanners **
Some FREE Spyware Scanners for Home use, that will detect and remove trojans, dialers, malware, browser hijackers, tracking components and other forms of Spyware :
SUPERAntiSpyware Home© by SUPERAntiSpyware.com
Ad-aware SE© by Lavasoft
Spybot S&D© by Safer-Networking

** Good Free Antivirus Programs **
AVG© by Grisoft
AntiVir© by H+BEDV Datentechnik GmbH
Avast© by ALWIL Software
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

** Firewalls **
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Free Personal Firewalls :
Sunbelt Kerio Personal Firewall© by Sunbelt
Jetico Personal Firewall© by Jetico, Inc.
Comodo Personal Firewall© by Comodo Group (XP & 2000 only)

I suggest that you Update Java:
Go to Start, Control Panel, Add/Remove Programs
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... ) and select Remove
Then Download and install the newest version :
JAVA SOFTWARE MANUAL DOWNLOAD

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Following these recommendations will help reduce your risk of future infections !!

Do you have any questions??
Linkmaster
If I can't find it, it doesn't exist !!

UNITE Member

#7 MatreX

MatreX
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:05:34 PM

Posted 15 January 2007 - 01:12 AM

I went to that "Shield Up" thing.
I dont really understand it, does this look good?

Log:
GRC Port Authority Report created on UTC: 2007-01-15 at 06:09:12

Results from scan of ports: 0, 21-23, 25, 79, 80, 110, 113, 
							119, 135, 139, 143, 389, 443, 445, 
							1002, 1024-1030, 1720, 5000

	0 Ports Open
	1 Ports Closed
   25 Ports Stealth
---------------------
   26 Ports Tested

NO PORTS were found to be OPEN.

The port found to be CLOSED was: 0

Other than what is listed above, all ports are STEALTH.

TruStealth: FAILED - NOT all tested ports were STEALTH,
				   - NO unsolicited packets were received,
				   - NO Ping reply (ICMP Echo) was received.



Other then this everything seems to be fine. :thumbsup:
I did everything in your last post exept get a firewall, only because im running 2 routers both with firewalls and its already a hastle when i want to open a port, lol.

Edited by MatreX, 15 January 2007 - 01:14 AM.

Current Sig:
Posted Image

#8 Linkmaster

Linkmaster

    HJT Team Member


  • Members
  • 152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:04:34 PM

Posted 15 January 2007 - 06:36 AM

Looks good !!

Glad everything is working now !!
Linkmaster
If I can't find it, it doesn't exist !!

UNITE Member

#9 Linkmaster

Linkmaster

    HJT Team Member


  • Members
  • 152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Arkansas, USA
  • Local time:04:34 PM

Posted 18 January 2007 - 07:04 AM

Glad we could help !!
Since this issue appears Resolved ... this Topic is Closed
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Linkmaster
If I can't find it, it doesn't exist !!

UNITE Member




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users