| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 87999 | 2008-03-11 22:05:00 | Virus? umm | ZachPL (13501) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 648652 | 2008-03-11 22:05:00 | Well I was on yahoo answers and I did something stupid and clicked a link and it downloaded a file that auto installed its self called virus heat. I uninstalled it from the add and remove programs but there is a little bubble that keeps poping up from a ? and a ! on the toolbar. when it is clicked brings me to the virus heat website. And every once in a while a internet explorer blocks pops up warning me about a fake virus. I deleted this C:\Program Files\NetProject\sbmntr.exe in safemode from this topic forums.pcworld.co.nz here is the hijackthis log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:57:54 PM, on 3/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Dell Network Assistant\hnm_svc.exe C:\WINDOWS\system32\lxdicoms.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\NetProject\scit.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\NetProject\scm.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\WINDOWS\system32\KADxMain.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\WINDOWS\stsystra.exe C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\steam\steam.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: e404 helper - {D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46} - C:\Program Files\Helper\1205270142.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [lxdimon.exe] "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" O4 - HKLM\..\Run: [lxdiamon] "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKCU\..\Run: [DellAutomatedPCTuneUp] "C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe" /startup O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.safeiegate.com (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.safeiegate.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - pccheckup.dellfix.com O22 - SharedTaskScheduler: calpastatin - {a0efe2fe-7249-4403-a00b-8be108617c75} - C:\WINDOWS\system32\guadq.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DellAMBrokerService - Unknown owner - C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdise rv.exe O23 - Service: lxdi_device - - C:\WINDOWS\system32\lxdicoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE -- End of file - 11175 bytes Thanks. *cry* |
ZachPL (13501) | ||
| 648653 | 2008-03-11 22:15:00 | Yup Virusheat is rogue software, get rogueremover in my sig below. It should remove it. Once you update it, then click on scan Then run HJT tick these then tick fix checked Close browser/s Disable system restore as well. C:\Program Files\NetProject\scit.exe C:\WINDOWS\system32\KADxMain.exe O2 - BHO: (no name) - {C2A1C5CB-C0EF-4689-9436-F62CCA1C5383} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: e404 helper - {D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46} - C:\Program Files\Helper\1205270142.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Policies\Explorer\Run: [some] C:\Program Files\NetProject\scit.exe <-- Kill this / end its process in task manager 04 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\NetProject\sbmntr.exe <-- Kill this / end its process in task manager O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.safeiegate.com (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.safeiegate.com (file missing) Get something better than Nortons, like Avast Home / NOD32 Delete C:\Program Files\NetProject folder Then reboot Get trojan remover after you reboot. Its in my sig, update it then click on scan. Then select all options under utilities |
Speedy Gonzales (78) | ||
| 648654 | 2008-03-11 22:25:00 | Thanks! | ZachPL (13501) | ||
| 648655 | 2008-03-11 22:48:00 | Also, when you do change that (Arg!) Nortons to something else, make sure to use the removal tool when you uninstall it, otherwise there will still be a heap of crap left over in your comp. The removal tools are from Norton themselves, as even they admit the problems uninstalling it causes :) All Norton Versions Removal Tool Here (service1.symantec.com) |
bevy121 (117) | ||
| 648656 | 2008-03-12 04:48:00 | see also: Spybot S&D (www.safer-networking.org) ...IMHO one of the best freewaretool against malware... |
humi (13487) | ||
| 648657 | 2008-03-16 16:25:00 | Here it's the hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 18:24:21, on 16.3.2008 г. Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20733) C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\D-Tools\daemon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Datecs\FlexType 2K\FType2K.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Steam\Steam.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\NetProject\sbmntr.exe C:\Program Files\NetProject\scm.exe C:\Program Files\NetProject\sbsm.exe C:\Program Files\NetProject\scit.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\mitko\Desktop\alabala.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: e404 helper - {0D574C9F-71F9-4F3C-BA6D-CF9C0E1E3EE8} - C:\Program Files\Helper\1205675933.dll O2 - BHO: (no name) - {6860A44B-5D3E-433D-A7B5-D517F810D0E7} - C:\Program Files\NetProject\sbmdl.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O3 - Toolbar: Internet Service - {DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40} - C:\Program Files\NetProject\wamdl.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RegRun WinBait] C:\WINDOWS\winbait.exe O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe O4 - HKCU\..\Run: [Registry] "C:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "C:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.safeiegate.com (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - www.safeiegate.com (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O11 - Options group: [TABS] Tabbed Browsing O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DL L O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe and this is the autoruns: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run + @RegRunOnSecure Secure Start Support Application Greatis Software c:\program files\greatis\regrunsuite\onsecure.exe + Alcmtr Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcmtr.exe + ATICustomerCare ATI Customer Care Advanced Micro Devices, Inc. c:\program files\ati\aticustomercare\aticustomercare.exe + DAEMON Tools-1033 Virtual DAEMON Manager DAEMON'S HOME c:\program files\d-tools\daemon.exe + RegRun WinBait c:\windows\winbait.exe + RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe + StartCCC c:\program files\ati technologies\ati.ace\core-static\clistart.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run OnceEx + Title File not found: RegRun C:\Documents and Settings\All Users\Start Menu\Programs\Startup + Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe + FlexType 2K.lnk c:\program files\datecs\flextype 2k\ftype2k.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\Run + some c:\program files\netproject\scit.exe + start c:\program files\netproject\sbmntr.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run + Registry Launch application with delay Greatis Software c:\program files\greatis\regrunsuite\lsoon.exe + Regrun2 WatchDog Greatis Software c:\program files\greatis\regrunsuite\watchdog.exe + updateMgr Adobe Update Manager Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\adobeupdatemanager.exe HKLM\SOFTWARE\Classes\Protocols\Handler + skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components + 0 File not found: About:Home HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks + RegRun Script Checker Shell Hook DLL RRShell Module Greatis Software, LLC c:\program files\greatis\regrunsuite\rrshell.dll HKLM\Software\Classes\*\ShellEx\ContextMenuHandler s + Eset Smart Security - Context Menu Shell Extension Shell Extension ESET c:\program files\eset\eset nod32 antivirus\shellext.dll + WinRAR c:\program files\winrar\rarext.dll HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers + Eset Smart Security - Context Menu Shell Extension Shell Extension ESET c:\program files\eset\eset nod32 antivirus\shellext.dll + WinRAR c:\program files\winrar\rarext.dll HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers + WinRAR c:\program files\winrar\rarext.dll HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers + ACE ACE Context Menu c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll HKLM\Software\Classes\Folder\Shellex\ColumnHandler s + PDF Shell Extension PDF Shell Extension Adobe Systems, Inc. c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved + Catalyst Context Menu extension ACE Context Menu c:\program files\ati technologies\ati.ace\core-static\atiacmxx.dll + Display Panning CPL Extension File not found: deskpan.dll + Eset Smart Security - Context Menu Shell Extension Shell Extension ESET c:\program files\eset\eset nod32 antivirus\shellext.dll + HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll + WinRAR shell extension c:\program files\winrar\rarext.dll HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects + Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll + e404mgr Class e406 c:\program files\helper\1205675933.dll + {6860A44B-5D3E-433D-A7B5-D517F810D0E7} c:\program files\netproject\sbmdl.dll HKLM\Software\Microsoft\Internet Explorer\Toolbar + Internet Service c:\program files\netproject\wamdl.dll HKLM\Software\Microsoft\Internet Explorer\Extensions + IE Anti-Spyware File not found: www.safeiegate.com HKLM\System\CurrentControlSet\Services + Ati HotKey Poller ATI External Event Utility EXE Module ATI Technologies Inc. c:\windows\system32\ati2evxx.exe + ATI Smart ATI Smart c:\windows\system32\ati2sgag.exe + ekrn Eset Service ESET c:\program files\eset\eset nod32 antivirus\ekrn.exe HKLM\System\CurrentControlSet\Services + ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys + Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys + d347bus PnP BIOS Extension c:\windows\system32\drivers\d347bus.sys + d347prt SCSI miniport c:\windows\system32\drivers\d347prt.sys + eamon Eset file on-access scanner ESET c:\windows\system32\drivers\eamon.sys + easdrv Eset AntiStealth driver ESET c:\windows\system32\drivers\easdrv.sys + epfwtdir EPFW Filter Driver c:\windows\system32\drivers\epfwtdir.sys + i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys + IntcAzAudAddService Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys + lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys + Partizan Partizan - Rootkit detector Greatis Software c:\windows\system32\drivers\partizan.sys + PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys + PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys + PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys + PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys + PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys + Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys + RegGuard Registry Guard - registry keys protection driver for Windows NT/2000/XP/2003/Vista Greatis Software c:\windows\system32\drivers\regguard.sys + RTLE8023xp Realtek 10/100/1000 NDIS 5.1 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtenicxp.sys + Secdrv SafeDisc Driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys + WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute + Partizan Partizan - First Bootwatch Anti-Rootkit Greatis Software c:\windows\system32\partizan.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify + AtiExtEvent ATI External Event Utility DLL Module ATI Technologies Inc. c:\windows\system32\ati2evxx.dll |
mitiob (13502) | ||
| 648658 | 2008-03-16 17:47:00 | HI mitiob it's better to start your own thread instead of jumping into to someone else's,apart from that welcome to PF1 someone will look at your log toady and get back to you. |
gary67 (56) | ||
| 648659 | 2008-03-16 18:31:00 | HI, I had the same problem on my Father-in-laws computer. He has Avast Virus checker. I installed for him ages ago (its great for keeping itself up-to-date) but it doesn't stop him click those fake warnings. I tried, XoftSpy, Spybot, Rouge Removal, online virus checkers, hijackthis, StartCPL and may other tools to try to remove it. In the end I used smitfraudfix run in safe mode and that got rid of it. www.afterdawn.com Good luck |
porkster (6331) | ||
| 1 | |||||