|
| |||||||
 |
 |
| | Thread Tools |
|
#22
4th Sep 2007, 08:38
| |||
| |||
| Now please download F-Secure's BlacklightBeta Download fsbl.exe and save it to the Desktop. Once saved... double click fsbl.exe to install the program. Click accept agreement and Click scan This application may trigger a warning from your antivirus. Let the driver load. Wait for it to finish. If it displays any items...don't do anything with them yet. Just hit exit (close) It will drop a log on Desktop that starts with fsbl....big number Please attach the BlackLight log. Also attach a fresh HijackThis log.
__________________  |
|
#23
4th Sep 2007, 14:45
| |||
| |||
| fsbl log: 09/04/07 22:17:06 [Info]: BlackLight Engine 1.0.64 initialized 09/04/07 22:17:06 [Info]: OS: 5.1 build 2600 (Service Pack 2) 09/04/07 22:17:06 [Note]: 7019 4 09/04/07 22:17:06 [Note]: 7005 0 09/04/07 22:17:30 [Note]: 7006 0 09/04/07 22:17:30 [Note]: 7011 1420 09/04/07 22:17:30 [Note]: 7026 0 09/04/07 22:17:30 [Note]: 7026 0 09/04/07 22:17:30 [Note]: 7024 3 09/04/07 22:17:30 [Info]: Hidden process: C:\windows\system32\irtffczgjb.exe 09/04/07 22:17:38 [Note]: FSRAW library version 1.7.1022 09/04/07 22:29:58 [Info]: Hidden file: c:\WINDOWS\system32\irtffczgjb.dat 09/04/07 22:29:58 [Note]: 10002 1 09/04/07 22:29:58 [Info]: Hidden file: C:\windows\system32\irtffczgjb.exe 09/04/07 22:29:58 [Note]: 10002 1 09/04/07 22:29:58 [Info]: Hidden file: c:\WINDOWS\system32\irtffczgjb_nav.dat 09/04/07 22:29:58 [Note]: 10002 1 09/04/07 22:29:58 [Info]: Hidden file: c:\WINDOWS\system32\irtffczgjb_navps.dat 09/04/07 22:29:58 [Note]: 10002 1 09/04/07 22:43:42 [Note]: 7007 0 Hijack this log: Logfile of HijackThis v1.99.1 Scan saved at 22:45, on 2007-09-04 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\MXOALDR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\utility.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\VMware\VMware Server\vmware-authd.exe C:\Program Files\VMware\VMware Server\vmserverdWin32.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Program Installations\Anti-Virus\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "C:\Program Files\Mediafour\MacDrive 7\MacDrive.exe" O4 - HKLM\..\Run: [MDGetStarted.exe] "C:\Program Files\Mediafour\MacDrive 7\MDGetStarted.exe" /auto O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Belkin 802.11g Wireless PCI Card Configuration Utility.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - http://a516.g.akamai.net/f/516/25175...at-no-eula.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MacDriveService - Mediafour Corporation - C:\Program Files\Mediafour\MacDrive 7\MacDriveService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe |
|
#24
4th Sep 2007, 16:15
| |||
| |||
| PLEASE READ ALL OF THESE INSTRUCTIONS FIRST BEFORE DOING ANYTHING. Ask any questions that you may have before starting. You may want print out these instructions as you will not be able to see this page in safe mode. Please reboot your computer in Safe Mode by tapping the F8 key just before Windows starts to load and selecting Safe Mode. If you are having trouble starting the computer into Safe Mode : Starting your computer in Safe mode Open the SmitfraudFix Folder on your Desktop, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. BUT Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Now reboot into normal mode and attach this new rapport.txt log here. WARNING Running this option on a non infected computer will remove the desktop background. So only run it once! Tell me how things are working now. Post a new Hijack This log.
__________________ |
|
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| New Case Build (Includes Pics) | mrberty | Cases & Power Supplies | 4 | 30th Sep 2009 13:13 |
| Removing iexplore.exe virus / hijack log | xalice15x | Virus, Spyware & Security | 16 | 12th Nov 2008 19:43 |
| IEXPLORER.EXE virus pls review HiJack log | nitingaur | Virus, Spyware & Security | 15 | 22nd Sep 2008 16:40 |
| Cant switch off popup blocker | Kachina | Virus, Spyware & Security | 3 | 3rd Nov 2007 08:25 |
| Popup download link on startup | sirts888 | Virus, Spyware & Security | 1 | 23rd Sep 2007 06:50 |
| Thread Tools | |
| |
