|
|
|
help stop these popups
|
|
|
scrapmom
Junior Member
|
22. June 2007 @ 21:15 |
Link to this message
|
here's my hijack this log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:10:58 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\retadpu72.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe
C:\Program Files\WinPop\winpop.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\s?stem\?hkntfs.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\zokq\zokqa.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moe\Desktop\HiJackThis_v2.0.0.0.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allvantage.com/myvantage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {651B1385-816A-DC9A-4B60-898DC92C8296} - C:\WINDOWS\system32\yyhqoy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [zokq] C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11032 bytes
|
|
Advertisement
|
|
|
|
Member
|
25. June 2007 @ 04:17 |
Link to this message
|
Hi!
Step 1: Download and Run OiUninstaller
Download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
========
Step 2: Download AVG
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
Version 7.5.0.50 !
* Install AVG Anti-Spyware by double clicking the installer.
* Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
* On the main screen under Your Computer's security.
* Click on Change state next to Resident shield. It should now change to inactive.
* Click on Change state next to Automatic updates. It should now change to inactive.
* Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
* Wait until you see the Update succesfull message.
* Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
* Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
If AVG doesn't work in Safemode, please use this patchfile to make it work.
Don't run just yet!
========
Step 3: Disable processes
Open Task Manager by pressing ctrl + alt + delete keys simultaneously
* Click Processes
* Click Image Name to Alphabetize the list
* Find
C:\WINDOWS\retadpu72.exe
C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe
C:\Program Files\WinPop\winpop.exe
C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
:\PROGRA~1\COMMON~1\zokq\zokqa.exe
and click on it
* Click End Process
* Repeat steps for each process listed above
Close Task Manager
========
Step 4: Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)
O2 - BHO: (no name) - {651B1385-816A-DC9A-4B60-898DC92C8296} - C:\WINDOWS\system32\yyhqoy.dll
O2 - BHO: BHOAd - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\xmlhelper.dll
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9 B1894E754BE54C29159A7DA197C7734672DE3F546CAC59B6
O4 - HKCU\..\Run: [Scbu] "C:\DOCUME~1\moe\MYDOCU~1\FNTS~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe"
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [zokq] C:\PROGRA~1\COMMON~1\zokq\zokqm.exe
Then close all windows except HijackThis and click Fix Checked
========
Step 5: Delete Temporary files
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.
For Internet Explorer 7
* Click Start, click Control Panel, and then double-click Internet Options.
* On the General tab, click Delete... under Browsing History.
* Next to Temporary Internet Files, click Delete files, and then click OK.
* Next to Cookies, click Delete cookies, and then click OK.
* Next to History, click Delete history, and then click OK.
* Click the Close button.
* Click OK.
For Internet Explorer 4.x - 6.x
* Click Start, click Control Panel, and then double-click Internet Options.
* On the General tab, click Delete Files under Temporary Internet Files.
* In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
* On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
* Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
* Click OK.
For Netscape 4.x and Up
* Click Edit from the Netscape menubar.
* Click Preferences... from the Edit menu.
* Expand the Advanced menu by clicking the triangle sign.
* Click Cache.
* Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
* Click Edit from the Mozilla menubar.
* Click Preferences... from the Edit menu.
* Expand the Advanced menu by clicking the plus sign.
* Click Cache.
* Click the Clear Cache button.
For Opera
* Click File from the Opera menubar.
* Click Preferences... from the File menu.
* Click the History and Cache menu.
* Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
* Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
========
Step 6: Show hidden foldes & Safemode
[*]Go to Start > My Computer
[*]Go to Tools > Folder Options
[*]Click on the View tab
[*]Untick the following:
[*]Hide extensions for known file types
[*]Hide protected operating system files (Recommended)
[*]You will get a message warning you about showing protected operating system files, click Yes
[*]Make sure this option is selected:
[*]Show hidden files and folders
[*]Click Apply and then click OK
Restart your computer to Safe Mode.
1. If the computer is running, shut down Windows, and then turn off the power.
2. Wait 30 seconds, and then turn the computer on.
3. Start tapping the F8 key. The Windows Advanced Options Menu will appear. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
4. Ensure that the Safe Mode option is selected.
5. Press Enter. The computer then begins to start in Safe Mode.
6. Login on your usual account.
========
Step 7: Delete files in Safemode
When in Safemode, please find and remove these: (if still present)
C:\WINDOWS\system32\yyhqoy.dll
C:\WINDOWS\xmlhelper.dll
C:\WINDOWS\retadpu72.exe
C:\Program Files\WinPop FOLDER
C:\PROGRA~1\COMMON~1\zokq FOLDER
========
Step 8: Run AVG
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
* Click on Scanner on the toolbar.
* Click on the Settings tab.
* Under How to act?
* Click on Recommended Action and choose Quarantine from the popup menu.
* Under How to scan?
* All checkboxes should be ticked.
* Under Possibly unwanted software:
* All checkboxes should be ticked.
* Under Reports:
* Select Automatically generate report after every scan and uncheck Only if threats were found.
* Under What to scan?
* Select Scan every file.
* Click on the Scan tab.
* Click on Complete System Scan to start the scan process.
* Let the program scan the machine.
* When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
* Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
* At the bottom of the window click on the Apply all Actions button. (3)
* When done, click the Save Scan Report button. (4)
* Click the Save Report as button.
* Save the report to your Desktop.
* Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
Step 9: Post back reports
Post fresh HijackThis log and AVG's report.
Virustorjunta.net asiantuntevaa palvelua ilman peeloilua.
Hjt-lokit tänne |
|
scrapmom
Junior Member
|
25. June 2007 @ 09:39 |
Link to this message
|
|
|
|
zedeutch
Newbie
|
25. June 2007 @ 17:50 |
Link to this message
|
Here's my log file - any suggestions?
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:46:20 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\qyvjsbvn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\avp.exe
C:\Documents and Settings\All Users\Application Data\ihqhgrsh.exe
C:\WINDOWS\smgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\SXYB4LER\HiJackThis_v2.0.0.0[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defa...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://comcast.net/comcast.html
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\pgvcaaxj.dll
O2 - BHO: (no name) - {A18D2E8F-3EC1-408F-BA4E-35829FD9B2DF} - C:\WINDOWS\system32\awtqn.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\WINDOWS\system32\nnnoonm.dll
O2 - BHO: (no name) - {F3CDEF9B-419B-4338-BD23-F7E5A05E2EA3} - C:\Program Files\Common Files\meroz83122.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000219.exe 61A847B5BBF72810329B385473F001F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [actfxivA] C:\WINDOWS\actfxivA.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qwinoodt.exe CHD003
O4 - HKLM\..\Run: [{54-40-0D-DD-ZN}] C:\windows\system32\nndsregr.exe CHD003
O4 - HKLM\..\Run: [j86759] C:\WINDOWS\j86759
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [ihqhgrsh.exe] C:\Documents and Settings\All Users\Application Data\ihqhgrsh.exe
O4 - HKLM\..\Run: [smgr] smgr.exe
O4 - HKLM\..\Run: [SC2] C:\WINDOWS\system32\scchk32.exe
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\xhfduhlg.dll",realset
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Gua] "C:\Documents and Settings\Owner\Application Data\F?nts\s?chost.exe"
O4 - HKCU\..\Policies\Explorer\Run: [svchost.exe] C:\Program Files\Common Files\svchost.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1096510223875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1127783090328
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} (Quantum Streaming IE Player Class) - http://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab
O20 - Winlogon Notify: awtqn - C:\WINDOWS\system32\awtqn.dll
O20 - Winlogon Notify: nnnoonm - C:\WINDOWS\SYSTEM32\nnnoonm.dll
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\system32\qyvjsbvn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Net Agent - Unknown owner - C:\WINDOWS\dls0523pmw.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\actfxiv.exe (file missing)
O24 - Desktop Component 0: (no name) - C:\Program Files\WindowsUpdate\rtemehdowu.html
--
End of file - 9781 bytes
|
|
scrapmom
Junior Member
|
25. June 2007 @ 20:02 |
Link to this message
|
Ok, here is my new Hijack this log.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:54:07 PM, on 6/25/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\s?stem\?hkntfs.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\moe\Desktop\HiJackThis_v2.0.0.0.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allvantage.com/myvantage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = -
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12044 bytes
And here is the AVG log:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:44:43 PM 6/25/2007
+ Scan result:
C:\Documents and Settings\moe\Desktop\backups\backup-20070625-131233-178.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\xmlhelper.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003984.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP8\A0003868.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\WinPop\winpop.exe -> Adware.Rond : Cleaned with backup (quarantined).
C:\WINDOWS\b122.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\b138.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003925.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0004013.exe -> Backdoor.VB.kb : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003922.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP6\A0002290.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\2.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\54.tmp -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003981.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP5\A0002173.exe -> Downloader.PurityScan.eg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP11\A0003923.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003898.exe -> Downloader.PurityScan.eh : Cleaned with backup (quarantined).
C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003901.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\zokq\zokqd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003899.exe -> Downloader.TSUpdate.l : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003897.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\WINDOWS\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP9\A0003900.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\WINDOWS\b136.exe -> Dropper.Agent.bfr : Cleaned with backup (quarantined).
C:\Program Files\music_now\inetchk.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\Documents and Settings\moe\Cookies\moe@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\moe\Cookies\moe@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\moe\Cookies\moe@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP8\A0003872.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wnstsisv32.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP5\A0002082.exe -> Trojan.Small.mi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BFAA719B-281F-45B6-9E39-9D4BB578C2A4}\RP5\A0002108.exe -> Trojan.Small.mi : Cleaned with backup (quarantined).
C:\Program Files\WinPop\UnInstall.exe -> Trojan.Small.oa : Cleaned with backup (quarantined).
::Report end
|
Member
|
25. June 2007 @ 23:43 |
Link to this message
|
@zedeutch
Make a new thread to your log.
==================
@scrapmom
Good, but PurityScan is still there...
We can try manyally remove:
* Click Start
* Click Control Panel
* Double-click Add or Remove Program
* Find and remove these programs if found:
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
anything with Oin or Outerinfo
Zolero
Tizzletalk
MediaTickets
Cowabanga
After that remove this folder:
C:\Program Files\PurityScan
Download and Run ComboFix
* Download this file from either of the two below listed places :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
* Then double click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post fresh HijackThis log and Combos log, please.
Virustorjunta.net asiantuntevaa palvelua ilman peeloilua.
Hjt-lokit tänne |
|
scrapmom
Junior Member
|
26. June 2007 @ 10:04 |
Link to this message
|
"moe" - 2007-06-26 10:37:08 - ComboFix 07-06-26.8 - Service Pack 2 NTFS
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\moe\MYDOCU~1.\ecurit~1
C:\DOCUME~1\moe\MYDOCU~1.\fnts~1
C:\DOCUME~1\moe\MYDOCU~1.\fnts~1\dvdplay.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\sstem~1
C:\Program Files\sstem~1\?hkntfs.exe
C:\Program Files\winpop
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\core
((((((((((((((((((((((((( Files Created from 2007-05-26 to 2007-06-26 )))))))))))))))))))))))))))))))
2007-06-26 10:36 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-25 12:52 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-06-23 00:04 <DIR> d-------- C:\Program Files\Includes
2007-06-23 00:03 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-22 23:43 <DIR> d-------- C:\Program Files\Lavasoft
2007-06-22 23:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-06-22 23:38 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-06-22 23:38 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-06-22 23:38 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-06-22 23:38 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-06-22 23:38 <DIR> d-------- C:\Program Files\Sygate
2007-06-22 08:18 <DIR> d-------- C:\Program Files\Advanced Registry Optimizer
2007-06-22 08:18 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Sammsoft
2007-06-22 00:07 <DIR> d-------- C:\WINDOWS\system32\appmgmt
2007-06-21 23:37 0 -rahs---- C:\MSDOS.SYS
2007-06-21 23:37 0 -rahs---- C:\IO.SYS
2007-06-21 23:37 <DIR> d-------- C:\DOCUME~1\moe\WINDOWS
2007-06-19 22:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-06-19 21:29 23,040 --------- C:\WINDOWS\kb913800.exe
2007-06-19 21:01 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\2Wire
2007-06-19 20:53 <DIR> d-------- C:\Program Files\2Wire Wireless Manager
2007-06-19 20:53 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\2Wire
2007-06-19 20:38 <DIR> d-------- C:\Program Files\QwestQuickNetworking
2007-06-19 09:07 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-06-18 15:27 <DIR> d-------- C:\Program Files\WinTouch
2007-06-18 15:01 <DIR> d-------- C:\WINDOWS\zokq
2007-06-18 15:01 <DIR> d-------- C:\Program Files\Common Files\zokq
2007-06-18 14:10 176,085 --a------ C:\WINDOWS\b129.exe.bin
2007-06-18 09:55 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-06-16 16:48 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Google
2007-06-16 15:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-06-16 12:05 <DIR> d-------- C:\Program Files\MySpace
2007-06-16 12:05 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\MySpace
2007-06-15 23:18 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-06-15 23:18 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-06-15 23:18 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-06-15 23:18 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Leadertech
2007-06-15 22:56 <DIR> d-------- C:\Programme
2007-06-15 22:35 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Walgreens
2007-06-15 18:06 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\MSNInstaller
2007-06-14 20:36 <DIR> d--h----- C:\Program Files\Zero G Registry
2007-06-14 20:36 <DIR> d-------- C:\Program Files\Coupon Sense
2007-06-14 20:23 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\AdobeUM
2007-06-14 12:49 <DIR> d-------- C:\WINDOWS\AllVantage
2007-06-14 12:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-06-14 10:03 <DIR> d--hs---- C:\RECYCLER
2007-06-14 09:40 86,016 --a------ C:\WINDOWS\unvise32qt.exe
2007-06-14 09:40 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys
2007-06-14 09:40 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2007-06-14 09:40 <DIR> d-------- C:\Program Files\Real
2007-06-14 09:40 <DIR> d-------- C:\Program Files\QuickTime
2007-06-14 09:40 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2007-06-14 09:40 <DIR> d-------- C:\My Music
2007-06-14 09:40 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\You've Got Pictures Screensaver
2007-06-14 09:40 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\AOL
2007-06-14 09:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
2007-06-14 09:39 118,784 --a------ C:\WINDOWS\system32\Msstdfmt.dll
2007-06-14 09:39 102,400 --a------ C:\WINDOWS\system32\SimpleRegistry.dll
2007-06-14 09:39 10,752 --a------ C:\WINDOWS\system32\aamd532.dll
2007-06-14 09:39 <DIR> d-------- C:\Program Files\Viewpoint
2007-06-14 09:39 <DIR> d-------- C:\Program Files\Pure Networks
2007-06-14 09:39 <DIR> d-------- C:\Program Files\Common Files\Real
2007-06-14 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
2007-06-14 09:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pure Networks
2007-06-14 09:38 335 --a------ C:\WINDOWS\nsreg.dat
2007-06-14 09:38 33,588 -ra------ C:\WINDOWS\system32\drivers\wanatw4.sys
2007-06-14 09:38 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-06-14 09:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
2007-06-13 20:35 <DIR> d-------- C:\DOCUME~1\moe\Shared
2007-06-13 20:35 <DIR> d-------- C:\DOCUME~1\moe\Incomplete
2007-06-13 20:28 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\LimeWire
2007-06-13 18:35 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SupportSoft
2007-06-13 17:28 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\Yahoo!
2007-06-13 17:28 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-06-13 17:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo!
2007-06-13 17:16 143,360 --a------ C:\WINDOWS\GTRemove.exe
2007-06-13 17:16 <DIR> d-------- C:\Program Files\Qwest
2007-06-13 17:16 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2007-06-13 17:16 <DIR> d-------- C:\Program Files\Actiontec
2007-06-13 17:16 <DIR> d-------- C:\Program Files\2Wire_USB_Drivers
2007-06-13 17:15 <DIR> d-------- C:\DOCUME~1\moe\APPLIC~1\InstallShield
2007-06-13 09:14 <DIR> d-------- C:\Program Files\Yahoo!
2007-06-13 08:03 8,704 --a------ C:\WINDOWS\system32\fxsperf.dll
2007-06-13 08:03 72,192 --a------ C:\WINDOWS\system32\fxscom.dll
2007-06-13 08:03 6,656 --a------ C:\WINDOWS\system32\fxsres.dll
2007-06-13 08:03 562,176 --a------ C:\WINDOWS\system32\fxsst.dll
2007-06-13 08:03 55,296 --a------ C:\WINDOWS\system32\fxsevent.dll
2007-06-13 08:03 452,096 --a------ C:\WINDOWS\system32\fxsapi.dll
2007-06-13 08:03 400,384 --a------ C:\WINDOWS\system32\fxsxp32.dll
2007-06-13 08:03 397,312 --a------ C:\WINDOWS\system32\fxstiff.dll
2007-06-13 08:03 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll
2007-06-13 08:03 285,184 --a------ C:\WINDOWS\system32\fxscomex.dll
2007-06-13 08:03 27,136 --a------ C:\WINDOWS\system32\fxsdrv.dll
2007-06-13 08:03 267,776 --a------ C:\WINDOWS\system32\fxssvc.exe
2007-06-13 08:03 246,272 --a------ C:\WINDOWS\system32\fxst30.dll
2007-06-13 08:03 23,552 --a------ C:\WINDOWS\system32\fxsmon.dll
2007-06-13 08:03 23,552 --a------ C:\WINDOWS\system32\fxsext32.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-06-26 03:44:39 -------- d-----w C:\Program Files\DIGStream
2007-06-17 20:37:36 -------- d-----w C:\Program Files\Google
2007-06-16 16:24:55 -------- d-----w C:\Program Files\WildTangent
2007-06-14 00:16:55 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-13 14:44:41 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-06-13 07:54:27 -------- d-----w C:\Program Files\HPQ
2007-06-12 20:48:40 -------- d-----w C:\Program Files\Windows Plus
2007-06-12 20:48:36 -------- d-----w C:\Program Files\Windows NT
2007-06-12 20:45:09 -------- d-----w C:\Program Files\Synaptics
2007-06-12 20:45:09 -------- d-----w C:\Program Files\Symantec
2007-06-12 20:45:05 -------- d-----w C:\Program Files\Sonic
2007-06-12 20:44:15 -------- d-----w C:\Program Files\RGB
2007-06-12 20:44:15 -------- d-----w C:\Program Files\Quickensetup
2007-06-12 20:44:02 -------- d-----w C:\Program Files\Quicken
2007-06-12 20:43:50 -------- d-----w C:\Program Files\Online Services
2007-06-12 20:42:52 -------- d-----w C:\Program Files\Norton Internet Security
2007-06-12 20:42:30 -------- d-----w C:\Program Files\Netscape
2007-06-12 20:42:17 -------- d-----w C:\Program Files\muvee Technologies
2007-06-12 20:42:17 -------- d-----w C:\Program Files\music_now
2007-06-12 20:42:17 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-06-12 20:42:16 -------- d-----w C:\Program Files\MSN Encarta Plus
2007-06-12 20:42:14 -------- d-----w C:\Program Files\Movie Maker
2007-06-12 20:42:13 -------- d-----w C:\Program Files\Microsoft Works
2007-06-12 20:41:43 -------- d-----w C:\Program Files\Microsoft Office Trial Wizard
2007-06-12 20:41:41 -------- d-----w C:\Program Files\Microsoft Money 2006
2007-06-12 20:41:27 -------- d-----w C:\Program Files\microsoft frontpage
2007-06-12 20:41:27 -------- d-----w C:\Program Files\Messenger
2007-06-12 20:41:01 -------- d-----w C:\Program Files\HP Rhapsody
2007-06-12 20:40:55 -------- d-----w C:\Program Files\HP
2007-06-12 20:40:03 -------- d-----w C:\Program Files\Hewlett-Packard
2007-06-12 20:39:41 -------- d-----w C:\Program Files\GemMaster
2007-06-12 20:39:38 -------- d-----w C:\Program Files\ESPNMotion
2007-06-12 20:39:38 -------- d-----w C:\Program Files\EnglishOtto
2007-06-12 20:39:35 -------- d-----w C:\Program Files\CONEXANT
2007-06-12 20:39:35 -------- d-----w C:\Program Files\Common Files\TiVo Shared
2007-06-12 20:39:13 -------- d-----w C:\Program Files\Common Files\SureThing Shared
2007-06-12 20:39:13 -------- d-----w C:\Program Files\Common Files\SpeechEngines
2007-06-12 20:39:13 -------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-06-12 20:39:02 -------- d-----w C:\Program Files\Common Files\Palo Alto Software
2007-06-12 20:39:02 -------- d-----w C:\Program Files\Common Files\ODBC
2007-06-12 20:39:02 -------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-06-12 20:38:50 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-06-12 20:38:44 -------- d-----w C:\Program Files\Common Files\LightScribe
2007-06-12 20:38:38 -------- d-----w C:\Program Files\Common Files\Intuit
2007-06-12 20:38:37 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-06-12 20:38:34 -------- d-----w C:\Program Files\Common Files\HP
2007-06-12 20:38:30 -------- d-----w C:\Program Files\ATI Technologies
2007-06-12 20:38:29 -------- d-----w C:\Program Files\AMD
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 05:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 05:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 05:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 05:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 05:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 05:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 05:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 05:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-13 22:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4efb-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 14:39]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-03 15:17]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-06-18 15:57]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}=C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 13:33]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 14:22]
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}=c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 07:25]
{AA58ED58-01DD-4d91-8333-CF10577473F7}=c:\program files\google\googletoolbar2.dll [2007-01-19 23:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 22:05]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 13:50]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-09-17 07:27]
"IS CfgWiz"="c:\Program Files\Norton Internet Security\cfgwiz.exe" [2005-09-30 05:33]
"SSC_UserPrompt"="c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 23:59]
"@"="" []
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2005-12-12 12:39]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 11:56]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 15:26]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 16:45]
"QUICKCARE"="C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe" [2006-11-07 21:07]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-06-14 09:40]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-14 09:40]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-06-22 22:22]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2005-04-27 13:04]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-06-07 14:08]
"Cluc"="C:\Program Files\s?stem\?hkntfs.exe" []
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-16 15:07]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-03-23 11:45]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-06-18 15:58]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice]
*Newly Created Service* - COMHOST
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\KB910393
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{407408d4-94ed-4d86-ab69-a7f649d112ee}
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
Contents of the 'Scheduled Tasks' folder
2007-06-23 07:00:30 C:\WINDOWS\tasks\At1.job
2007-06-18 16:01:59 C:\WINDOWS\tasks\At10.job
2007-06-26 17:00:01 C:\WINDOWS\tasks\At11.job
2007-06-25 18:00:00 C:\WINDOWS\tasks\At12.job
2007-06-21 19:00:30 C:\WINDOWS\tasks\At13.job
2007-06-25 20:00:00 C:\WINDOWS\tasks\At14.job
2007-06-24 21:00:10 C:\WINDOWS\tasks\At15.job
2007-06-22 22:00:30 C:\WINDOWS\tasks\At16.job
2007-06-23 23:00:02 C:\WINDOWS\tasks\At17.job
2007-06-23 00:00:30 C:\WINDOWS\tasks\At18.job
2007-06-26 01:00:00 C:\WINDOWS\tasks\At19.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At2.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At20.job
2007-06-26 03:00:00 C:\WINDOWS\tasks\At21.job
2007-06-26 04:00:00 C:\WINDOWS\tasks\At22.job
2007-06-26 05:00:00 C:\WINDOWS\tasks\At23.job
2007-06-24 06:00:00 C:\WINDOWS\tasks\At24.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At3.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At4.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At5.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At6.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At7.job
2007-06-16 22:17:39 C:\WINDOWS\tasks\At8.job
2007-06-22 15:00:30 C:\WINDOWS\tasks\At9.job
2007-06-14 17:45:53 C:\WINDOWS\tasks\Easy Internet Sign-up.job
2006-02-16 15:36:17 C:\WINDOWS\tasks\Symantec NetDetect.job
**************************************************************************
catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-26 10:41:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-06-26 10:42:15 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-26 10:42
--- E O F ---
|
|
scrapmom
Junior Member
|
26. June 2007 @ 10:08 |
Link to this message
|
Sorry, forgot to post the Hijack this log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:06:38 AM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AllVantage\dunnow.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\moe\Desktop\HiJackThis_v2.0.0.0.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.allvantage.com/myvantage/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3...ilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.allvantage.com/myvantage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] c:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] "c:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QUICKCARE] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QUICKCARE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Documents and Settings\moe\My Documents\My Music\LimeWire\LimeWire.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA04DDC3-9BAA-41E4-BC52-6D4E64AEE11A}: NameServer = 205.171.3.65 205.171.2.65
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 11619 bytes
|
Member
|
27. June 2007 @ 00:08 |
Link to this message
|
Run HijackThis
Click on do a system scan only
Place a checkmark next to these lines(if still present)
O4 - HKCU\..\Run: [Cluc] "C:\Program Files\s?stem\?hkntfs.exe"
Then close all windows except HijackThis and click Fix Checked
Otherwise seems to be clean.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
* Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
You can find instructions on how to enable and reenable system restore here:
Managing Windows Millenium System Restore
or
Windows XP System Restore Guide
Reenable system restore with instructions from tutorial above
* Make your Internet Explorer more secure - This can be done by following these simple instructions:
* From within Internet Explorer click on the Tools menu and then click on Options.
* Click once on the Security tab
* Click once on the Internet icon so it becomes highlighted.
* Click once on the Custom Level button.
* Change the Download signed ActiveX controls to Prompt
* Change the Download unsigned ActiveX controls to Disable
* Change the Initialize and script ActiveX controls not marked as safe to Disable
* Change the Installation of desktop items to Prompt
* Change the Launching programs and files in an IFRAME to Prompt
* Change the Navigate sub-frames across different domains to Prompt
* When all these settings have been made, click on the OK button.
* If it prompts you as to whether or not you want to save the settings, press the Yes button.
* Next press the Apply button and then the OK to exit the Internet Properties page.
* Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
* Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
* Use a Firewall - I can not stress how important it is that you use a firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a firewall in its default configuration can lower your risk greatly.
For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
* Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
* Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-Aware to remove Spyware, Malware, & Hijackers from Your Computer
* Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware
* Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
* Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
Here are some additional utilities that will enhance your safety
* IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
* MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
* Google Toolbar <= Get the free google toolbar to help stop pop up windows.
* Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Also, please read this great article by Tony Klein So How Did I Get Infected In First Place
Happy surfing and stay clean!
Virustorjunta.net asiantuntevaa palvelua ilman peeloilua.
Hjt-lokit tänne |
|
scrapmom
Junior Member
|
27. June 2007 @ 07:40 |
Link to this message
|
|
Got it! Thanks. What exactly was I infected with?
|
|
Advertisement
|
|
|
Member
|
27. June 2007 @ 07:43 |
Link to this message
|
|
You hade PurityScan and Trojans.
Please do that enable/disable systemrestore, because your systemrestore is full of those viruses.
Virustorjunta.net asiantuntevaa palvelua ilman peeloilua.
Hjt-lokit tänne |
|
