How2PK Posted March 8, 2007 Share Posted March 8, 2007 Since this afternoon I'm having a little bit of trouble with my computer. Not that it is not running or something like that. But I just get weird messages that there is a trojan-horse, and that there is spy-ware on my computer. And when i click the pop-up (the ones on the right bottom in the screen, where you get your windows update etc. as well) it takes me to some kind of website that I don't really trust either. And it just started this afternoon, out of the blue. Somebody has got an idea what is going on? My AVG scanner has been running for nearly 40 minutes now, and all it came up with so far is a: laf9.tmp Trojan horse generic3.GJY Which doesn't mean a lot to me. It can't be good, but is it bad? What is it about? So...anybody knows what's up with all this crazy stuff! [edit] [Link removed - Ard] This is one of the websites my computer takes me too when I click the warning message in the bottom right of the screen. [edit2] This is one of the messages: Which brings me to this website: [Link removed - Ard] [edit3] I just got this one , out of the blue. Signature by Maurice SendakWhen the stars make you drool just like a pasta fazool, that's amore! Link to comment Share on other sites More sharing options...
Mercifull Posted March 8, 2007 Share Posted March 8, 2007 Its not a real virus its just a rogue company trying to get u to buy their own antispyware. do the usual ad-aware and spybot scans and then post a hijackthis log. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
coltm4carbine Posted March 8, 2007 Share Posted March 8, 2007 Dude, can you remove the link in your post please? Or at least block it to Hxxp. Although it doesn't work anymore but still, just incase someone clicks on it and something does happen to their computer. You have smitfruad. It displays fake pop-ups and stuff saying you've got crap on your pc. If it isn't good then it's bad. damn..Tip.it has blocked the link to the removal tool. Do what Mercifull said and then I'll see what I can do, if I need to do anymore. Link to comment Share on other sites More sharing options...
How2PK Posted March 9, 2007 Author Share Posted March 9, 2007 Oh, sorry for the links. I though I'd give as much information as I had. Sorry again. This is the hijack log file... Logfile of HijackThis v1.99.1 Scan saved at 12:18:39, on 9-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\csrss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\System32\Ati2evxx[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\wdfmgr[Caution: ExecutableFile] C:\WINNT\System32\alg[Caution: ExecutableFile] C:\WINNT\system32\wuauclt[Caution: ExecutableFile] C:\WINNT\System32\wbem\wmiprvse[Caution: ExecutableFile] C:\PROGRA~1\MOZILL~1\FIREFOX[Caution: ExecutableFile] C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile] C:\DOCUME~1\COPPIE~1\LOCALS~1\Temp\Rar$EX00.406\HijackThis[Caution: ExecutableFile] O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx[Caution: ExecutableFile] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] I did one earlier and 'fixed' all the stuff, then restarted my computer, and now all kind of stuff looks different. :) I don't have those annoying things like msn, skype, google talk etc. that automatically start up! Oh, and a long time ago. I did this thing that I couldn't see any folders and icpons on my desktop anymore, I'd like to have them back. How can I do this, I forgot how I removed them in the first place. :oops: Signature by Maurice SendakWhen the stars make you drool just like a pasta fazool, that's amore! Link to comment Share on other sites More sharing options...
Mercifull Posted March 9, 2007 Share Posted March 9, 2007 You ticked to "fix" EVERYTHING that showed up? >.< !!!!!! Use a backup immediatly to put everyhitng you fixed in Hijackthis and restart. Then post a new log and wait until you are told what to fix. Most of the stuff that shows up in the log is harmless and/or NEEDED. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
How2PK Posted March 9, 2007 Author Share Posted March 9, 2007 How do I use a backup? Is that like the thing that you go back a few days. How can I find that again? Signature by Maurice SendakWhen the stars make you drool just like a pasta fazool, that's amore! Link to comment Share on other sites More sharing options...
How2PK Posted March 9, 2007 Author Share Posted March 9, 2007 Okay, I found out how to do that, and I took another shot.. Logfile of HijackThis v1.99.1 Scan saved at 12:51:49, on 9-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\System32\Ati2evxx[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile] C:\WINNT\System32\CTsvcCDA[Caution: ExecutableFile] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\Program Files\Video Access ActiveX Object\isamntr[Caution: ExecutableFile] C:\Program Files\Video Access ActiveX Object\pmsnrr[Caution: ExecutableFile] C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx[Caution: ExecutableFile] C:\WINNT\system32\CTHELPER[Caution: ExecutableFile] C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgcc[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_09\bin\jusched[Caution: ExecutableFile] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\WINNT\system32\ctfmon[Caution: ExecutableFile] C:\Program Files\Skype\Phone\Skype[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile] C:\Program Files\E-Color\Common\IconMgr[Caution: ExecutableFile] C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile] C:\Program Files\E-Color\E-Color Indicator\TICIcon[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\Program Files\Video Access ActiveX Object\pmmnt[Caution: ExecutableFile] C:\Program Files\Video Access ActiveX Object\isamini[Caution: ExecutableFile] C:\WINNT\system32\wuauclt[Caution: ExecutableFile] C:\PROGRA~1\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile] C:\DOCUME~1\COPPIE~1\LOCALS~1\Temp\Rar$EX00.516\HijackThis[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ochnhfwxbxawxfxmzezkdhz.com/ ... PN8ji.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.tip.it/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1D4DDF1B-0A7A-57BC-4E20-D180E936BBC4} - C:\DOCUME~1\COPPIE~1\APPLIC~1\SUPPOR~1\2 ooze[Caution: ExecutableFile] (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [Hercules 3DTweaker 3.0] C:\Program Files\Hercules\Video\Hercules 3DTweaker 3.0\H3dTweaker[Caution: ExecutableFile] -hide O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER[Caution: ExecutableFile] O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg[Caution: ExecutableFile] O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet[Caution: ExecutableFile]" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl[Caution: ExecutableFile] /run O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [eMusicClient] C:\Documents and Settings\coppieters\Bureaublad\downloads music\winamp\eMusic\eMusicClient[Caution: ExecutableFile] O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] -minimize O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched[Caution: ExecutableFile]" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINNT\system32\ctfmon[Caution: ExecutableFile] O4 - HKCU\..\Run: [smartBarXP] D:\aa\SmartBarXP BETA4.9\SmartBarXP[Caution: ExecutableFile] O4 - HKCU\..\Run: [Multi Browse] C:\DOCUME~1\COPPIE~1\APPLIC~1\INTERP~1\Move 64 Fork[Caution: ExecutableFile] O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype[Caution: ExecutableFile]" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile]" /autostart O4 - HKCU\..\Run: [kdx] C:\WINNT\kdx\KHost[Caution: ExecutableFile] O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule[Caution: ExecutableFile] -AutoStart O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean[Caution: ExecutableFile]" -startminimize O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] -trayboot O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile] O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD[Caution: ExecutableFile] O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing) O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.60/Java/cfsn31235.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinkt ... adCtrl.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab O18 - Filter: text/html - {C2267301-B002-4EA1-8323-25EB7CA5738A} - C:\Documents and Settings\coppieters\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx[Caution: ExecutableFile] O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag[Caution: ExecutableFile] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile] O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] This better? :) Signature by Maurice SendakWhen the stars make you drool just like a pasta fazool, that's amore! Link to comment Share on other sites More sharing options...
Mercifull Posted March 9, 2007 Share Posted March 9, 2007 Phew Daan ^_^ Firstly save Highjackthis to somewhere on your c drive, don't run it from within the RAR file. Ctrol ald delete to end the following processes. C:\Program Files\Video Access ActiveX Object\isamntr[Caution: ExecutableFile] C:\Program Files\Video Access ActiveX Object\isamini[Caution: ExecutableFile] C:\Program Files\Video Access ActiveX Object\pmmnt[Caution: ExecutableFile] C:\Program Files\Video Access ActiveX Object\pmsnrr[Caution: ExecutableFile] and then delete them from your computer via Explorer or something. Video Access ActiveX is a fake Windows Media Codec thats got inbuilt adware and junk. Tick to "fix" the following. O2 - BHO: (no name) - {1D4DDF1B-0A7A-57BC-4E20-D180E936BBC4} - C:\DOCUME~1\COPPIE~1\APPLIC~1\SUPPOR~1\2 ooze[Caution: ExecutableFile] (file missing) O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll O4 - HKCU\..\Run: [Multi Browse] C:\DOCUME~1\COPPIE~1\APPLIC~1\INTERP~1\Move 64 Fork[Caution: ExecutableFile] O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker[Caution: ExecutableFile] (file missing) only if you dont play partypoker, otherwise leave it O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840.....scan53.cab Run http://siri.urz.free.fr/Fix/SmitfraudFix.zip restart and post a new log and let me know if bad stuff is still showing up Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
How2PK Posted March 9, 2007 Author Share Posted March 9, 2007 When I go to Ctrl. Alt. Del. and then processes and I end the ones called: ssamntr[Caution: ExecutableFile] isamini[Caution: ExecutableFile] pmmnt[Caution: ExecutableFile] pmsnrr[Caution: ExecutableFile] they keep comming back. I don't get it. Logfile of HijackThis v1.99.1 Scan saved at 14:17:11, on 9-3-2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss[Caution: ExecutableFile] C:\WINNT\system32\winlogon[Caution: ExecutableFile] C:\WINNT\system32\services[Caution: ExecutableFile] C:\WINNT\system32\lsass[Caution: ExecutableFile] C:\WINNT\System32\Ati2evxx[Caution: ExecutableFile] C:\WINNT\system32\svchost[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\WINNT\system32\spoolsv[Caution: ExecutableFile] C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile] C:\WINNT\Explorer[Caution: ExecutableFile] C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx[Caution: ExecutableFile] C:\WINNT\system32\CTHELPER[Caution: ExecutableFile] C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgcc[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_09\bin\jusched[Caution: ExecutableFile] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile] C:\Program Files\QuickTime\qttask[Caution: ExecutableFile] C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile] C:\WINNT\system32\ctfmon[Caution: ExecutableFile] C:\Program Files\Skype\Phone\Skype[Caution: ExecutableFile] C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile] C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile] C:\Program Files\E-Color\Common\IconMgr[Caution: ExecutableFile] C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile] C:\Program Files\E-Color\E-Color Indicator\TICIcon[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile] C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile] C:\WINNT\System32\CTsvcCDA[Caution: ExecutableFile] C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm[Caution: ExecutableFile] C:\WINNT\System32\svchost[Caution: ExecutableFile] C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] C:\WINNT\system32\wuauclt[Caution: ExecutableFile] C:\PROGRA~1\Mozilla Firefox\firefox[Caution: ExecutableFile] C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile] C:\DOCUME~1\COPPIE~1\LOCALS~1\Temp\Rar$EX00.938\HijackThis[Caution: ExecutableFile] C:\Program Files\Java\jre1.5.0_09\bin\jucheck[Caution: ExecutableFile] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ochnhfwxbxawxfxmzezkdhz.com/ ... PN8ji.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.tip.it/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing) O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync[Caution: ExecutableFile] /logon O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI-configuratiescherm\atiptaxx[Caution: ExecutableFile] O4 - HKLM\..\Run: [Hercules 3DTweaker 3.0] C:\Program Files\Hercules\Video\Hercules 3DTweaker 3.0\H3dTweaker[Caution: ExecutableFile] -hide O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER[Caution: ExecutableFile] O4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg[Caution: ExecutableFile] O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet[Caution: ExecutableFile]" O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl[Caution: ExecutableFile] /run O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck[Caution: ExecutableFile] O4 - HKLM\..\Run: [eMusicClient] C:\Documents and Settings\coppieters\Bureaublad\downloads music\winamp\eMusic\eMusicClient[Caution: ExecutableFile] O4 - HKLM\..\Run: [iCQ Lite] C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] -minimize O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc[Caution: ExecutableFile] /STARTUP O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched[Caution: ExecutableFile]" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa[Caution: ExecutableFile] O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot O4 - HKCU\..\Run: [CTFMON[Caution: ExecutableFile]] C:\WINNT\system32\ctfmon[Caution: ExecutableFile] O4 - HKCU\..\Run: [smartBarXP] D:\aa\SmartBarXP BETA4.9\SmartBarXP[Caution: ExecutableFile] O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype[Caution: ExecutableFile]" /nosplash /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk[Caution: ExecutableFile]" /autostart O4 - HKCU\..\Run: [kdx] C:\WINNT\kdx\KHost[Caution: ExecutableFile] O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule[Caution: ExecutableFile] -AutoStart O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean[Caution: ExecutableFile]" -startminimize O4 - HKCU\..\RunOnce: [iCQ Lite] C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] -trayboot O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\Caere\OmniPagePro90\EREG\REMIND32[Caution: ExecutableFile] O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD[Caution: ExecutableFile] O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr[Caution: ExecutableFile] O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile] O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite[Caution: ExecutableFile] O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs[Caution: ExecutableFile] O16 - DPF: ChatSpace Full Java Client 3.1.0.235N - http://205.177.13.60/Java/cfsn31235.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} (BTDownloadCtrl Control) - http://www.shockwave.com/content/thinkt ... adCtrl.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab O18 - Filter: text/html - {C2267301-B002-4EA1-8323-25EB7CA5738A} - C:\Documents and Settings\coppieters\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx[Caution: ExecutableFile] O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag[Caution: ExecutableFile] O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr[Caution: ExecutableFile] O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc[Caution: ExecutableFile] O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc[Caution: ExecutableFile] O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA[Caution: ExecutableFile] O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile] O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile] This is the new log file. Signature by Maurice SendakWhen the stars make you drool just like a pasta fazool, that's amore! Link to comment Share on other sites More sharing options...
Mercifull Posted March 9, 2007 Share Posted March 9, 2007 grr how annoying. try fixing the hjt stuff and running the smitfraud fix Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
How2PK Posted March 9, 2007 Author Share Posted March 9, 2007 I fixed the Hjt stuff on the previous log already, but they're still in there. Really weird. What's smitfraud? Signature by Maurice SendakWhen the stars make you drool just like a pasta fazool, that's amore! Link to comment Share on other sites More sharing options...
Mercifull Posted March 9, 2007 Share Posted March 9, 2007 Just the name given to this particular malware. Mercifull <3 Suzi "We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12 Link to comment Share on other sites More sharing options...
JoeDaStudd Posted March 9, 2007 Share Posted March 9, 2007 Ok, first up don't ever click a balloon like that which pops, unless its definitely from you AV. Second every time you click that link the virus recreates its self. Thats why you should always do the first thing I said. Reboot your PC and start it in safe mode. Run the AVG virus scanner. Now if it will allow you in safe mode, run ad-aware and spybot search and destroy. Reboot, but allow windows to load normally. I would personally run CCleaner now to get rid of any temp internet files in case its finding itself in on of those. If it pops up again go to google and search "networm-i.virus@fp" this will come up with other peoples fixes for any remaining trouble. [hide=Drops]Dragon Axe x11Berserker Ring x9Warrior Ring x8SeercullDragon MedDragon Boots x4 - all less then 30 kcGodsword Shard (bandos)Granite Maul x 3Solo only - doesn't include barrows[/hide][hide=Stats][/hide] Link to comment Share on other sites More sharing options...
coltm4carbine Posted March 9, 2007 Share Posted March 9, 2007 Oh god... please tell me that everything.... The last time I saw someone fixing everything with HJT I told them to format. LOl... Do NOT fix ANYTHING wiht HJT unless your told to. It'll break your computer. Move hijackthis onto your desktop and make a new log and post it here. Do NOT fix ANYTHING. P.S You also have lop that needs to be dealt with.. :wink: ============ Here's the fix for smitfraud (redownload it. The .ZIP version is an old version. New one is an Exe. You'll need safemode and to do a log before you fix anything, since it might break their computer... :-w download http://siri.urz.free.fr/Fix/SmitfraudFix[Caution: ExecutableFile] (by S!Ri) to your Desktop. (Change the "[Caution]" to . exe) Double-click SmitfraudFix[Caution: ExecutableFile] Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. **If the tool fails to launch from the Desktop, please move SmitfraudFix[Caution: ExecutableFile] directly to the root of the system drive (usually C:), and launch from there. Note : process[Caution: ExecutableFile] is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm I've just read the post above. Do NOT run ccleaner. Not yet. You'll destroy your computer. Link to comment Share on other sites More sharing options...
Doomster Posted March 9, 2007 Share Posted March 9, 2007 In Hijackthis, "FIX" generally equates to "Destroy this item", and HJT shows a mix of legitimate and illegitimate items in "high risk" areas. Self-repair is a problem with many malwares. Some other bad items in that report would seem to be: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ochnhfwxbxawxfxmzez.....PN8ji.html O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll (file missing) Link to comment Share on other sites More sharing options...
nulled Posted March 15, 2007 Share Posted March 15, 2007 Virus exe is running on your computer my friend had same kind of program. Usually they are in your file named common files or something first find files what look strange try to delete if it says cannot delete you need to shutdown exe and delete files. ctrl + alt + del and right click exe and shutdown it Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now