really big problem [virus infection]

ok so i got a few bugs going on my comuter first of all i cant use my task manager i used this tool xp_taskmangerenab and when i used it and press the buttons the task manager crashes 2nd for sum reason my wallpaper says system stoped as a wall paper and i cant change it another prob is kernel32 wont start its messed up it says it when i first turn on the computer and another prob is that scvhost suttin .dll is error when i play this game called soldat i tried running ad-aware but it didnt help much and also if it is a virus its crashing my norton system works i cant scan for viruses someone plz help also system restore wont restore!!

 

troj regger.D c:\program Files\America online 9.0\download\3.dat X
troj small.ty c:\program Files\america online 9.0\download\6.dat X
troj regger.d c:\program Files\america online 9.0\3.dat X
troj regger.d c:\programs files\america online 9.0\432432.dat X
troj small.ty c:\programs files\america online 9.0\6.datX
tspy Dloader.dh c:\program files\common files\aol spyware protection\backup\24732034.asw x
tspy Dloader.dh c:\program files\common files\aol spyware protection\backup\24733534.asw x
tspy istbar.d c:\program files\istsvc\istsvc.exe
tspy istbar.bt c:windows\downloaded program files\istactivex.dll X
troj websearch.f c:\windows\system32\services\{3b2d1c89-eba5-456a-8733-2cce7307239}\security.dll
troj websearch.h c:\windows\system32\services\{3b2d1c89-eba5-456a-8733-2cce7307239}\security.exe
troj small.sj c:\windows\system32\bre.dll X
troj dloader.cf c:\windows\system32\ipzxcz324534xct.exe X
troj regger.d c:\windows\system32\us3432xzcb.exe X
troj agent.nh c:\windows\system32\uuihge.exe
troj dloader.gv c:\windows\system32\vxgamet1.exe X
troj lowzones.bz c:\windows\system32\vxgamet2.exe X
troj dialer.cg c:windows\frenk.dll
the ones with X are the ones that trendmicro could solve

 

here is my hijackthis log i think theres lots of things wrong allstarsearch is not me!
Logfile of HijackThis v1.99.1
Scan saved at 8:19:15 AM, on 6/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://allstarsearch.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allstarsearch.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://allstarsearch.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allstarsearch.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://allstarsearch.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.172 www.go.com
O1 - Hosts: 66.199.231.172 go.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O1 - Hosts: 66.199.231.171 cracks.am
O1 - Hosts: 66.199.231.171 www.cracks.am
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AzeBHO Class - {2FE28C1F-BF47-4643-AEFD-61C0073392BA} - C:\WINDOWS\System32\azeloader.ocx
O2 - BHO: (no name) - {4AEA6E33-D782-DA78-D85A-A97F171EDCBB} - C:\WINDOWS\System32\zfg.dll
O2 - BHO: Zapopz Class - {55D376A0-36CB-4C42-A3B4-E5FC2C92E1ED} - (no file)
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll
O2 - BHO: (no name) - {6FBE1BF8-8269-4D25-8BE4-9B10ADA021F6} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FE02F660-023A-065B-5262-5C7529C47BB3} - C:\DOCUME~1\GOTENS~1\APPLIC~1\SIXTHS~1\BaitTons.exe (file missing)
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe "
O4 - HKLM\..\Run: [EUobl8c8G] C:\WINDOWS\msmryk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [phone proc download admin] C:\Documents and Settings\All Users\Application Data\refsecondphoneproc\Memo Dog.exe
O4 - HKLM\..\Run: [uuihge] c:\windows\system32\uuihge.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{3B2D1C89-EBA5-456A-8733-2CCE73070239}\SVCHOST.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{3B2D1C89-EBA5-456A-8733-2CCE73070239}\SECURITY.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix: http://allstarsearch.net/gall.php?url=
O13 - WWW Prefix: http://allstarsearch.net/gall.php?url=
O13 - Home Prefix: http://allstarsearch.net/gall.php?url=
O13 - Mosaic Prefix: http://allstarsearch.net/gall.php?url=
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c283.cab
O16 - DPF: {2FE28C1F-BF47-4643-AEFD-61C0073392BA} (AzeBHO Class) - http://install.getda****.com/loader/azeloader.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edgesuite.net/dlmanager/dev/code/IE_1070/DownloadManager.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/black.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab?refid=4600
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://toolbar.azesearch.com/install/azesearch.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: System - {C76B9C96-47A7-4FD7-A2B0-1E6331172E05} - vr_sys.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

Hi Goten!

I'm working on a response for you now. Do you know what this is, where it came from, is it safe?
C:\Documents and Settings\All Users\Application Data\refsecondphoneproc\Memo Dog.exe

 

0_0 how did that get there..., no i dont know what that is and i dont think thats safe

 

Ok. Give me a bit.

 

You should print this out and/or save it to text where you can access it in safe mode.

Either turn on the Windows Firewall or download and install a third party firewall (I'd opt for third party....Zone Alarm.....and leave Windows Firewall off).

Download and install SpywareBlaster. Enable all protections, check for updates and enable them too. Then download IESpyad.exe, double click to extract (it extracts to C:\IESpyad by default), open the folder, double click the ie-ads.reg file and allow it to merge into the registry.

If you did not do a custom installation of MessengerPlus3, uninstall it from Add/Remove programs. If you want to keep it, re-install it without the sponsors.

Download DelDomains.inf saving it to the desktop.

Download the stand-alone CWShredder 2.14 from here. Save it to the desktop. Don't use it yet!

Download Ad-aware from my signature, install and update. Don't run it yet!

Save the contents of the quote box below to a blank notepad on your dektop as;

File name: delfile.bat
Save As Type: All Files

Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://allstarsearch.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://allstarsearch.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://allstarsearch.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://allstarsearch.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://allstarsearch.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.199.231.174 www.google.co.uk
O1 - Hosts: 66.199.231.174 google.co.uk
O1 - Hosts: 66.199.231.174 www.google.ca
O1 - Hosts: 66.199.231.174 google.ca
O1 - Hosts: 66.199.231.174 www.google.es
O1 - Hosts: 66.199.231.174 google.es
O1 - Hosts: 66.199.231.174 www.google.de
O1 - Hosts: 66.199.231.174 google.de
O1 - Hosts: 66.199.231.174 www.google.fr
O1 - Hosts: 66.199.231.174 google.fr
O1 - Hosts: 66.199.231.172 www.go.com
O1 - Hosts: 66.199.231.172 go.com
O1 - Hosts: 66.199.231.171 astalavista.com
O1 - Hosts: 66.199.231.171 www.astalavista.com
O1 - Hosts: 66.199.231.171 astalavista.box.sk
O1 - Hosts: 66.199.231.171 cracks.am
O1 - Hosts: 66.199.231.171 www.cracks.am
O2 - BHO: (no name) - {00000000-DD60-0064-6EC2-6E0100000000} - (no file)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\ceres.dll
O2 - BHO: AzeBHO Class - {2FE28C1F-BF47-4643-AEFD-61C0073392BA} - C:\WINDOWS\System32\azeloader.ocx
O2 - BHO: (no name) - {4AEA6E33-D782-DA78-D85A-A97F171EDCBB} - C:\WINDOWS\System32\zfg.dll
O2 - BHO: Zapopz Class - {55D376A0-36CB-4C42-A3B4-E5FC2C92E1ED} - (no file)
O2 - BHO: CInterfaceObj Object - {58F07DD3-924D-4141-BC74-299F523A95F1} - C:\WINDOWS\pxwma.dll
O2 - BHO: (no name) - {6FBE1BF8-8269-4D25-8BE4-9B10ADA021F6} - (no file)
O2 - BHO: (no name) - {FE02F660-023A-065B-5262-5C7529C47BB3} - C:\DOCUME~1\GOTENS~1\APPLIC~1\SIXTHS~1\BaitTons.ex e (file missing)
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-us\msnappau.exe "
O4 - HKLM\..\Run: [EUobl8c8G] C:\WINDOWS\msmryk.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe "
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [phone proc download admin] C:\Documents and Settings\All Users\Application Data\refsecondphoneproc\Memo Dog.exe
O4 - HKLM\..\Run: [uuihge] c:\windows\system32\uuihge.exe
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{3B2D1C89-EBA5-456A-8733-2CCE73070239}\SVCHOST.EXE
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{3B2D1C89-EBA5-456A-8733-2CCE73070239}\SECURITY.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O13 - DefaultPrefix: http://allstarsearch.net/gall.php?url=
O13 - WWW Prefix: http://allstarsearch.net/gall.php?url=
O13 - Home Prefix: http://allstarsearch.net/gall.php?url=
O13 - Mosaic Prefix: http://allstarsearch.net/gall.php?url=
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.145/x15.chm::/trs15.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...bridge-c283.cab
O16 - DPF: {2FE28C1F-BF47-4643-AEFD-61C0073392BA} (AzeBHO Class) - http://install.getda****.com/loader/azeloader.cab
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akamaitools.com.edg...loadManager.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/black.ocx
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softw...006_regular.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTic....cab?refid=4600
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://toolbar.azesearch.com/install/azesearch.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O21 - SSODL: System - {C76B9C96-47A7-4FD7-A2B0-1E6331172E05} - vr_sys.dll (file missing)


Either reboot and repeatedly tap F8 to enable the start menu and select safe mode, or go to start>run and type msconfig, hit enter. On the boot.ini tab, check the box next to /safeboot and click OK. Click yes to restart. This will restart your computer in safe mode. Logon to your user account.

Now in safe mode, you will need to show hidden files and folders, as well as system files and extensions for known file types.

Open CWShredder, close all other windows and click fix.

Right click the DelDomains.inf file and choose install.

Double click the delfile.bat file to run it.

Open C:\Documents and Settings\All Users\Application Data and delete the folder refsecondphoneproc.
Open C:\Program Files and delete the folder ISTsvc.
Open C:\WINDOWS\system32 and delete the folder services.
Open C:\Temp if present, select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Prefetch, select all and delete.
Open C:\Documents and Settings\username\Local Settings\temp, select all and delete. Do this for all username folders.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.

Open Ad-aware and run in full scan mode. Delete all it finds.

Open My Computer, right click Local disk C: and choose properties, then disk cleanup. Check all boxes except compress old files and click OK.

If you used msconfig, uncheck the /safeboot box and click ok to reboot. Upon reboot you will be greeted with a message window from the System Configuration Utility. Check the box not to use and don't show, then click OK. If you used F8, just reboot back into Windows.

Scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log.

 

thnx i just got this i had to clean the front yard now i gotta clean my pc lol thnx

 

uhh problem for sum reason zone alarm crashes when i start the setup

 

Wait until after the cleanup, when back in Windows, and before connecting to the internet to install it.

 

when u said to scan with highjack is it in safe mode or no safe mode becouse if im not in safe mode it crashes

 

A scan from Windows would be more helpful. Is it crashing while trying to scan from within Windows, after doing all of the suggested fixes?

 

well i did it i got rid of all the viruses but now my computer says i got low memry but i dont -_- oh yeah and i still cant change my wallpaper mostly none of my programs work awww man heres my hijack this log
Logfile of HijackThis v1.99.1
Scan saved at 9:51:07 AM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\win32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ccileusdrpji.net/A2FNOxaYsvJY5kVEMGJLdacscgXLHUMkPb0QKWHoxV51s2MaRTNxICK6fSuCRO4B.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{3B2D1C89-EBA5-456A-8733-2CCE73070239}\SECURITY.EXE
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [E30772E6] C:\WINDOWS\System32\izxxzdsafsafczxcr.exe
O4 - HKCU\..\Run: [L03sRTKET] actcript.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Dmau] C:\Program Files\iaao\olat.exe
O4 - HKCU\..\Run: [Uollfj] C:\WINDOWS\System32\??xplore.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {996DD727-C746-4D66-9E5C-2CE1CDB01522} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {996DD727-C746-4D66-9E5C-2CE1CDB01522} - (no file) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Please download the trial version of ewido security suite. Install ewido security suite and start the program from the icon on your desktop, then check for and download updates. Close for now.

Download the smitfraud.zip file. Save it to your desktop. If it saves as attachment.php, right click and rename to smitfraud.zip, then extract the folder to your desktop.

If you're using Kazaa, or even have it installed, I strongly recommend you uninstall it. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. If you opt to remove it, first use Add/Remove Programs to remove it and any reference to Altnet and P2P Networking. If/when asked whether you also want to remove Altnet components, say 'Yes'.
P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns. You may also want to run KazaaBegone to completely purge it from the system. Make sure to get the available LSPFix, and run it if you're unable to get an internet connection when done. Read this article for alternatives that will provide some of the same function without the garbage: http://www.spywareinfo.com/articles/p2p/


Scan again with HijackThis and place a check next to the following entries. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ccileusdrpji.net/A2FNOxa...CK6fSuCRO4B.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=:0
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [E30772E6] C:\WINDOWS\System32\izxxzdsafsafczxcr.exe
O4 - HKCU\..\Run: [L03sRTKET] actcript.exe
O4 - HKCU\..\Run: [wupd] C:\WINDOWS\System32\win32.exe
O4 - HKCU\..\Run: [Dmau] C:\Program Files\iaao\olat.exe
O4 - HKCU\..\Run: [Uollfj] C:\WINDOWS\System32\??xplore.exe
O9 - Extra button: Microsoft AntiSpyware helper - {996DD727-C746-4D66-9E5C-2CE1CDB01522} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {996DD727-C746-4D66-9E5C-2CE1CDB01522} - (no file) (HKCU)

Reboot to safe mode.

Open C:\Program Files and delete the following folders.

Kazaa << if you uninstalled it
Altnet
iaao
winupdate

Open C:\WINDOWS\System32 and delete the files actcript.exe, p2pnetworking.exe, win32.exe and ??xplore.exe if present.

Open the smitfraud folder and double click the RunThis.bat file to start the tool. Follow the prompts.

Open Ewido Security Suite

• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress, if prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop

Reboot back into Windows and scan your PC with RAV. If any files are infected, click the report button then copy and paste it here.

Run another HijackThis scan and post the log, along with the log from the Ewido scan.

 

hey looks like everything is in order now ^^ except i still cant open up some programs like some of my games for sum reason heres my hijackthis log one thing for some reason i cant change anything into the better looking windows xp the taskbar and start menu are in classic version : /


Logfile of HijackThis v1.99.1
Scan saved at 1:39:10 PM, on 6/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=:0
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\PROGRA~1\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Disk Keeper] C:\WINDOWS\System32\Services\{3B2D1C89-EBA5-456A-8733-2CCE73070239}\SECURITY.EXE
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted IP range: 67.19.178.84
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

my scan report
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:29:16 PM, 6/5/2005
+ Report-Checksum: DFA32094

+ Date of database: 6/5/2005
+ Version of scan engine: v3.0

+ Duration: 48 min
+ Scanned Files: 105455
+ Speed: 35.99 Files/Second
+ Infected files: 68
+ Removed files: 68
+ Files put in quarantine: 68
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@a.websponsors[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@debnb.imixserver[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@debnt.imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@exitexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@mysearchnow[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Cookies\gotens secret lab@sexsearchcom[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Gotens secret LAB\Local Settings\Temporary Internet Files\Content.IE5\OJ6YZHQ4\latest[1].exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\24674533.asw -> Spyware.Apropos -> Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\24819685.asw -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\25041568.asw -> Spyware.Apropos -> Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\25041878.asw -> Spyware.Apropos.e -> Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\QFle0530200501053914203.asw -> TrojanDownloader.Agent.kf -> Cleaned with backup
C:\Program Files\DAP\DAP.exe -> Spyware.Dap.b -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050604-212520-249.dll -> Spyware.PurityScan.ak -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050604-212521-246.dll -> Spyware.MediaTickets -> Cleaned with backup
C:\Program Files\HJT\backups\backup-20050604-212521-397.dll -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Program Files\Internet Explorer\iwfonpgm.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\Program Files\Internet Explorer\jisxjuvh.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\Program Files\Internet Explorer\kmvskwze.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\Program Files\Internet Explorer\mgturnyr.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\Program Files\Internet Explorer\oeoinebu.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\Program Files\Internet Explorer\uvctdyey.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\RECYCLER\S-1-5-21-1214440339-1767777339-839522115-1006\Dc24.exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\WINDOWS\assest.dll -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\iwfonpgm.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\jisxjuvh.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\kmvskwze.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\oeoinebu.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\uvctdyey.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\WINDOWS\ISNSYS.dll -> TrojanSpy.Justin -> Cleaned with backup
C:\WINDOWS\loadclean.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\WINDOWS\sasent.dll -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\sasetup.dll -> Dialer.Generic -> Cleaned with backup
C:\WINDOWS\sys3322.exe -> Trojan.Crypt.c -> Cleaned with backup
C:\WINDOWS\sys3323.exe -> Trojan.Crypt.c -> Cleaned with backup
C:\WINDOWS\sys3828.exe -> Trojan.Crypt.c -> Cleaned with backup
C:\WINDOWS\sys3829.exe -> Trojan.Crypt.c -> Cleaned with backup
C:\WINDOWS\sys5014.exe -> Trojan.Crypt.c -> Cleaned with backup
C:\WINDOWS\sys5017.exe -> Trojan.Crypt.c -> Cleaned with backup
C:\WINDOWS\sys507.exe -> Trojan.Crypt.c -> Cleaned with backup
C:\WINDOWS\system32\abc.exe -> TrojanSpy.LdPinch.os -> Cleaned with backup
C:\WINDOWS\system32\bszip.dll -> Worm.Wurmark.c -> Cleaned with backup
C:\WINDOWS\system32\cmd32.exe -> TrojanDownloader.Small.vn -> Cleaned with backup
C:\WINDOWS\system32\cssrs.exe -> TrojanSpy.PdPinch -> Cleaned with backup
C:\WINDOWS\system32\dsmanager.dll -> Spyware.BHO.j -> Cleaned with backup
C:\WINDOWS\system32\init32m.exe -> TrojanDownloader.Agent.ho -> Cleaned with backup
C:\WINDOWS\system32\latest.exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\WINDOWS\system32\p2pnetworking.exe -> Backdoor.Rbot.rc -> Cleaned with backup
C:\WINDOWS\system32\rch.dll -> Trojan.GSearch -> Cleaned with backup
C:\WINDOWS\system32\rdrlib.dll -> Spyware.Redir.b -> Cleaned with backup
C:\WINDOWS\system32\thun32.dll -> TrojanProxy.Small.bk -> Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> TrojanProxy.Small.bk -> Cleaned with backup
C:\WINDOWS\system32\vxgame3.exe -> TrojanDownloader.Agent.ho -> Cleaned with backup
C:\WINDOWS\system32\vxgame4.exe -> TrojanDownloader.Small.aqu -> Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> TrojanDownloader.Small.aux -> Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq8.exe -> TrojanDropper.Small.wp -> Cleaned with backup
C:\WINDOWS\system32\web.exe -> TrojanDownloader.Small.aqu -> Cleaned with backup
C:\WINDOWS\system32\wirl.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\~update.exe -> TrojanProxy.Lager.j -> Cleaned with backup
C:\WINDOWS\UnInstall.exe -> TrojanSpy.Stealer.i -> Cleaned with backup
C:\WINDOWS\vr_sys.dll -> TrojanSpy.PdPinch -> Cleaned with backup
C:\WINDOWS\wldr.dll -> TrojanDownloader.Agent.kf -> Cleaned with backup
C:\xz.exe -> Backdoor.Rbot.rc -> Cleaned with backup


::Report End

 

Please click the Tools button in IE, then Internet Options, Connections tab. Look within your connection's settings and uncheck any proxy box. Scan again with HijackThis. If the following entry is present, fix it.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=:0

Reboot and scan again. If it's back, please download and run F-Secure Blacklight and let us know the results.



Copy the contents of the quote box below to a blank notepad. Make sure the formatting remains the same.
Close it, saving to your desktop as:

File name: themes.reg
Save As Type: All Files

Double click the file and allow it to merge with the registry.

Reboot and see if your theme is working. If not proceed with the instructions below.


Copy the contents of the quote box below to a blank notepad.
Close it, saving to your desktop as:

File name: look.bat
Save As Type: All Files


dir C:\WINDOWS\Resources\Themes\Luna /a h > files.txt
notepad files.txt


Doubleclick on it and notepad will open with some text in it.
Copy and paste this in your next reply.

 

Volume in drive C has no label.
Volume Serial Number is E4BC-4F95

Directory of C:\WINDOWS\Resources\Themes\Luna

02/07/2005 11:22 AM <DIR> .
02/07/2005 11:22 AM <DIR> ..
08/29/2002 05:00 AM 4,186,256 luna.msstyles
02/07/2005 11:20 AM <DIR> Shell
1 File(s) 4,186,256 bytes

Directory of C:\Documents and Settings\Gotens secret LAB\Desktop

i got rid of that proxy thing
i just notice suttin almost everything in my desktop is a shortcut and my programs like limewire still wont show up

 

I've just discovered that I made an error in the reg file above and have fixed it. Right click the one you saved and choose edit. Again, copy the contents of the quote box above and replace the previous info, then close saving changes. Double click to merge, reboot and see if it worked.

 

sorry i couldnt get on untill now but no it wont work :S im thinking of just making a new profile and take everything over there? hey my programs are working again w00t