Virus Detected Yesterday

mokarr · 10-20-2007, 10:32 AM

Yesterday my internet started getting really slow, which usually never happens. Every 5 or so minutes I would get a popup and then i knew something was wrong. I ran AdAware/Spybot S@D and deleted some spyware and let it be. Now when I woke up I had 50 internet browsers active... the funny thing is this trojan or virus is SAYING i have a virus/trojan and telling me to install fake antivirus removal. The popups are much more consistant now- about 1 a minute... Anyone heard of this before? Some of the trojans it "says its discovered are" Trojan-Spy.win32@mx and Networm-1.Virus@fp Heres my HJT:

mokarr · 10-20-2007, 10:35 AM

Logfile of HijackThis v1.99.1
Scan saved at 1:40:22 AM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ray Tong\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = ijji - Play LIVE! Play FREE!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunOnce: [SpybotDeletingA8020] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9014] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9855] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1905] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2234] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8475] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3280] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5914] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9340] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4565] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4473] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5798] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\RunOnce: [SpybotDeletingB3023] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7364] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB826] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4955] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4858] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8529] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB803] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9921] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1988] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3328] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9466] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7508] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

peterhuang913 · 10-20-2007, 10:40 AM

O4 - HKLM\..\RunOnce: [SpybotDeletingA8020] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9014] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9855] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1905] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2234] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8475] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3280] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5914] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9340] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4565] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4473] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5798] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3023] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7364] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB826] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4955] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4858] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8529] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB803] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9921] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1988] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3328] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_to bede leted"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9466] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7508] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedele ted"
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe

Osiris · 10-20-2007, 11:08 AM

After you ran spybot did you reboot?

mokarr · 10-20-2007, 12:30 PM

sorry about that, I even ran spybot again during the reboot. This Smithfraud yellow icon in my task bar is even showing during Safe Mode. I tried running Smitfraudfix.exe but the problem still occurs. Heres a more current HJT after running more anti virus tests

Logfile of HijackThis v1.99.1
Scan saved at 11:55:47 AM, on 10/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\uynxggeq.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\TrojanHunter 4.5\THGuard.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ResChanger 2005\ResChanger2005.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\mdm.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ray Tong\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Flash Module - {68D5BBF9-EED5-4125-B227-55F81540BF4D} - simcard1.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\cchdvuvm.dll (file missing)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\gebzirjh.dll
O2 - BHO: (no name) - {E1A289B1-95BF-4B55-AEBA-6A1B6540EA04} - C:\WINDOWS\system32\awtst.dll (file missing)
O2 - BHO: (no name) - {E271F4E9-D46E-4C7A-8608-AFDD4A87E582} - C:\WINDOWS\system32\opnnoop.dll (file missing)
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\gebzirjh.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.5\THGuard.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ytkqahrl.dll",sitypnow
O4 - HKLM\..\Run: [NI.UGA6P_0001_N119M1510] "C:\DOCUME~1\RAYTON~1\LOCALS~1\Temp\rhvqsuwb.e xe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - Startup: 2WireSetup.lnk = C:\Program Files\2Wire\WebWorks.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: TA_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../Installer.exe
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O20 - Winlogon Notify: gebzirjh - C:\WINDOWS\SYSTEM32\gebzirjh.dll
O20 - Winlogon Notify: opnnoop - opnnoop.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\uynxggeq.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Osiris · 10-22-2007, 11:03 AM

http://noahdfear.geekstogo.com/click%20counter/click.php?id=1

After clicking the above when prompted, be sure to select "Save As" and "Desktop" as the location. Once the download completes double left click on "smitrem.exe" on your desktop and click Extract at the default location pre-specified. Once extracted, look for a folder on your desktop called "smitrem" and double left click on it.
One open, double left click "runthis.bat"
Upon completion we highly suggest you run an anti-virus and anti-spyware scan.

After you run this, run AVG, CCleaner and Cleanup and post a new log

Member Login