Sign in to follow this  
theitalianrob

please help, adaware wont remove, possable virus. HJT log included.

Recommended Posts

Hey I have a problem with my comp that is really pissing me off. Whenever I Have a program running about every minute and a half I hear this clicking noise and either the program minimizes or it just becomes deselected. My virus scans and spybots and stuff don’t pick anything up that stops this so im wondering if anyone can help,i ran these programs, adware, spybot s&d, ewido, spyware begone, tweeknow regcleaner, ccleaner, AVG virus scan and windows defender. ill post up my hijackthis log.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:54:27 AM, on 7/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Wintab32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ZPOINT32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...&ar=msnhome

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...&ar=msnhome

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [asebsa] C:\WINDOWS\system32\bcajsc.exe reg_run

O4 - HKLM\..\Run: [larb7f8c] RUNDLL32.EXE w93c08fe.dll,n 001b7f8b0000000393c08fe

O4 - HKLM\..\Run: [w93c4730.dll] RUNDLL32.EXE w93c4730.dll,I2 001b7f8b093c4730

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad

O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [wplct] C:\WINDOWS\system32\bcajsc.exe reg_run

O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"

O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152728869343

O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g22601953.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: NexTab (Wintab32) - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Share this post


Link to post
Share on other sites

1. Download this file - combofix.exe

2. Double click combofix.exe & follow the prompts.

3. When finished, it shall produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Share this post


Link to post
Share on other sites

ok, here it is, combofix log.

 

Start Time= Fri 07/28/2006 9:03:06.14

Running from: C:\Documents and Settings\admin\Desktop

 

QuickScan did not find any signs of infected files

 

((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

 

23:55:23.57

 

* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

2006-07-11 16:20:38 2 "C:\WINDOWS\system32\wtscc.exe"

2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"

2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"

2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"

2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"

2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"

2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"

2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"

2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"

2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"

2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"

2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"

2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"

2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"

2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"

2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"

2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"

2006-06-22 06:47:18 181,248 "C:\WINDOWS\system32\rasmans.dll"

2006-04-29 15:01:52 17,408 "C:\WINDOWS\system32\shctxex.dll"

2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"

2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"

2006-07-11 16:16:38 8,464 "C:\WINDOWS\system32\sporder.dll"

2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"

2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"

2006-06-29 16:52:34 569,396 "C:\WINDOWS\system32\pmnlj.dll"

2006-07-11 10:13:08 278,528 "C:\WINDOWS\system32\pncrt.dll"

2006-07-12 14:01:58 421 "C:\WINDOWS\ywgqj.dll"

2006-07-11 16:17:02 53 "C:\WINDOWS\bpwocp.dat"

2006-05-23 18:44:06 3,065 "C:\WINDOWS\mozver.dat"

 

 

* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

07/11/2006 04:17 PM 53 bpwocp.dat.vir

 

 

DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO

 

 

* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"

2006-07-11 16:20:38 2 "C:\WINDOWS\system32\wtscc.exe"

2006-05-10 01:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"

2006-05-10 01:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"

2006-05-10 01:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"

2006-05-10 01:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"

2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"

2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"

2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"

2006-05-10 01:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"

2006-05-10 01:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"

2006-06-22 06:47:18 181,248 "C:\WINDOWS\system32\rasmans.dll"

2006-04-29 15:01:52 17,408 "C:\WINDOWS\system32\shctxex.dll"

2006-05-29 11:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"

2006-05-10 01:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"

2006-07-11 16:16:38 8,464 "C:\WINDOWS\system32\sporder.dll"

2006-05-10 01:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"

2006-05-19 08:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"

2006-05-10 01:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"

2006-05-10 01:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"

2006-05-19 11:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"

2006-05-10 01:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"

2006-05-10 01:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"

2006-05-10 01:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"

2006-06-29 16:52:34 569,396 "C:\WINDOWS\system32\pmnlj.dll"

2006-07-11 10:13:08 278,528 "C:\WINDOWS\system32\pncrt.dll"

2006-07-12 14:01:58 421 "C:\WINDOWS\ywgqj.dll"

2006-05-23 18:44:06 3,065 "C:\WINDOWS\mozver.dat"

 

 

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

2006-07-27 23:56:08 1217 ( A.SH. ) "C:\WINDOWS\system32\mmf.sys"

2006-07-27 23:56:08 1217 ( A.SH. ) "C:\WINDOWS\system32\mmf.sys"

2006-07-27 22:38:06 3350 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"

2006-07-27 22:38:06 3350 ( A.SH. ) "C:\WINDOWS\system32\KGyGaAvL.sys"

2006-07-24 10:31:34 ( .D... ) "C:\Program Files\Infogrames Interactive"

2006-07-15 22:22:56 ( .D... ) "C:\Program Files\MSXML 4.0"

2006-07-15 22:22:28 ( .D... ) "C:\Program Files\Microsoft Games"

2006-07-15 16:47:18 ( .D... ) "C:\Program Files\WUSB11 WLAN Monitor"

2006-07-14 17:59:18 ( .D... ) "C:\Documents and Settings\admin\Application Data\Azureus"

2006-07-14 17:59:00 ( .D... ) "C:\Program Files\Azureus"

2006-07-14 17:02:38 ( .D... ) "C:\Program Files\LimeWire"

2006-07-14 16:40:56 ( .D... ) "C:\Program Files\Boilsoft AVI Converter"

2006-07-14 16:21:28 ( .D... ) "C:\Program Files\Cucusoft"

2006-07-14 16:08:06 ( .D... ) "C:\Program Files\WinMPG VideoConvert"

2006-07-14 15:34:16 ( .D... ) "C:\Program Files\Cheetah Burner"

2006-07-14 10:38:34 152 ( ..SHR ) "C:\WINDOWS\system32\DBAC6DC1A3.sys"

2006-07-14 10:38:34 152 ( ..SHR ) "C:\WINDOWS\system32\DBAC6DC1A3.sys"

2006-07-13 23:56:02 ( .D... ) "C:\Program Files\DivX"

2006-07-13 23:55:42 ( .D... ) "C:\Program Files\Google"

2006-07-12 15:08:26 ( .D... ) "C:\Program Files\Windows Defender"

2006-07-12 14:22:44 724992 ( A.... ) "C:\WINDOWS\iun6002.exe"

2006-07-12 14:16:04 ( .D... ) "C:\Program Files\CCleaner"

2006-07-12 14:14:02 ( .D... ) "C:\Program Files\TweakNow RegCleaner Std"

2006-07-12 14:12:14 ( .D... ) "C:\Documents and Settings\admin\Application Data\AVG7"

2006-07-12 14:11:56 ( .D... ) "C:\Program Files\Grisoft"

2006-07-12 14:01:58 421 ( A.... ) "C:\WINDOWS\ywgqj.dll"

2006-07-12 12:27:42 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"

2006-07-12 12:27:36 1063 ( A.... ) "C:\WINDOWS\system32\larb7f8c.sys"

2006-07-12 12:27:36 1063 ( A.... ) "C:\WINDOWS\system32\larb7f8c.sys"

2006-07-12 10:20:50 248 ( A.... ) "C:\WINDOWS\system32\n.bat"

2006-07-11 23:45:18 ( .D... ) "C:\Documents and Settings\admin\Application Data\Lavasoft"

2006-07-11 23:45:06 ( .D... ) "C:\Program Files\Lavasoft"

2006-07-11 23:36:12 ( .D... ) "C:\Program Files\Common Files\partypoker"

2006-07-11 16:20:38 2 ( A.... ) "C:\WINDOWS\system32\wtscc.exe"

2006-07-11 16:20:22 ( .D... ) "C:\Program Files\Batty"

2006-07-11 16:19:42 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"

2006-07-11 16:17:16 0 ( A.... ) "C:\Documents and Settings\admin\Application Data\internaldb41.dat"

2006-07-11 16:17:10 32976 ( A.... ) "C:\WINDOWS\system32\uninstIcn.exe"

2006-07-11 16:17:04 184829 ( A.... ) "C:\WINDOWS\srvczaoupm.exe"

2006-07-11 16:17:02 235134 ( A.... ) "C:\WINDOWS\srvveedjnb.exe"

2006-07-11 16:16:38 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"

2006-07-11 16:16:26 ( .D... ) "C:\Program Files\Common Files\miow"

2006-07-11 16:16:18 0 ( A.... ) "C:\WINDOWS\sys0308919365-182006.exe"

2006-07-11 16:14:58 ( .D... ) "C:\Program Files\Common Files\{942E14BB-09DF-1033-0103-060416200001}"

2006-07-11 16:14:42 0 ( A.... ) "C:\WINDOWS\system32\taskkill.exe"

2006-07-11 10:13:22 ( .D... ) "C:\Program Files\Common Files\xing shared"

2006-07-11 10:13:16 176167 ( A.... ) "C:\WINDOWS\system32\rmoc3260.dll"

2006-07-11 10:13:10 6656 ( A.... ) "C:\WINDOWS\system32\pndx5016.dll"

2006-07-11 10:13:10 5632 ( A.... ) "C:\WINDOWS\system32\pndx5032.dll"

2006-07-11 10:13:08 278528 ( A.... ) "C:\WINDOWS\system32\pncrt.dll"

2006-07-11 10:12:42 ( .D... ) "C:\Documents and Settings\admin\Application Data\Real"

2006-07-10 23:58:26 ( .D... ) "C:\Program Files\BitComet"

2006-07-05 08:08:02 92672 ( A.... ) "C:\WINDOWS\system32\clci.exe"

2006-07-04 19:36:02 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"

2006-06-29 16:52:34 569396 ( A.SH. ) "C:\WINDOWS\system32\pmnlj.dll"

2006-06-29 10:50:40 ( .D... ) "C:\Program Files\Roguescanfix"

2006-06-29 10:42:44 0 ( A.... ) "C:\WINDOWS\compstuic.dll"

2006-06-29 10:07:36 61440 ( A.... ) "C:\WINDOWS\system32\BattyRun.dll"

2006-06-20 20:24:10 ( .D... ) "C:\Program Files\ætorrent"

2006-06-20 20:24:10 ( .D... ) "C:\Documents and Settings\admin\Application Data\uTorrent"

2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"

2006-06-17 21:08:22 ( .D... ) "C:\Documents and Settings\admin\Application Data\Help"

2006-06-11 21:39:04 ( .D... ) "C:\Documents and Settings\admin\Application Data\Ahead"

2006-06-11 21:37:56 ( .D... ) "C:\Program Files\Common Files\Ahead"

2006-06-11 21:15:38 ( .D... ) "C:\Documents and Settings\admin\Application Data\DeepBurner"

2006-06-11 20:05:14 ( .D... ) "C:\Program Files\DVD Shrink"

2006-06-07 16:30:10 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"

2006-05-31 20:10:44 ( .D... ) "C:\Documents and Settings\admin\Application Data\AdobeUM"

2006-05-31 20:07:56 ( .D... ) "C:\Documents and Settings\admin\Application Data\Adobe"

2006-05-31 20:07:54 ( .D... ) "C:\Program Files\Common Files\Adobe"

2006-05-31 18:20:16 48640 ( A.... ) "C:\WINDOWS\mmfs.dll"

2006-05-31 18:20:16 2560 ( A.... ) "C:\WINDOWS\Runservice.exe"

2006-05-31 18:18:36 ( .D... ) "C:\Program Files\Sports Interactive"

2006-05-30 20:15:52 ( .D... ) "C:\Program Files\Easy Graphic Converter"

2006-05-20 08:32:40 61678 ( A.... ) "C:\Documents and Settings\admin\Application Data\PFP120JPR.{PB"

2006-05-20 08:32:40 12358 ( A.... ) "C:\Documents and Settings\admin\Application Data\PFP120JCM.{PB"

2006-05-19 08:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"

2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"

2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"

2006-05-17 02:20:56 17 ( A.... ) "C:\Program Files\d.bat"

2006-05-13 12:52:06 49152 ( A.... ) "C:\WINDOWS\setpwrcg.exe"

2006-04-29 15:01:52 17408 ( A.... ) "C:\WINDOWS\system32\shctxex.dll"

 

 

(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))

 

 

2006-07-26 22:54 1,071,697,920 C:\hiberfil.sys

2006-07-16 19:25 61,440 C:\WINDOWS\system32\wintab32.dll

2006-07-16 19:25 28,992 C:\WINDOWS\system32\wintab.dll

2006-07-16 19:25 20,480 C:\WINDOWS\system32\zpoint32.exe

2006-07-16 19:25 122,880 C:\WINDOWS\system32\wintab32.exe

2006-07-15 16:27 40,960 C:\WINDOWS\system32\IsUser11b.dll

2006-07-14 16:21 395,776 C:\WINDOWS\system32\libmplayer.dll

2006-07-14 16:21 262,144 C:\WINDOWS\system32\TomsMoComp_ff.dll

2006-07-14 16:21 2,255,360 C:\WINDOWS\system32\libavcodec.dll

2006-07-14 16:21 112,640 C:\WINDOWS\system32\libmpeg2_ff.dll

2006-07-14 16:13 4,608 C:\WINDOWS\system32\W95INF32.DLL

2006-07-14 16:13 2,272 C:\WINDOWS\system32\W95INF16.DLL

2006-07-14 16:13 17,408 C:\WINDOWS\system32\shctxex.dll

2006-07-14 16:13 1,700,352 C:\WINDOWS\system32\GdiPlus.dll

2006-07-14 15:34 89,360 C:\WINDOWS\system32\VB5DB.DLL

2006-07-14 15:34 643,072 C:\WINDOWS\system32\DVDProX2.dll

2006-07-14 15:34 339,968 C:\WINDOWS\system32\MP3EncX.dll

2006-07-14 15:34 28,672 C:\WINDOWS\system32\SmartMenuXP.dll

2006-07-14 15:34 139,264 C:\WINDOWS\system32\voltoCDX.dll

2006-07-12 16:31 92,160 C:\WINDOWS\system32\fuusd.dll

2006-07-12 16:31 71,680 C:\WINDOWS\system32\fnfilter.dll

2006-07-12 14:22 724,992 C:\WINDOWS\iun6002.exe

2006-07-11 16:19 38,412 C:\WINDOWS\ssqbn.exe

2006-07-11 16:17 32,976 C:\WINDOWS\system32\uninstIcn.exe

2006-07-11 16:17 235,134 C:\WINDOWS\srvveedjnb.exe

2006-07-11 16:17 184,829 C:\WINDOWS\srvczaoupm.exe

2006-07-11 16:16 8,464 C:\WINDOWS\system32\sporder.dll

2006-07-11 16:16 421 C:\WINDOWS\ywgqj.dll

2006-07-11 16:16 1,063 C:\WINDOWS\system32\larb7f8c.sys

2006-07-11 16:16 0 C:\WINDOWS\sys0308919365-182006.exe

2006-07-11 16:15 248 C:\WINDOWS\system32\n.bat

2006-07-11 16:14 0 C:\WINDOWS\system32\taskkill.exe

2006-07-05 08:08 92,672 C:\WINDOWS\system32\clci.exe

2006-07-04 10:28 135,168 C:\WINDOWS\system32\igfxres.dll

2006-07-01 23:37 24,661 C:\WINDOWS\system32\spxcoins.dll

2006-07-01 23:37 13,312 C:\WINDOWS\system32\irclass.dll

2006-06-29 16:52 569,396 C:\WINDOWS\system32\pmnlj.dll

2006-06-29 10:42 0 C:\WINDOWS\compstuic.dll

2006-06-29 10:07 61,440 C:\WINDOWS\system32\BattyRun.dll

2006-06-28 10:26 2 C:\WINDOWS\system32\wtscc.exe

 

 

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

 

*Note* empty entries are not shown

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"

"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"

"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"

"Persistence"="C:\\WINDOWS\\system32\\igfxpers.exe"

"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""

"ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup"

"ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start"

"DLA"="C:\\WINDOWS\\System32\\DLA\\DLACTRLW.EXE"

"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"

"larb7f8c"="RUNDLL32.EXE w93c08fe.dll,n 001b7f8b0000000393c08fe"

"w93c4730.dll"="RUNDLL32.EXE w93c4730.dll,I2 001b7f8b093c4730"

"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

"Acecad.Wtxpload"="C:\\WINDOWS\\Acecad\\Wtxpload.exe Acecad"

"ZPOINT32"="C:\\WINDOWS\\system32\\ZPOINT32.exe"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"

"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

"PSHope"="\"C:\\Program Files\\PSHope\\PSHope.exe\""

"Spyware Begone"="\"C:\\spywarebegone\\SpywareBeGone.exe\" -FastScan"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoCDBurning"=dword:00000000

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]

"{942E14BB-09DF-1033-0103-060416200001}"="\"C:\\Program Files\\Common Files\\{942E14BB-09DF-1033-0103-060416200001}\\Update.exe\" mc-110-12-0000140"

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]

"DeskHtmlVersion"=dword:00000110

"DeskHtmlMinorVersion"=dword:00000005

"Settings"=dword:00000001

"GeneralFlags"=dword:00000001

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

"Source"="C:\\Program Files\\ComPlus Applications\\kyzexem.html"

"SubscribedURL"=""

"FriendlyName"=""

"Flags"=dword:00002000

"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\

03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00

"CurrentState"=hex:01,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\

00,00,01,00,00,00

"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\

00,00,00,00,00,00

 

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

"Flags"=dword:00000002

"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\

00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00

"CurrentState"=hex:04,00,00,40

"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\

ff,ff,04,00,00,00

"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\

00,00,01,00,00,00

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]

"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

 

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]

"NoDriveTypeAutoRun"=dword:00000091

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="aim"

"hkey"="HKCU"

"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="DMXLauncher"

"hkey"="HKLM"

"command"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MSKDetct"

"hkey"="HKLM"

"command"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="NeroCheck"

"hkey"="HKLM"

"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GhostTray"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\""

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="qttask"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

"inimapping"="0"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="RealPlay"

"hkey"="HKLM"

"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

"inimapping"="0"

 

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system

DisableRegistryTools REG_DWORD 0 (0x0)

DisableTaskMgr REG_DWORD 0 (0x0)

NoColorChoice REG_DWORD 0 (0x0)

NoSizeChoice REG_DWORD 0 (0x0)

NoDispScrSavPage REG_DWORD 0 (0x0)

NoDispCPL REG_DWORD 0 (0x0)

NoVisualStyleChoice REG_DWORD 0 (0x0)

NoDispSettingsPage REG_DWORD 0 (0x0)

 

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WinDefend

 

 

Contents of the 'Scheduled Tasks' folder

C:\WINDOWS\tasks\MP Scheduled Scan.job

 

Completion time: Fri 07/28/2006 9:03:45.57

ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 1:03:48 PM, on 7/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Wintab32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ZPOINT32.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [larb7f8c] RUNDLL32.EXE w93c08fe.dll,n 001b7f8b0000000393c08fe

O4 - HKLM\..\Run: [w93c4730.dll] RUNDLL32.EXE w93c4730.dll,I2 001b7f8b093c4730

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad

O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"

O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152728869343

O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g22601953.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: NexTab (Wintab32) - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Share this post


Link to post
Share on other sites

* First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

 

 

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* open hijackthis and put a check next to the following:

===================================================

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

O3 - Toolbar: (no name) - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - (no file)

O4 - HKLM\..\Run: [larb7f8c] RUNDLL32.EXE w93c08fe.dll,n 001b7f8b0000000393c08fe

O4 - HKLM\..\Run: [w93c4730.dll] RUNDLL32.EXE w93c4730.dll,I2 001b7f8b093c4730

O4 - HKCU\..\Run: [spyware Begone] "C:\spywarebegone\SpywareBeGone.exe" -FastScan

O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2405.exe

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g22601953.dll (file missing)

===================================================

* After you check the items, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis

 

* Delete following folder if it's present:

 

C:\spywarebegone

 

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Boot back into normal mode

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* Now, post a new hijackthis log here with the report from ewido

Share this post


Link to post
Share on other sites

ok, here are the logs.

 

Logfile of HijackThis v1.99.1

Scan saved at 11:51:06 PM, on 7/28/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Wintab32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ZPOINT32.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad

O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152728869343

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: NexTab (Wintab32) - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

 

 

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 11:46:51 PM 7/28/2006

 

+ Scan result:

 

 

 

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\3A4BVLK9\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\4RXZUAB1\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\4RXZUAB1\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\4RXZUAB1\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\4RXZUAB1\popup[4].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\4RXZUAB1\popup[5].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\GRCBWR25\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y9DYFEP0\popup[1].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y9DYFEP0\popup[2].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Local Settings\Temporary Internet Files\Content.IE5\Y9DYFEP0\popup[3].htm -> Hijacker.Agent.a : Cleaned with backup (quarantined).

:mozilla.17:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.18:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.19:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.202:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.21:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.22:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.23:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][2].txt -> TrackingCookie.Adtrak : Cleaned with backup (quarantined).

:mozilla.56:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.57:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.58:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.59:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.60:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.88:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

:mozilla.257:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.145:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.146:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.147:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.148:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.149:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.217:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

:mozilla.218:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

:mozilla.32:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

:mozilla.135:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

:mozilla.219:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

:mozilla.220:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

:mozilla.221:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

:mozilla.222:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).

:mozilla.89:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.90:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.91:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.92:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.93:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.61:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.62:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.63:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.64:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.65:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.191:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).

:mozilla.235:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).

:mozilla.192:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.193:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.194:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.195:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.109:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.110:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.111:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

:mozilla.100:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

:mozilla.94:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

:mozilla.95:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

:mozilla.96:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

:mozilla.97:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

:mozilla.98:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

:mozilla.99:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup (quarantined).

:mozilla.196:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.197:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.198:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.199:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.211:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).

:mozilla.183:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.247:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.112:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.113:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.114:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.115:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.116:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.117:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.118:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.119:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).

:mozilla.79:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.80:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.81:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.241:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.242:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.243:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.244:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.156:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).

:mozilla.161:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.162:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.163:C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\nd1rrj76.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\Documents and Settings\admin\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

 

 

::Report end

Share this post


Link to post
Share on other sites

* Please open hijackthis and put a check next to the following:

 

O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"

 

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

 

* After that, delete following folder if it's present:

 

C:\Program Files\PSHope

 

* Finally, post a new hijackthis log here and tell me how everything is working. :)

Share this post


Link to post
Share on other sites

here's the log file, idk if it worked yet. Only time will tell.

 

Logfile of HijackThis v1.99.1

Scan saved at 2:25:32 AM, on 7/29/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Wintab32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\ZPOINT32.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad

O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152728869343

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: NexTab (Wintab32) - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 9:20:33 AM, on 7/30/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Wintab32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ZPOINT32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\cidaemon.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad

O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152728869343

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: NexTab (Wintab32) - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Share this post


Link to post
Share on other sites

I don't see anything bad in your log, can you tell me what problems you have?

Share this post


Link to post
Share on other sites

i keep getting this clicking or pop-up noise and then my program deselects. Or if im playing a game it minimizes. Also ewido keeps comign up with hijacker.agent.a , it says its cleaned but every tiome i scan its back.

Share this post


Link to post
Share on other sites

Download GMER from here:

http://www.gmer.net/files.php

 

Unzip it to desktop.

 

Open the program and click on the Rootkit tab.

Make sure all the boxes on the right of the screen are checked, apart from ‘Show All’.

Click on Scan.

When the scan has run click Copy and paste the results (if any) into this thread.

Share this post


Link to post
Share on other sites

GMER 1.0.10.10122 - http://www.gmer.net

Rootkit 2006-07-31 19:23:52

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.10 ----

 

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess

SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

 

---- Devices - GMER 1.0.10 ----

 

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F799C85A] avgtdi.sys

Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F799C85A] avgtdi.sys

Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F799C85A] avgtdi.sys

Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F799C85A] avgtdi.sys

Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F799C85A] avgtdi.sys

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE ED292C8A

Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL [EE59F912] DLAIFS_M.SYS

 

---- Registry - GMER 1.0.10 ----

 

Reg \Registry\MACHINE\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl

 

---- Files - GMER 1.0.10 ----

 

File C:\System Volume Information\catalog.wci

File C:\System Volume Information\MountPointManagerRemoteDatabase

File C:\System Volume Information\tracking.log

File D:\System Volume Information\MountPointManagerRemoteDatabase

File D:\System Volume Information\tracking.log

 

---- EOF - GMER 1.0.10 ----

Share this post


Link to post
Share on other sites

* Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Share this post


Link to post
Share on other sites

here it is:

 

41EBC70B-8988-4F2B-AA41-30B28E\data001;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Trojan.Popuper;;

41EBC70B-8988-4F2B-AA41-30B28E;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Archive contains infected objects;Moved.;

46DEFD01-9FFF-4696-86E0-02C4DA\data001;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Trojan.Popuper;;

46DEFD01-9FFF-4696-86E0-02C4DA;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Archive contains infected objects;Moved.;

C01E5309-43DF-4029-B077-B20490\data001;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Trojan.Popuper;;

C01E5309-43DF-4029-B077-B20490;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Archive contains infected objects;Moved.;

F87CCF51-CF4D-409F-B9C2-4CD6F9\data001;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Trojan.Popuper;;

F87CCF51-CF4D-409F-B9C2-4CD6F9;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7678CA96-7E44-493A-A33E-;Archive contains infected objects;Moved.;

3BA0F221-F77B-468F-A865-1E500B;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A5351AC-37C5-45B1-8446-;Trojan.DownLoader.based;Deleted.;

633DA001-6717-4DC1-9036-C404E1;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A5351AC-37C5-45B1-8446-;Trojan.DownLoader.based;Deleted.;

84554EE9-BE5B-4214-A33B-3EDAAE;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A5351AC-37C5-45B1-8446-;Trojan.DownLoader.based;Deleted.;

864DC081-DA7A-4604-AD33-E0C5EB;C:\Documents and Settings\admin\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\8A5351AC-37C5-45B1-8446-;Trojan.DownLoader.based;Deleted.;

kyzexem.html\Javascript.0;C:\Program Files\ComPlus Applications\kyzexem.html;Trojan.Click.1237;;

kyzexem.html;C:\Program Files\ComPlus Applications;Archive contains infected objects;Moved.;

Process.exe;C:\Program Files\Mozilla Firefox\smitRem;Tool.Prockill;Incurable.Renamed.;

Process.exe;C:\Program Files\Mozilla Firefox\win32delfkil;Tool.Prockill;Incurable.Renamed.;

restart.exe;C:\Program Files\Mozilla Firefox\win32delfkil;Trojan.Shutdown;Deleted.;

howyvykaj.html\Javascript.0;C:\Program Files\Windows Media Player\howyvykaj.html;Trojan.Click.1237;;

howyvykaj.html;C:\Program Files\Windows Media Player;Archive contains infected objects;Moved.;

gdnUS2339.exe;C:\WINDOWS\Downloaded Program Files;Trojan.DownLoader.based;Deleted.;

clci.exe;C:\WINDOWS\system32;Dialer.Mitrafa;Incurable.Renamed.;

pmnlj.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

 

Logfile of HijackThis v1.99.1

Scan saved at 6:20:46 PM, on 8/1/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Wintab32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\System32\GEARSec.exe

C:\WINDOWS\runservice.exe

C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\WINDOWS\system32\ZPOINT32.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WINDOWS\Acecad\Wtxpload.exe Acecad

O4 - HKLM\..\Run: [ZPOINT32] C:\WINDOWS\system32\ZPOINT32.exe

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152728869343

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah DVD Burner\NMSAccess.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: NexTab (Wintab32) - Unknown owner - C:\WINDOWS\system32\Wintab32.exe

Share this post


Link to post
Share on other sites

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we at Lavasoftsupport are to help you, for your sake we would rather not have repeat customers. :P

 

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

 

If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time.

 

There are basically two types of these programs:

On-Access and On-Demand

 

On-Access Scanners

As the name implies, are scanners that run in the background all the time the PC is turned on and running. The main function of an On-Access scanner is to monitor activity on your machine.

 

On-Demand Scanners

As the name implies, are scanners that only run when you ask them to.

Such as:

Online Scans and scanners that run on your machine but are not actively scanning your machine.

 

1) Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

 

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

 

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

 

Ad-Aware SE

A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

 

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

 

SpywareBlaster

A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

 

SpywareGuard

A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

 

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

 

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:

http://www.mozilla.org/products/firefox/

 

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

 

5) Finally, consider maintaining a firewall. Some good free firewalls are ZoneAlarm, Kerio, or

Outpost

A tutorial on understanding and using firewalls may be found here.

 

Please also read Tony Klein's excellent article: How I got Infected in the First Place

 

Hopefully this should take care of your problems! Good luck. :D

Edited by LS CalamityJane
Fixed outdated URL

Share this post


Link to post
Share on other sites
Sign in to follow this