Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Friday 29.8.2025 / 14:52
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > another hijack this report.
Show topics
 
Forums
Forums
another Hijack This report.
  Jump to:
 
Posted Message
amatire
Newbie
_ 		6. November 2006 @ 05:34 _ Link to this message    Send private message to this user   
Thanks for your help. I don't know if anything will turn up, but I've had a few problems with the computer recently and I've tried pretty much everything else I can think of, so I thought I'd check using HijackThis to see if anything showed up.

Logfile of HijackThis v1.99.1
Scan saved at 14:11:48, on 06/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Documents and Settings\Peter\Desktop\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.morningbymorning.blogspot.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /source=HKLM
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IW_Drop_Icon] "C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" /dropdisc
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Documents and Settings\Peter\Desktop\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - http://courses.learndirect.co.uk/provide...yer/awswaxf.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1140257017218
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.co...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20040...all/xscan53.cab
O16 - DPF: {86A88967-7A20-11D2-8EDA-00600818EDB1} (ParallelGraphics Cortona Control) - http://www.parallelgraphics.com/bin/cortvrml.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://www.streamingfaith.com/common/mbrowser/MINIBrowser.CAB
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		6. November 2006 @ 16:13 _ Link to this message    Send private message to this user   
HijackThis log is clean too. What problems are you having?
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
amatire
Newbie
_ 		7. November 2006 @ 03:44 _ Link to this message    Send private message to this user   
That's great to know, thanks.

Well, I seem to have started having problems after going on YouTube.com last week - which might be telling in itself. Are there any well-known problems associated with the site?

Firstly the computer monitor switched itself off and on again and the picture went extremely large and then returned back to normal. The computer then restarted on its own - could be a power surge?

But a few minutes later when I tried to open a bbc webpage to view a film in realplayer, realplayer crashed and so did internet explorer. This has never happened before, as I use realplayer a great deal. The error report said I should try http://service.real.com/realplayer/ which advised me to Lower the hardware acceleration. Which I did. And realplayer started playing fine but from then on every time I switch on the computer I get an error message from Hydravision. And the computer can run rather slow when I have more than one application open at once, which never used to be a problem.

I've run AVG, Spysweeper, Adaware, CCleaner, HijackThis, WindowsDefender. And can't find a problem anywhere. Am I missing something obvious?

Thanks for your help. Hope that's enough info.
[ + quote]
Niobis
Senior Member
_ 		7. November 2006 @ 17:09 _ Link to this message    Send private message to this user   
Download F-Secure Blacklight (blbeta.exe) to the desktop from here.

Open it and click Accept Agreement.
Click "Scan".
After the scan is complete, click "Next", then "Exit".
It will create a log on the desktop named "fsbl-xxxxxxx.log" (the xxxxxxx will be the date and time of the scan)
Post that log in your next reply.

Go here to run ActiveScan.
After downloading, click My Computer to scan.
When it finishes, click "See Report".
Click "Save report" and post it along with the BL log.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 7. November 2006 @ 17:10
amatire
Newbie
_ 		8. November 2006 @ 10:00 _ Link to this message    Send private message to this user   
I haven't run a spysweeper scan today so I think the panda scan only threw up the usual. We'll see.

Google Earth is having trouble opening too. It says it is having trouble with DivX. Do you think the problem is just a 2 year old graphics driver?

11/08/06 18:27:29 [Info]: BlackLight Engine 1.0.47 initialized
11/08/06 18:27:29 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/08/06 18:27:29 [Note]: 7019 4
11/08/06 18:27:29 [Note]: 7005 0
11/08/06 18:27:33 [Note]: 7006 0
11/08/06 18:27:33 [Note]: 7011 1532
11/08/06 18:27:33 [Note]: 7026 0
11/08/06 18:27:33 [Note]: 7026 0
11/08/06 18:27:42 [Note]: FSRAW library version 1.7.1020
11/08/06 18:34:36 [Note]: 2000 1012
11/08/06 18:34:36 [Note]: 2000 1012
11/08/06 18:34:52 [Note]: 7007 0


Incident Status Location

Adware:adware/ncase Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\1blq7ppz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Peter\Cookies\peter@247realmedia[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Peter\Cookies\peter@adtech[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Peter\Cookies\peter@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Peter\Cookies\peter@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Peter\Cookies\peter@doubleclick[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Peter\Cookies\peter@mediaplex[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@mediaplex[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Peter\Local Settings\Temp\Cookies\peter@tribalfusion[1].txt
[ + quote]
Advertisement
_ 		__
 
_
Niobis
Senior Member
_ 		8. November 2006 @ 14:11 _ Link to this message    Send private message to this user   
Blacklight came out clean. Panda didn't find the usual. There a few adware registry entries, but Panda isn't showing the location so we can remove them manually. You'll need to let Ad-Aware delete them. SpySweeper may remove them too, so run a scan with either or both.

About the first problem: try uninstalling then re-installing Real Player to see if that helps.

For the second problem, do the same for DivX.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > another hijack this report.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork