PDA

View Full Version : Smitfraud-C. Toolbar888



Jatyu
2007-05-31, 15:14
I am new to spybot and havent been using it for a long time but it has fixed all my problems it can find except Smitfraud-C. Toolbar888. I was wondering if someone could help me fix it.

I would be thankful if someone could help me fix this.:sad:

Jatyu
2007-05-31, 17:01
By looking through some other posts I noticed people posting hjt logs so here is mine:
Logfile of HijackThis v1.99.1
Scan saved at 9:41:35 PM, on 31/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\lsass0.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\YMBOLS~1\rundll32.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\s?stem\w?nword.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\win17C7.tmp.exe
C:\WINDOWS\TEMP\win17CE.tmp.exe
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ANtispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.magicthegathering.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ghqriewp.dll",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SvcManager] lsass0.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [tezchiby.exe] C:\Documents and Settings\All Users\Application Data\tezchiby.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlop.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Podt] "C:\WINDOWS\YMBOLS~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Gjmjlvj] "C:\Program Files\s?stem\w?nword.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?3ddb17998f0a40fc88972a14e8545f6a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?3ddb17998f0a40fc88972a14e8545f6a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F6FB90-B4E2-4FEA-9FDA-2EE68D993B51}: NameServer = 203.2.75.132 198.142.0.51
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


Can someone please help me!!!

Shaba
2007-05-31, 20:41
Hi Jatyu

Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log, please :)

Jatyu
2007-06-01, 08:44
I need some serious help with this. I have tried every solution i can find but nothing works. If someone could help me I would be greatful. My hjk log is:

Logfile of HijackThis v1.99.1
Scan saved at 1:38:15 PM, on 1/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\lsass0.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe
C:\Documents and Settings\All Users\Application Data\tezchiby.exe
C:\WINDOWS\YMBOLS~1\rundll32.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\s?stem\w?nword.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\ANtispyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ghqriewp.dll",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SvcManager] lsass0.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [tezchiby.exe] C:\Documents and Settings\All Users\Application Data\tezchiby.exe
O4 - HKCU\..\Run: [Podt] "C:\WINDOWS\YMBOLS~1\rundll32.exe" -vt yazb
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [Gjmjlvj] "C:\Program Files\s?stem\w?nword.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?3ddb17998f0a40fc88972a14e8545f6a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?3ddb17998f0a40fc88972a14e8545f6a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F6FB90-B4E2-4FEA-9FDA-2EE68D993B51}: NameServer = 203.2.75.132 198.142.0.51
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

tashi
2007-06-01, 08:52
Two topics merged.

Jatyu
2007-06-01, 08:58
Renamed hijackthis and here is new log:

Logfile of HijackThis v1.99.1
Scan saved at 1:56:37 PM, on 1/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\retadpu1000272.exe
C:\WINDOWS\system32\lsass0.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe
C:\Documents and Settings\All Users\Application Data\tezchiby.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ANtispyware\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by OptusNet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\ljjjgee.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\pnkivbse.dll
O2 - BHO: (no name) - {CE084A6D-A1FC-8B09-D97C-8EADAE9420C9} - C:\WINDOWS\system32\pnimddlw.dll
O2 - BHO: (no name) - {FCACE70F-E1B5-44DF-8482-E3BCFBF21BBD} - C:\WINDOWS\system32\awvtq.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ghqriewp.dll",realset
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SvcManager] lsass0.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [tezchiby.exe] C:\Documents and Settings\All Users\Application Data\tezchiby.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?3ddb17998f0a40fc88972a14e8545f6a
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?3ddb17998f0a40fc88972a14e8545f6a
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2F6FB90-B4E2-4FEA-9FDA-2EE68D993B51}: NameServer = 203.2.75.132 198.142.0.51
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: awvtq - C:\WINDOWS\system32\awvtq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ljjjgee - C:\WINDOWS\SYSTEM32\ljjjgee.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Shaba
2007-06-01, 10:05
Hi

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


1. Download combofix from one of these links:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post:

- a fresh HijackThis log
- combofix report
- vundofix report

Jatyu
2007-06-01, 11:47
Here is the vundo fix report:

VundoFix V6.4.1

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 3:10:44 PM 1/06/2007

Listing files found while scanning....

C:\WINDOWS\system32\awtrsrr.dll
C:\WINDOWS\system32\awtuspq.dll
C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\byxvwwv.dll
C:\WINDOWS\system32\ddcdbxy.dll
C:\WINDOWS\system32\efcyawt.dll
C:\WINDOWS\system32\fccbayv.dll
C:\WINDOWS\system32\ghqriewp.dll
C:\WINDOWS\system32\iayjfawi.ini
C:\WINDOWS\system32\iifcaaa.dll
C:\WINDOWS\system32\iifdaxx.dll
C:\WINDOWS\system32\iiffged.dll
C:\WINDOWS\system32\iwafjyai.dll
C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\khfdayx.dll
C:\WINDOWS\system32\ljjgeef.dll
C:\WINDOWS\system32\ljjjgee.dll
C:\WINDOWS\system32\mljifed.dll
C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\nnnnmjh.dll
C:\WINDOWS\system32\pholxejd.dll
C:\WINDOWS\system32\pmnlmki.dll
C:\WINDOWS\system32\pmnmmmm.dll
C:\WINDOWS\system32\pmnnklj.dll
C:\WINDOWS\system32\pweirqhg.ini
C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\rqroppq.dll
C:\WINDOWS\system32\rqrpqnk.dll
C:\WINDOWS\system32\ssqpqrq.dll
C:\WINDOWS\system32\ssqqpmj.dll
C:\WINDOWS\system32\tuvuron.dll
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\yayayaa.dll
C:\WINDOWS\system32\yayxvvs.dll
C:\WINDOWS\system32\yayxwuu.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awtrsrr.dll
C:\WINDOWS\system32\awtrsrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuspq.dll
C:\WINDOWS\system32\awtuspq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvtq.dll
C:\WINDOWS\system32\awvtq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\awvvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxvwwv.dll
C:\WINDOWS\system32\byxvwwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdbxy.dll
C:\WINDOWS\system32\ddcdbxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyawt.dll
C:\WINDOWS\system32\efcyawt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccbayv.dll
C:\WINDOWS\system32\fccbayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ghqriewp.dll
C:\WINDOWS\system32\ghqriewp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iayjfawi.ini
C:\WINDOWS\system32\iayjfawi.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifcaaa.dll
C:\WINDOWS\system32\iifcaaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifdaxx.dll
C:\WINDOWS\system32\iifdaxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiffged.dll
C:\WINDOWS\system32\iiffged.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iwafjyai.dll
C:\WINDOWS\system32\iwafjyai.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkklm.dll
C:\WINDOWS\system32\jkklm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfdayx.dll
C:\WINDOWS\system32\khfdayx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjgeef.dll
C:\WINDOWS\system32\ljjgeef.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjjgee.dll
C:\WINDOWS\system32\ljjjgee.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\mljifed.dll
C:\WINDOWS\system32\mljifed.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlkkj.ini
C:\WINDOWS\system32\mlkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnnmjh.dll
C:\WINDOWS\system32\nnnnmjh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pholxejd.dll
C:\WINDOWS\system32\pholxejd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlmki.dll
C:\WINDOWS\system32\pmnlmki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnmmmm.dll
C:\WINDOWS\system32\pmnmmmm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnklj.dll
C:\WINDOWS\system32\pmnnklj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pweirqhg.ini
C:\WINDOWS\system32\pweirqhg.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.bak2
C:\WINDOWS\system32\qtvwa.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\qtvwa.ini
C:\WINDOWS\system32\qtvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqroppq.dll
C:\WINDOWS\system32\rqroppq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrpqnk.dll
C:\WINDOWS\system32\rqrpqnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpqrq.dll
C:\WINDOWS\system32\ssqpqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqpmj.dll
C:\WINDOWS\system32\ssqqpmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvuron.dll
C:\WINDOWS\system32\tuvuron.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayayaa.dll
C:\WINDOWS\system32\yayayaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxvvs.dll
C:\WINDOWS\system32\yayxvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxwuu.dll
C:\WINDOWS\system32\yayxwuu.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ljjjgee.dll
C:\WINDOWS\system32\ljjjgee.dll Has been deleted!

Performing Repairs to the registry.
Done!

Combo fix has displayed FINDSTR: Search string too long. Is this a problem or do I let it continue?

Jatyu
2007-06-01, 12:01
Combo fix has stopped.

here is hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 17:00, on 2007-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
C:\Program Files\CRW\shwicon.exe
C:\Program Files\Acer\Notebook Manager\almxptray.exe
C:\Program Files\OptusNet Dial-up Internet\DSC.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\lsass0.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe
C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe
C:\Documents and Settings\All Users\Application Data\tezchiby.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\internet explorer\iexplore.exe
C:\ANtispyware\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\pnkivbse.dll
O2 - BHO: (no name) - {CE084A6D-A1FC-8B09-D97C-8EADAE9420C9} - C:\WINDOWS\system32\pnimddlw.dll (file missing)
O2 - BHO: (no name) - {FCACE70F-E1B5-44DF-8482-E3BCFBF21BBD} - C:\WINDOWS\system32\awvtq.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBY27.EXE
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] "C:\Program Files\CRW\shwicon.exe" -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [AcerNotebookManager] C:\Program Files\Acer\Notebook Manager\almxptray.exe
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet Dial-up Internet\DSC.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SvcManager] lsass0.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [tezchiby.exe] C:\Documents and Settings\All Users\Application Data\tezchiby.exe
O4 - HKLM\..\Run: [*combofix] C:\WINDOWS\system32\cmd.exe /e:on /f:off /v:off /c C:\ComboFix\Combofix.bat
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxuk101YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?50b49a65322b4d26806aed78774e3d7c
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?50b49a65322b4d26806aed78774e3d7c
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optusnet.com.au/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

Shaba
2007-06-01, 12:43
Hi

Uninstall via add/remove programs if present:

WinAntiSpyware 2007

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {CD3447D4-CA39-4377-8084-30E86331D74C} - C:\WINDOWS\system32\pnkivbse.dll
O2 - BHO: (no name) - {CE084A6D-A1FC-8B09-D97C-8EADAE9420C9} - C:\WINDOWS\system32\pnimddlw.dll (file missing)
O2 - BHO: (no name) - {FCACE70F-E1B5-44DF-8482-E3BCFBF21BBD} - C:\WINDOWS\system32\awvtq.dll (file missing)
O4 - HKLM\..\Run: [SvcManager] lsass0.exe
O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe"
O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe"
O4 - HKLM\..\Run: [tezchiby.exe] C:\Documents and Settings\All Users\Application Data\tezchiby.exe
O4 - HKLM\..\Run: [*combofix] C:\WINDOWS\system32\cmd.exe /e:on /f:off /v:off /c C:\ComboFix\Combofix.bat
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZNxuk101YYAU
O20 - Winlogon Notify: winghy32 - C:\WINDOWS\SYSTEM32\winghy32.dll

Close all windows including browser and press fix checked.

Reboot.

Delete if present:

C:\WINDOWS\system32\pnkivbse.dll
C:\Program Files\Common Files\WinAntiSpyware 2007
C:\Documents and Settings\All Users\Application Data\tezchiby.exe
C:\WINDOWS\SYSTEM32\winghy32.dll
C:\WINDOWS\system32\lsass0.exe

Empty Recycle Bin.

Post:

- a fresh HijackThis log
- combofix report (should be here -> C:\combofix.txt)

Jatyu
2007-06-01, 13:53
Deleted first 3 couldn't find the fourth and now computer crashes when i explore C:/Windows...

Computers dialup connection has been deleted...

Can't make a new one...

Using Mums Laptop...

No downloads allowed...

Crashes on start up now...

What do I do!!!:sad::sad:

Shaba
2007-06-02, 11:26
Hi

"Computers dialup connection has been deleted...

Can't make a new one..."

What do you mean by this?

Shaba
2007-06-09, 15:39
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.