all messed up

**kira666** · 2008-07-25, 18:48

but I can start menu spybot unistall right

**kira666** · 2008-07-25, 19:29

nvm about deleting it I found how to turn it off

**kira666** · 2008-07-25, 19:33

the tea timer is off but the combo fix still won't run it says Date:error check settings

**Baabiouz** · 2008-07-25, 19:46

# Click on Start > Settings > Control Panel.
# Under Programs, click on Uninstall a program.
____________

For Combofix: Remove old Combofix and download new

**kira666** · 2008-07-25, 20:05

i did it but combo fix still won't run if its possible can you walk me through this on aim it would make it easier for the both of us

**tashi** · 2008-07-25, 22:45

Originally Posted by kira666

can you walk me through this on aim it would make it easier for the both of us

Emphatically NO.

**kira666** · 2008-07-25, 23:02

ok but can you help me still look control panal dosn't work niether does my computer and the teatimer is off but the program won't work so can you find away around it cause i really need this laptop i am going to use it for school next year and we do alot of online stuff at my school but we have few computers.

**tashi** · 2008-07-25, 23:04

Originally Posted by kira666

ok but can you help me still look control panal dosn't work niether does my computer and the teatimer is off but the program won't work so can you find away around it cause i really need this laptop i am going to use it for school next year and we do alot of online stuff at my school but we have few computers.

Please wait for your helper to respond, the only other suggestion is that you take the machine to a shop.

Regards.

http://forums.spybot.info/showthread.php?t=31576

http://forums.spybot.info/showthread.php?t=31537

**Baabiouz** · 2008-07-25, 23:20

Hello Kira666.
Please be patient. I can't be here all the time.

Please remove your Combofix.exe. Let's run Dss:

Deckard's System Scanner (DSS)
Download Deckard's System Scanner here & save to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post in your next reply.

Please download SmitfraudFix

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

Please post Smitfraudfix log and Dss logs (main.txt and extra.txt) back here

**kira666** · 2008-07-26, 00:31

main text

Deckard's System Scanner v20071014.68
Run by Joe on 2008-07-20 06:09:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
25: 2008-07-20 13:09:54 UTC - RP282 - Deckard's System Scanner Restore Point
24: 2008-07-19 19:52:17 UTC - RP281 - Removed SUPERAntiSpyware Free Edition
23: 2008-07-19 19:50:37 UTC - RP280 - Removed Ad-Aware
22: 2008-07-19 16:33:05 UTC - RP279 - System Checkpoint
21: 2008-07-18 15:33:41 UTC - RP278 - System Checkpoint

-- First Restore Point --
1: 2008-07-15 17:19:43 UTC - RP258 - Installed LAN-Express ASIL IEEE 802.11 Wireless LAN

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Joe.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:11: VIRUS ALERT!, on 7/20/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ubpr01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\linksys\wpc54gv3\wpc54gv3.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Joe\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Joe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://internetsearchservice.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://internetsearchservice.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://internetsearchservice.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://internetsearchservice.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: {2b4e4f7f-4472-61fb-aef4-302a67bb1291} - {1921bb76-a203-4fea-bf16-2744f7f4e4b2} - C:\WINDOWS\System32\xvfykl.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: (no name) - {D46BEAA4-A304-40B3-A9DA-EC7F7F501F25} - C:\Program Files\Web Technologies\iebt.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {65742936-8079-408B-9F3C-874B78030A72} - (no file)
O3 - Toolbar: (no name) - {3FCAEB7D-F8AE-4A67-AE6C-57EE1416BB6D} - (no file)
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphceosj0e16g] C:\WINDOWS\System32\lphceosj0e16g.exe
O4 - HKLM\..\Run: [2050b7d9] rundll32.exe "C:\WINDOWS\System32\sgmllfjm.dll",b
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\System32\ubpr01.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CBT Wlan Service (CBTWlanSrv) - Unknown owner - C:\WINDOWS\CBTWlanSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 5951 bytes

-- File Associations -----------------------------------------------------------

.bat - batfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,41
.inf - inffile - DefaultIcon - C:\WINDOWS\System32\shell32.dll,69
.ini - inifile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,33
.txt - txtfile - DefaultIcon - C:\Program Files\AlienGUIse\Themes\Darkstar Icons\Darkstar.icl,35

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>

S3 CBPMp50 (CBPMp50 NDIS Protocol Driver) - c:\windows\system32\drivers\cbpmp50.sys (file missing)
S3 ENDETECT - c:\progra~1\fronti~1\fronti~1\app\endetect.sys (file missing)
S3 JL2005C (Dual Mode Camera) - c:\windows\system32\drivers\jl2005c.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 L2XPSR - c:\progra~1\fronti~1\fronti~1\app\l2xpsr.sys (file missing)
S3 LOGNT - c:\progra~1\fronti~1\fronti~1\app\lognt.sys (file missing)
S3 NTSTPL1 - c:\progra~1\fronti~1\fronti~1\app\ntstpl1.sys (file missing)
S3 NTSTPL2 - c:\program files\frontiernet\frontiernet dsl attendant\app\ntstpl2.sys <Not Verified; Network TeleSystems, Inc.; TCP Pro>
S3 TAPBIND - c:\progra~1\fronti~1\fronti~1\app\tapbind1.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CBTWlanSrv (CBT Wlan Service) - c:\windows\cbtwlansrv.exe <Not Verified; ; CBT Wlan Servic Application>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Scheduled Tasks -------------------------------------------------------------

2008-07-19 23:29:48 266 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2008-07-19 23:29:46 388 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2008-07-18 17:15:02 386 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job

-- Files created between 2008-06-20 and 2008-07-20 -----------------------------

2008-07-19 23:36:39 0 d-------- C:\Program Files\1 Click PC Fix
2008-07-19 23:30:00 0 d-------- C:\Documents and Settings\Joe\Application Data\Uniblue
2008-07-19 13:51:34 0 d-------- C:\Program Files\Trend Micro
2008-07-19 12:34:18 0 d-------- C:\Program Files\WallpaperScreensavers.net
2008-07-18 03:16:45 36864 --a------ C:\WINDOWS\System32\wbsys.dll <Not Verified; Stardock.Net, Inc; WindowBlinds 4.x for x86 machines>
2008-07-18 03:16:43 0 d-------- C:\Program Files\Common Files\Stardock
2008-07-18 03:16:42 0 d-------- C:\Program Files\AlienGUIse
2008-07-17 08:12:56 0 d-------- C:\Program Files\VirusRemover2008
2008-07-17 07:23:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-17 05:38:54 0 d-------- C:\Documents and Settings\Joe\Application Data\acccore
2008-07-17 05:37:55 0 d-------- C:\Program Files\AIMTunes
2008-07-17 05:37:24 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-17 05:36:29 0 d-------- C:\Program Files\AIM Search
2008-07-17 05:36:11 0 d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-17 05:36:03 0 d-------- C:\Program Files\Viewpoint
2008-07-17 05:36:00 0 d-------- C:\Documents and Settings\All Users\Application Data\acccore
2008-07-17 05:34:31 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-17 05:34:31 0 d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-17 05:33:14 0 d-------- C:\Program Files\Common Files\AOL
2008-07-17 05:32:58 0 d-------- C:\Program Files\AIM6
2008-07-17 04:32:26 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-17 04:31:57 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-07-17 04:31:56 0 d-------- C:\Documents and Settings\Joe\Application Data\SUPERAntiSpyware.com
2008-07-17 04:24:16 0 d-------- C:\Program Files\PCPrivacyCleaner
2008-07-17 00:06:40 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-17 00:03:02 94848 --a------ C:\WINDOWS\System32\sgmllfjm.dll
2008-07-17 00:02:13 116352 --a------ C:\WINDOWS\System32\xvfykl.dll
2008-07-17 00:02:12 116352 --a------ C:\WINDOWS\System32\oltgymag.dll
2008-07-15 10:31:21 113 --a------ C:\tmp2.reg
2008-07-15 10:24:02 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-15 10:22:08 116352 --a------ C:\WINDOWS\System32\pckudo.dll
2008-07-15 10:22:06 116352 --a------ C:\WINDOWS\System32\oidtaude.dll
2008-07-15 10:19:31 417220 --ahs---- C:\WINDOWS\System32\fLlTBJlm.ini2
2008-07-15 10:13:53 163840 --a------ C:\WINDOWS\edel.exe
2008-07-15 10:13:47 0 d-------- C:\Documents and Settings\Joe\Application Data\TmpRecentIcons
2008-07-15 10:13:02 163840 --a------ C:\WINDOWS\erms.exe
2008-07-15 10:13:01 155648 --a------ C:\WINDOWS\agpqlrfm.exe
2008-07-15 10:12:54 60928 --a------ C:\WINDOWS\System32\blphceosj0e16g.scr <Not Verified; Sysinternals; Sysinternals Blue Screen>
2008-07-15 09:56:10 0 d-------- C:\WINDOWS\System32\bits
2008-07-15 09:55:25 0 d-------- C:\WINDOWS\System32\PreInstall
2008-07-15 09:55:15 0 d--h----- C:\WINDOWS\$hf_mig$
2008-07-15 09:54:06 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-07-15 05:23:36 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-15 04:18:23 0 d-------- C:\Documents and Settings\Joe\Application Data\Real
2008-07-14 21:28:46 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-14 21:26:50 335 --a------ C:\WINDOWS\mozregistry.dat
2008-07-14 18:51:48 0 d-------- C:\WINDOWS\System32\SoftwareDistribution
2008-07-14 18:50:18 0 d-------- C:\WINDOWS\SoftwareDistribution
2008-07-14 12:58:41 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.98e64dfa.temp
2008-07-14 10:20:53 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.757cb0e5.temp
2008-07-14 09:26:22 0 d-------- C:\WINDOWS\System32\219725
2008-07-14 09:26:21 26624 --a------ C:\WINDOWS\System32\ubpr01.exe
2008-07-14 09:25:37 0 d-------- C:\Program Files\Web Technologies
2008-07-14 09:16:43 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.2fe54713.temp
2008-07-14 06:57:41 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment.temp
2008-07-13 20:32:05 1160 --a------ C:\WINDOWS\mozver.dat
2008-07-13 17:32:11 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-13 17:11:37 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-13 17:11:23 0 d-------- C:\Documents and Settings\Joe\Application Data\Mozilla
2008-07-13 17:02:14 33664 --a------ C:\WINDOWS\System32\drivers\BCMWLNPF.SYS <Not Verified; CACE Technologies; WinPcap Netgroup Packet Filter Driver>
2008-07-13 17:02:10 86016 --a------ C:\WINDOWS\System32\preflib.dll
2008-07-13 17:02:07 69632 --a------ C:\WINDOWS\System32\bcmwlpkt.dll <Not Verified; CACE Technologies; WinPcap low level packet library>
2008-07-13 17:02:05 20480 --a------ C:\WINDOWS\System32\WLTRYSVC.EXE
2008-07-13 17:02:04 2129920 --a------ C:\WINDOWS\System32\WLBCGCBPRO731.DLL <Not Verified; BCGSoft Ltd; BCGControlBar Professional Dynamic Link Library>
2008-07-13 17:02:03 757760 --a------ C:\WINDOWS\System32\bcm1xsup.dll
2008-07-13 12:30:10 106496 --a------ C:\WINDOWS\CBTWlanSrv.exe <Not Verified; ; CBT Wlan Servic Application>
2008-07-13 12:30:02 0 d-------- C:\WINDOWS\System32\ReinstallBackups
2008-07-13 12:29:02 0 d-------- C:\Program Files\Linksys
2008-07-13 12:28:24 0 d-------- C:\Documents and Settings\Joe\Application Data\InstallShield
2008-07-13 12:27:40 94208 -----n--- C:\WINDOWS\UITabCtrl.dll <Not Verified; CyberTAN; UITab Contorl DLL>
2008-07-13 12:27:40 126976 -----n--- C:\WINDOWS\UIListCtrl.dll <Not Verified; CyberTAN; UIList Contorl DLL>
2008-07-13 12:27:40 139264 -----n--- C:\WINDOWS\UIButton.dll <Not Verified; CyberTAN; UIButton Control DLL>
2008-07-13 00:28:37 18944 --a------ C:\WINDOWS\System32\ZDCndis5.sys <Not Verified; ZDC., Inc. (ZDC); ZDC Rawether for Windows>
2008-07-13 00:28:37 102400 --a------ C:\WINDOWS\System32\ZDCN50.dll <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
2008-07-13 00:28:31 0 d-------- C:\Program Files\LanExpress

-- Find3M Report ---------------------------------------------------------------

2008-06-18 05:38:08 0 d-------- C:\Documents and Settings\Joe\Application Data\Macromedia
2008-06-18 05:17:18 0 d-------- C:\Program Files\Kids Cam Sticker Factory
2008-06-18 05:09:14 0 d-------- C:\Program Files\MyDSC2
2008-06-18 05:09:14 0 d-------- C:\Program Files\Mars
2008-06-18 05:09:12 0 d-------- C:\Program Files\JL2005C

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1921bb76-a203-4fea-bf16-2744f7f4e4b2}]
07/17/2008 00:02: VIRUS ALERT! 116352 --a------ C:\WINDOWS\System32\xvfykl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
05/29/2008 14:33: VIRUS ALERT! 111968 --a------ C:\Program Files\AIM Search\AOLSearch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D46BEAA4-A304-40B3-A9DA-EC7F7F501F25}]
C:\Program Files\Web Technologies\iebt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [09/14/2005 20:44: VIRUS ALERT!]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/15/2008 05:22: VIRUS ALERT!]
"lphceosj0e16g"="C:\WINDOWS\System32\lphceosj0e16g.exe" []
"2050b7d9"="C:\WINDOWS\System32\sgmllfjm.dll" [07/17/2008 00:03: VIRUS ALERT!]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/20/2002 15:08: VIRUS ALERT!]
"wblogon"="C:\WINDOWS\System32\ubpr01.exe" [07/14/2008 09:26: VIRUS ALERT!]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [05/29/2008 14:26: VIRUS ALERT!]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)
"NoDispCPL"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=0 (0x0)
"NoSetFolders"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 12/20/2001 23:34: VIRUS ALERT! 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\mlJBTlLf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

8910 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-07-20 06:13:16 ------------

extra txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel Pentium III processor
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 543.48 MiB / 308.23 MiB
Pagefile Memory (total/avail): 1326.98 MiB / 1116.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1942.05 MiB

A: is Removable (No Media)
C: is Fixed (FAT32) - 5.58 GiB total, 1.48 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - TOSHIBA MK6015MAP - 5.59 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 5.59 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is set to notify before install.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Joe\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MUSCLEMACHINE
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Joe
LOGONSERVER=\\MUSCLEMACHINE
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Mozilla Firefox
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0803
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Joe\LOCALS~1\Temp
TMP=C:\DOCUME~1\Joe\LOCALS~1\Temp
USERDOMAIN=MUSCLEMACHINE
USERNAME=Joe
USERPROFILE=C:\Documents and Settings\Joe
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Joe (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Linksys\WPC54Gv3\bcmwlu00.exe" verbose /rootkey="Software\WPC54Gv3\802.11\UninstallInfo" /rootdir="C:\Program Files\Linksys\WPC54Gv3"
--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX --> C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
AIM 6 --> C:\Program Files\AIM6\uninst.exe
AIM Search --> C:\Program Files\AIM Search\uninstaller.exe AIM Search
AIM Toolbar 5.0 --> "C:\Program Files\AOL\AIM Toolbar 5.0\uninstall.exe"
AIMTunes --> C:\Program Files\AIMTunes\Uninstall.exe
AlienGUIse Theme Manager --> C:\PROGRA~1\ALIENG~1\thememgr.exe /uninstallwise
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
Bleach Anime 7 --> "C:\Program Files\WallpaperScreensavers.net\uninstall Bleach_A.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Mozilla Firefox (2.0) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sansa Media Converter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Uninstall Dual Mode Camera --> "C:\Program Files\JL2005C\unins000.exe"
USB Disk Win98 Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E79A62F-7A2D-4058-BCE0-94E6B9E2F162}\Setup.exe"
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
WPC54Gv3 - WPC54Gv3 --> C:\Program Files\InstallShield Installation Information\{2A2EDF5F-F3C6-4919-AE34-C08A71AD034A}\setup.exe -runfromtemp -l0x0009 -removeonly

-- Application Event Log -------------------------------------------------------

Event Record #/Type660 / Error
Event Submitted/Written: 07/18/2008 09:10:53 AM
Event ID/Source: 0 / pctsSvc.exe
Event Description:
The service process could not connect to the service controller

Event Record #/Type629 / Error
Event Submitted/Written: 07/18/2008 01:01:03 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.6.0.30, hang module SpybotSD.exe, version 1.6.0.30, hang address 0x00005994.

Event Record #/Type628 / Error
Event Submitted/Written: 07/18/2008 01:01:02 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application SpybotSD.exe, version 1.6.0.30, hang module SpybotSD.exe, version 1.6.0.30, hang address 0x00005994.

Event Record #/Type566 / Error
Event Submitted/Written: 07/17/2008 01:45:01 AM
Event ID/Source: 1001 / Application Hang
Event Description:
Fault bucket 21955421.

Event Record #/Type565 / Error
Event Submitted/Written: 07/17/2008 01:44:56 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application IEXPLORE.EXE, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type21161 / Error
Event Submitted/Written: 07/20/2008 00:52:04 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type21134 / Error
Event Submitted/Written: 07/19/2008 10:25:30 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Event Record #/Type21133 / Error
Event Submitted/Written: 07/19/2008 10:24:42 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Event Record #/Type21130 / Error
Event Submitted/Written: 07/19/2008 10:21:50 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.0.3.
The machine with the IP address 192.168.0.2 did not allow the name to be claimed by
this machine.

Event Record #/Type21059 / Warning
Event Submitted/Written: 07/19/2008 02:13:46 PM
Event ID/Source: 36 / W32Time
Event Description:
The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

-- End of Deckard's System Scanner: finished at 2008-07-20 06:13:16 ------------

rapport report

SmitFraudFix v2.331

Scan done at 6:22:10.90, Sun 07/20/2008
Run from C:\Documents and Settings\Joe\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ubpr01.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\CBTWlanSrv.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\linksys\wpc54gv3\wpc54gv3.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\notepad.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\ubpr01.exe FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Joe

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Joe\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Antivirus Scan.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Spyware Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JOE\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Web Technologies\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Linksys Wireless-G Notebook Adapter WPC54G Ver.3 #2 - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1
DNS Server Search Order: 216.165.129.157

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7EF93257-F238-4804-94E7-25B0361247BB}: DhcpNameServer=192.168.0.1 216.165.129.157
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7EF93257-F238-4804-94E7-25B0361247BB}: DhcpNameServer=192.168.0.1 216.165.129.157
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7EF93257-F238-4804-94E7-25B0361247BB}: DhcpNameServer=192.168.0.1 216.165.129.157
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 216.165.129.157
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 216.165.129.157
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 216.165.129.157

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

thnx

Thread: all messed up

Thread Tools

Display

Posting Permissions