Options
Bestfriend
So somehow someone got the bestfriend virus onto the family computer, if anyone can help by letting me what to get rid of i would greatly appreciate it. Anything else u see that u know is also bad you can tell me about to since I am by no means a computer wiz would also be great. here is the hijack log.
Logfile of HijackThis v1.99.0
Scan saved at 10:49:48 AM, on 1/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\System32\LRYOOYGB.EXE
E:\PROGRA~1\Grisoft\AVG6\avgserv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\shadeT\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Grisoft\AVG6\avgw.exe
E:\WINDOWS\system32\d3df.exe
E:\WINDOWS\atldb32.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\shadeT\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.124.191.28:80
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B30F33D-4323-2428-D014-8BE0A8C8C8ED} - E:\WINDOWS\appam32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ViewMgr] E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tibs3] E:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [KAZAA] E:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Windows Logon Procedure] LRYOOYGB.EXE
O4 - HKLM\..\Run: [308.tmp] E:\DOCUME~1\shadeT\LOCALS~1\Temp\308.tmp.exe 0 28129
O4 - HKLM\..\Run: [atldb32.exe] E:\WINDOWS\atldb32.exe
O4 - HKLM\..\RunOnce: [AAW] "E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] E:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Windows Logon Procedure] LRYOOYGB.EXE
O4 - Startup: iMesh.lnk = E:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Global Startup: GStartup.lnk = E:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - E:\Program Files\0CAT YellowPages\STIEbar.dll (file missing)
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - E:\Program Files\0CAT YellowPages\STIEbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .mpeg: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.160.98/affiliates/acc0000/client/acc0000.chm::/acc0000.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2349a6da2aeaed9bc905/netzip/RdxIE601.cab
O16 - DPF: {563ED66E-531B-51D2-5DB0-5080C83DA4EE} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/xsext01.chm::/MegaInstaller.exe
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AVG6 Service - GRISOFT s.r.o - E:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ZESOFT - Unknown - E:\WINDOWS\zeta.exe (file missing)
O23 - Service: Workstation NetLogon Service - Unknown - E:\WINDOWS\system32\d3df.exe
Logfile of HijackThis v1.99.0
Scan saved at 10:49:48 AM, on 1/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\WINDOWS\System32\LRYOOYGB.EXE
E:\PROGRA~1\Grisoft\AVG6\avgserv.exe
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\shadeT\LOCALS~1\Temp\Rar$EX00.578\HijackThis.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
E:\WINDOWS\explorer.exe
E:\Program Files\Grisoft\AVG6\avgw.exe
E:\WINDOWS\system32\d3df.exe
E:\WINDOWS\atldb32.exe
E:\PROGRA~1\MOZILL~1\FIREFOX.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\shadeT\LOCALS~1\Temp\Rar$EX00.250\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.isearch.com/index.php?app=SE&affjump=1&affiliate=ODQ6NTo5&Terms=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\anjzc.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 164.124.191.28:80
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {7B30F33D-4323-2428-D014-8BE0A8C8C8ED} - E:\WINDOWS\appam32.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ViewMgr] E:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [AVG_CC] E:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tibs3] E:\WINDOWS\System32\tibs3.exe
O4 - HKLM\..\Run: [KAZAA] E:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Windows Logon Procedure] LRYOOYGB.EXE
O4 - HKLM\..\Run: [308.tmp] E:\DOCUME~1\shadeT\LOCALS~1\Temp\308.tmp.exe 0 28129
O4 - HKLM\..\Run: [atldb32.exe] E:\WINDOWS\atldb32.exe
O4 - HKLM\..\RunOnce: [AAW] "E:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [AIM] E:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] E:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [Windows Logon Procedure] LRYOOYGB.EXE
O4 - Startup: iMesh.lnk = E:\Program Files\iMesh\Client\iMeshClient.exe
O4 - Global Startup: GStartup.lnk = E:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = E:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O9 - Extra button: My button - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - E:\Program Files\0CAT YellowPages\STIEbar.dll (file missing)
O9 - Extra 'Tools' menuitem: My menu - {47FE5D70-9AA2-40F1-9C6B-12A255F085EA} - E:\Program Files\0CAT YellowPages\STIEbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - E:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .mpeg: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: E:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.50.160.98/affiliates/acc0000/client/acc0000.chm::/acc0000.exe
O16 - DPF: {1C78AB3F-A857-482E-80C0-3A1E5238A565} - http://toolbar.isearch.com/general/drm.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/2349a6da2aeaed9bc905/netzip/RdxIE601.cab
O16 - DPF: {563ED66E-531B-51D2-5DB0-5080C83DA4EE} - ms-its:mhtml:file://C:ie.mht!http://69.50.164.12/exp/mht/xsext01.chm::/MegaInstaller.exe
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: AVG6 Service - GRISOFT s.r.o - E:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - E:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ZESOFT - Unknown - E:\WINDOWS\zeta.exe (file missing)
O23 - Service: Workstation NetLogon Service - Unknown - E:\WINDOWS\system32\d3df.exe
0