PDA

View Full Version : Protection Bar Virus


darkstepa
2006-08-24, 23:20
Sup all, got this annoying protection bar virus, went thru all the steps you guys have posted and it looks like it was eliminated. If your wouldnt mind though, plz take a look over all of it and double check for me, it would be much appreciated.
Thanx
AJ

1st Rapport log

SmitFraudFix v2.81

Scan done at 10:37:29.48, Thu 08/24/2006
Run from C:\Documents and Settings\Roger J\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


2nd Rapport log

SmitFraudFix v2.81

Scan done at 11:07:21.13, Thu 08/24/2006
Run from C:\Documents and Settings\Roger J\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll








Ewido Log

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:45:24 PM 8/24/2006

+ Scan result:



C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-299502267-706699826-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-299502267-706699826-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-299502267-706699826-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-299502267-706699826-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL -> Adware.Websearch : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005 -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\WinFixer 2005\lock.dat -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> TrackingCookie.Adserver : Cleaned.
:mozilla.23:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> TrackingCookie.Advertising : Cleaned.
:mozilla.8:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Bfast : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Bridgetrack : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.63:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Clickagents : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@cliks[1].txt -> TrackingCookie.Cliks : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.15:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.48:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.49:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.51:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.52:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.53:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Fastclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Hitbox : Cleaned.
:mozilla.50:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Linksynergy : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.30:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.31:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.32:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.33:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.34:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.35:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.36:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.37:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.38:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.39:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Paypopup : Cleaned.
:mozilla.44:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.45:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.46:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.47:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> TrackingCookie.Qksrv : Cleaned.
:mozilla.61:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> TrackingCookie.Targetnet : Cleaned.
:mozilla.12:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.13:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.14:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.16:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.17:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.18:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.19:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.57:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp -> TrackingCookie.Valuead : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp -> TrackingCookie.Valueclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\Documents and Settings\Roger J\Application Data\Mozilla\Firefox\Profiles\eze4x0xy.AJ\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp -> TrackingCookie.Zedo : Cleaned.


::Report end
darkstepa
2006-08-24, 23:24
Hijack This Log
Logfile of HijackThis v1.99.1
Scan saved at 1:14:08 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1127326900\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\d7a042e6.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MBKWBar\TManager.exe
C:\WINDOWS\winhelp32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\America Online 9.0\shellmon.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_3_16_0.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Profiler] C:\Program Files\Saitek\Software\Profiler.exe
O4 - HKLM\..\Run: [SaiSmart] C:\Program Files\Saitek\Software\SaiSmart.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\Software\SaiMfd.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1127326900\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [RemoteControl] C:\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [d7a042e6.exe] C:\WINDOWS\system32\d7a042e6.exe
O4 - HKLM\..\Run: [SNM] C:\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MBKWBarManager] C:\Program Files\MBKWBar\TManager.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [winhelp32] C:\WINDOWS\winhelp32.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [d7a042e6.exe] C:\Documents and Settings\Roger J\Local Settings\Application Data\d7a042e6.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0335A685-ED24-4F7B-A08E-3BD15D84E668} - http://dl.filekicker.com/send/file/128985-NZIL/PhPSetup.cab
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://prizeamerica.aavalue.com/PrizeMachine/PA_live.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
pskelley
2006-08-26, 16:28
Welcome to the forum, you did not provide complete reports for either part of the SmitfraudFix. I can't tell if it did the job without those reports. What I suggest is that you delete all the SmitfraudFix stuff you have and download it again, then run the Search function. Post that complete text report for me to view.

You are also still infected, but this other junk does not look like Smitfraud, let's do this.

Start > Control Panel > Add Remove Programs > and uninstall MBKWBar if there. Uninstall any other program you know does not belong there. If you are not sure, let me know and I will look.

How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Please download ATF Cleaner by Atribune
http://www.atribune.org/public-beta/ATF-Cleaner.exe
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\Media-Codec\isaddon.dll (file missing)
O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\Media-Codec\iesplugin.dll (file missing)
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O4 - HKLM\..\Run: [d7a042e6.exe] C:\WINDOWS\system32\d7a042e6.exe
O4 - HKCU\..\Run: [MBKWBarManager] C:\Program Files\MBKWBar\TManager.exe
O4 - HKCU\..\Run: [winhelp32] C:\WINDOWS\winhelp32.exe
O4 - HKCU\..\Run: [d7a042e6.exe] C:\Documents and Settings\Roger J\Local Settings\Application Data\d7a042e6.exe
(if you did not set this advanced option, remove it)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4E7BD74F-2B8D-469E-DEFA-EB76B1D5FA7D} - http://prizeamerica.aavalue.com/Priz...ne/PA_live.cab

Close all programs but HJT and all browser windows, then click on "Fix Checked"

RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\winhelp32.exe <<< delete that file

C:\WINDOWS\system32\d7a042e6.exe <<< delete that file

C:\Program Files\MBKWBar\ <<< delete that folder

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the text report from Smitfraudfix, a new HJT log and any comments you think will help.

Thanks...Phil

Here is infortmation about this junk we are removing if you wish to see what it has done to your computer.
http://www.symantec.com/security_response/writeup.jsp?docid=2005-070113-4118-99
Probably this one:
http://www.symantec.com/security_response/writeup.jsp?docid=2003-060511-5140-99&tabid=2

C:\Program Files\Java\jre1.5.0_06 <<< Java is out dated, see this information: http://forums.spybot.info/showpost.php?p=12880&postcount=2
tashi
2006-09-02, 19:07
This topic is closed due to lack of a response to helper, if you need it re-opened please send me a private message (pm) and provide a link to the thread.

Applies only to the original topic starter.