Tom's Guide | Tom's Hardware | Tom's Games
 |
 |
 |
Hello. I beleive that I am infected with the fakemsn8beta virus because my homepage for IE explorer 7 is constantly changed to www.messengersite.net. I am wondering if anyone knows of a way to fix this virus.
Additional Info: I beleive that my antivirus program is unable to run with this virus on my maching. I was able to run spybot Search and Destroy and Adaware SE, but niether solved my virus problem. Like I said, no antivirus program seems to run, and the online scans I've attempted don't work because the virus blocks the websites from being accessed.
I was able, however to run a hijackthis from safe mode. I have the log available, but i tried posting it and my thread got deleted. I need an expert to ask for it first, then i can post it. So, if you may be able to help me ill gladly post the hijackthis log if you want me to. :) any help is very much appreciated. Thanks!
Please post your Hijack This log.
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
0 
Logfile of HijackThis v1.99.1
Scan saved at 7:38:07 PM, on 1/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?Lin...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?Lin...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by StarBand
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9877
F3 - REG:win.ini: load=C:\WINDOWS\system32\shzywewch\winlogon.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\shzywewch\winlogon.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {8F503E63-DE84-AE01-D91B-8E1D831719CC} - blank (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A7D8BE68-AA95-C1FD-ECF9-542E8E9829DA} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{AC00A015-0A64-1033-0220-040416200001}] "C:\Program Files\Common Files\{AC00A015-0A64-1033-0220-040416200001}\Update.exe" te-110-12-0000282
O4 - HKLM\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://register.starband.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v1...
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/p...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/de...
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v1...
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v1...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microso...
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://launch.gamespyarcade.com/sof...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binar...
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagame...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewo...
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v1...
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/h...
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} (Live Collaboration) - http://livesc02.rightnowtech.com/75...
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000282 (file missing)
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
0
SmitFraudFix v2.133
Scan done at 21:54:35.43, Sun 01/21/2007
Run from C:\Documents and Settings\Greg Penning\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWSC:\WINDOWS\country.exe FOUND !
C:\WINDOWS\kl1.exe FOUND !
C:\WINDOWS\toolbar.exe FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32C:\WINDOWS\system32\svchosts.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg Penning
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg Penning\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GREGPE~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
0
Please download SmitFraudFix from this link http://siri.urz.free.fr/Fix/Smitfra... Then extract the contents to your desktop.
!!!! Only run option #1 as runing the other options on an uninfected computer will damage the desktop.!!!!
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.Please download ComboFix to the desktop from this link:
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double-click combofix.exe
Follow the prompts.
(Don't click on the window while the program is running, it may cause your system to hang.)Please post the combofix.txt log.
0
Hey jabuck
here is the combo fix file
"Greg Penning" - 07-01-23 7:36:50 Service Pack 2
ComboFix 07-01-23.2 - Running from: "C:\Documents and Settings\Greg Penning\Desktop"(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\shzywewch\winlogon.exe
C:\WINDOWS\system32\shzywewch\winlogon.ini
C:\Program Files\Ipwindows\ipwins.dll
C:\Program Files\Ipwindows\ipwins.exe
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\unsvchosts.lzma
C:\utc.exe
C:\WINDOWS\Downloaded Program Files\TriJinx.1.0.0.67
C:\Program Files\Common Files\{3C00A~1
C:\Program Files\Common Files\{AC00A~1
C:\Program Files\Ipwindows
C:\WINDOWS\system32\svchosts.exe
C:\Program Files\Common Files\{AC00A~2
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\GREGPE~1
C:\qoobox\purity\DOCUME~1\GREGPE~1\Application Data
C:\qoobox\purity\DOCUME~1\GREGPE~1\Application Data\FNTS~1
C:\qoobox\purity\DOCUME~1\GREGPE~1\Application Data\from.txt
C:\qoobox\purity\DOCUME~1\GREGPE~1\Application Data\SCURIT~1
C:\qoobox\purity\Program Files\Common Files\YMANTE~1
((((((((((((((((((((((((((((((( Files Created from 2006-12-23 to 2007-01-23 ))))))))))))))))))))))))))))))))))
2007-01-23 07:42 <DIR> d-------- C:\WINDOWS\erdnt
2007-01-21 22:51 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-21 22:51 <DIR> d-------- C:\Program Files\MSN Messenger
2007-01-21 21:54 4,144 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-01-21 15:35 <DIR> d-------- C:\Program Files\Hijackthis
2007-01-21 15:30 <DIR> d-------- C:\DOCUME~1\GREGPE~1\Application Data\Uniblue
2007-01-21 15:22 <DIR> d-------- C:\!KillBox
2007-01-21 14:48 <DIR> d-------- C:\Program Files\msn gaming zone
2007-01-21 13:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-01-21 08:24 <DIR> d-------- C:\DOCUME~1\GREGPE~1\Application Data\BullGuard
2007-01-21 08:24 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\BullGuard
2007-01-20 12:43 2 --a------ C:\WINDOWS\SYSTEM32\wintsvtr.exe
2007-01-20 12:14 43,520 --a------ C:\WINDOWS\SYSTEM32\CmdLineExt03.dll
2007-01-20 11:31 868,352 --a------ C:\WINDOWS\SYSTEM32\mcgrphx.dll
2007-01-20 11:31 28,672 -ra------ C:\WINDOWS\SYSTEM32\DMAPI.dll
2007-01-20 11:31 204,800 --a------ C:\WINDOWS\SYSTEM32\MapTarget.dll
2007-01-20 11:31 135,168 -ra------ C:\WINDOWS\SYSTEM32\Mmcapi.dll
2007-01-20 11:31 110,592 -ra------ C:\WINDOWS\SYSTEM32\ustor.dll
2007-01-20 11:31 <DIR> d-------- C:\Program Files\LEI
2007-01-10 14:47 <DIR> d--hs---- C:\WINDOWS\R3JlZyBQZW5uaW5n
2007-01-10 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-09 22:06 16,384 --a------ C:\WINDOWS\fboqpttt.exe
2007-01-01 11:02 <DIR> d-------- C:\Program Files\Apple Software Update
2006-12-31 04:05 <DIR> d-------- C:\WINDOWS\rwoo
2006-12-31 04:05 <DIR> d-------- C:\Program Files\Common Files\rwoo
2006-12-30 22:44 92,485 --a------ C:\gp.exe
2006-12-30 18:32 <DIR> d--hs---- C:\WINDOWS\SYSTEM32\shzywewch
2006-12-26 15:26 <DIR> d-------- C:\Program Files\Lavasoft
2006-12-25 16:26 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-12-25 14:26 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-25 14:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\en-US
2006-12-25 14:24 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-25 14:23 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-12-25 14:22 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-25 13:16 <DIR> d-------- C:\e89977cce55b121db3
2006-12-25 12:27 <DIR> d-------- C:\WINDOWS\SYSTEM32\PreInstall
2006-12-25 12:05 18,200 --a------ C:\WINDOWS\SYSTEM32\wups2.dll
2006-12-25 12:05 <DIR> d-------- C:\WINDOWS\SYSTEM32\SoftwareDistribution
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-23 07:44 -------- d-------- C:\Program Files\logmein
2007-01-21 15:31 -------- d-------- C:\Documents and Settings\Greg Penning\Application Data\uniblue
2007-01-21 13:39 -------- d-------- C:\Program Files\Common Files\real
2007-01-21 13:38 -------- d-------- C:\Documents and Settings\Greg Penning\Application Data\real
2007-01-21 13:36 -------- d-------- C:\Program Files\mozilla firefox
2007-01-21 13:33 -------- d-------- C:\Program Files\dell
2007-01-21 13:31 -------- d-------- C:\Program Files\active prep
2007-01-21 10:41 -------- d-------- C:\Documents and Settings\Greg Penning\Application Data\bullguard
2007-01-20 11:49 -------- d--h----- C:\Program Files\installshield installation information
2007-01-10 20:26 -------- d-------- C:\Program Files\microsoft games
2007-01-08 18:41 -------- d-------- C:\Program Files\mercora
2007-01-01 11:05 -------- d-------- C:\Program Files\itunes
2007-01-01 11:05 -------- d-------- C:\Program Files\ipod
2007-01-01 11:03 -------- d-------- C:\Program Files\quicktime
2006-12-30 18:43 359808 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tcpip.sys
2006-12-26 15:26 -------- d-------- C:\Documents and Settings\Greg Penning\Application Data\lavasoft
2006-12-17 14:27 -------- d-------- C:\Program Files\shockwave.com
2006-11-26 10:37 -------- d-------- C:\Program Files\windows media connect 2
2006-11-07 23:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-11-04 20:25 1321744 --a------ C:\WINDOWS\SYSTEM32\msxml6.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\SYSTEM32\msxml4.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"Mercora"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -min"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"DwlClient"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb11.exe"
"HPHUPD06"="C:\\Program Files\\HP\\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\\hphupd06.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPHmon06"="C:\\WINDOWS\\system32\\hphmon06.exe"
"LogMeIn GUI"="\"C:\\Program Files\\LogMeIn\\LogMeInSystray.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
@=""[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Kodak EasyShare software.lnk"
"backup"="C:\\WINDOWS\\pss\\Kodak EasyShare software.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Kodak\\KODAKE~1\\bin\\EASYSH~1.exe -h"
"item"="Kodak EasyShare software"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cfgwiz"
"hkey"="HKLM"
"command"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE \"REBOOT\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="csrss"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\yxlwjyxi\\csrss.exe"
"inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mercora]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MercoraClient"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Mercora\\MercoraClient.exe\" -min"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Messenger Plus! 2\\MsgPlus.exe\""
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="csrss"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\yxlwjyxi\\csrss.exe"
"inimapping"="1"[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000
"NoDesktop"=dword:00000000
"NoFavoritesMenu"=dword:00000000
"NoFind"=dword:00000000
"NoRun"=dword:00000000
"NoSetActiveDesktop"=dword:00000000
"NoWindowsUpdate"=dword:00000000
"NoChangeStartMenu"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoRecentDocsMenu"=dword:00000000
"NoRecentDocsHistory"=dword:00000000
"ClearRecentDocsOnExit"=dword:00000000
"NoLogoff"=dword:00000000
"NoClose"=dword:00000000
"NoSetFolders"=dword:00000000
"NoSetTaskbar"=dword:00000000
"NoTrayContextMenu"=dword:00000000
"NoFileMenu"=dword:00000000
"NoViewContextMenu"=dword:00000000
"EnforceShellExtensionSecurity"=dword:00000000
"LinkResolveIgnoreLinkInfo"=dword:00000000
"NoNetConnectDisconnect"=dword:00000000
"NoDeletePrinter"=dword:00000000
"NoAddPrinter"=dword:00000000
"NoPrinterTabs"=dword:00000000
"Btn_Back"=dword:00000000
"Btn_Forward"=dword:00000000
"Btn_Stop"=dword:00000000
"Btn_Refresh"=dword:00000000
"Btn_Home"=dword:00000000
"Btn_Search"=dword:00000000
"Btn_History"=dword:00000000
"Btn_Favorites"=dword:00000000
"Btn_Media"=dword:00000000
"Btn_Folders"=dword:00000000
"Btn_Fullscreen"=dword:00000000
"Btn_Tools"=dword:00000000
"Btn_MailNews"=dword:00000000
"Btn_Size"=dword:00000000
"Btn_Print"=dword:00000000
"Btn_Edit"=dword:00000000
"Btn_Discussions"=dword:00000000
"Btn_Cut"=dword:00000000
"Btn_Copy"=dword:00000000
"Btn_Paste"=dword:00000000
"Btn_Encoding"=dword:00000000
"Btn_PrintPreview"=dword:00000000[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"=dword:00000000
"NoRun"=dword:00000000
"NoClose"=dword:00000000
"NoSaveSettings"=dword:00000000
"NoFileMenu"=dword:00000000
"NoCommonGroups"=dword:00000000[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
Shell\AutoRun\command E:\AutoRun.exe
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.jobCompletion time: 07-01-23 7:45:03
____________________________________________
and here is the NEW (after running combofix) SmigFraudFix file:SmitFraudFix v2.133
Scan done at 7:51:31.29, Tue 01/23/2007
Run from C:\Documents and Settings\Greg Penning\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWSC:\WINDOWS\country.exe FOUND !
C:\WINDOWS\kl1.exe FOUND !
C:\WINDOWS\toolbar.exe FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg Penning
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Greg Penning\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\GREGPE~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!![HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End____________________________________________
THANK YOU FOR ALL THE HELP!! :)....what are my next steps??
0
Please download SDFix by AndyManchesta and save it to your desktop.
Please then reboot your computer in Safe Mode by doing the following:
Restart your computer.
After hearing your computer beep once during startup, but just before the Windows icon appears, tap the F8 key continually.
Instead of Windows loading as normal, a menu with options should appear.
Select the first option, to run Windows in "Safe Mode", then press "Enter".
Choose your usual account.
Once in Safe Mode, please do the following:
In Safe Mode, right-click the SDFix.zip folder and choose Extract All.
Open the extracted folder and double-click RunThis.bat to start the script.
Type Y to begin the script.
It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
Your system will take longer that normal to restart as the fixtool will be running and removing files.
When the desktop loads the fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt
0
HEY :) its looking pretty good my homepage stays normal now!! here is the SDfix log...once again thanks for all the help!!
SDFix: Version 1.62Tue 01/23/2007 - 17:44:56.67
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\Greg Penning\Desktop\SDFix
Safe Mode:
Checking Services:Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...Normal Mode:
Checking Files:No Files Found..
Alternate Streams Check:C:\WINDOWS\system32
No streams found.Final Check:
Remaining Services:
------------------
Authorized Application Key Export:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
Remaining Files:
---------------Backups Folder: - C:\DOCUME~1\GREGPE~1\Desktop\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :C:\NTDETECT.COM
C:\Documents and Settings\Greg Penning\Local Settings\Application Data\Microsoft\Messenger\rach51@hotmail.com\Sharing Folders\squeak_basketball_81@hotmail.com\Thumbs.db
C:\Documents and Settings\Greg Penning\NetHood\ftp.draytek.com\Desktop.ini
C:\I386\cdplayer.exe.manifest
C:\I386\logonui.exe.manifest
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
C:\WINDOWS\SYSTEM32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\All Users\Application Data\BullGuard\Temp\wtslist.tmpp
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0003.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0004.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0005.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0008.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0046.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0063.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0088.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0175.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0211.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0232.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0558.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0633.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0702.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0932.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL0940.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL1041.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL1240.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL1251.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL1314.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL1708.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL1816.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL2107.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL2126.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL2295.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL2757.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL2847.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3170.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3274.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3299.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3562.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3585.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3621.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3624.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3637.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3680.tmp
C:\Documents and Settings\Greg Penning\Application Data\Microsoft\Word\~WRL3821.tmp
C:\Documents and Settings\Greg Penning\Desktop\~WRL1659.tmp
C:\Documents and Settings\Greg Penning\Desktop\~WRL3143.tmp
C:\Documents and Settings\Greg Penning\Desktop\Heather's folder\~WRL0652.tmp
C:\Documents and Settings\Greg Penning\Desktop\Heather's folder\~WRL3041.tmp
C:\Documents and Settings\Greg Penning\Desktop\RN Nursing\~WRL1231.tmp
C:\Documents and Settings\Greg Penning\Desktop\RN Nursing\~WRL2977.tmp
C:\WINDOWS\SYSTEM32\CONFIG\system.tmp.LOGFinished
0
I am having the same problem with the Messengersite homepage hijack.
Do I have to follow all of these steps mentioned above as well or is there a more simple way of doing it??
Thanks,
Dardex
Darren
0  |
 |
 |
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |
