Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Sunday 9.3.2025 / 09:16
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijack log - system acting weird
Show topics
 
Forums
Forums
Hijack log - system acting weird
  Jump to:
 
Posted Message
baddassb
Member
_ 		15. March 2008 @ 00:43 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:16 PM, on 3/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Conversions Plus\FormatM.exe
C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Notes\ntmulti.exe
C:\PROGRA~1\Marimba\CASTAN~1\lib\jre\bin\java.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\pdfDocs\Resources\pdfDocsMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Adobe\Acrobat\acrobat_sl.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: RDL Rolex - {87F99AD1-22A9-46AD-8BCD-DEF34C065CA6} - C:\WINDOWS\drnpfdxvsl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: etlrlws - {4ECB354D-BB66-4B7A-AC4D-5A2DACE34E08} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSI_UDAgent] "C:\WINDOWS\system32\udagent.exe" -c
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [eCopy Desktop Printer Service] C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MacLicense] "C:\PROGRA~1\CONVER~1\MacLic.exe"
O4 - HKLM\..\Run: [Workshare3GW] "C:\Program Files\Workshare\Modules\WMConfigAssistant.exe" /userinit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pdfDocs] C:\Program Files\pdfDocs\Resources\pdfDocsMon.exe
O4 - HKLM\..\Run: [antiviirus] "C:\Program Files\antiviirus.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MacName.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)
O15 - Trusted Zone: *.mwe.com
O15 - Trusted Zone: *.westlaw.com
O15 - Trusted Zone: online.wjs.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://childm02.lan.mwe.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1112704985828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minis...d/MSSurVid.cab
O16 - DPF: {BAB7B1B6-1FA2-41A2-A0A2-2CF82ACC3CA8} - http://www.topmoxie.com/external/bui...ro1050_310.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://microsystemsevents.webex.com...br/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\Software\..\Telephony: DomainName = na.lan.mwe.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O20 - AppInit_DLLs:
O21 - SSODL: altvxvm - {810A2B38-F413-4A63-AB08-6F6A7A0E426B} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: WinMon - {d259155b-03f4-455b-a7e5-aa7df9f3f8f9} - C:\WINDOWS\Installer\{d259155b-03f4-455b-a7e5-aa7df9f3f8f9}\WinMon.dll (file missing)
O21 - SSODL: bokpkov - {14759279-4231-4C95-AEBC-4CD691CCEEAF} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: zip - {65cf391a-1441-42d6-b0bf-b682f5919663} - C:\WINDOWS\Installer\{65cf391a-1441-42d6-b0bf-b682f5919663}\zip.dll (file missing)
O21 - SSODL: RomVolume - {0e131af9-4af9-4a7c-be0c-bb5a253c9064} - C:\WINDOWS\Installer\{0e131af9-4af9-4a7c-be0c-bb5a253c9064}\RomVolume.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacFormatService - DataViz Inc. - C:\Program Files\Conversions Plus\FormatM.exe
O23 - Service: MarimbaClient - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12634 bytes
[ + quote]
HP Pavilion HPE, Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 8.00GB, Windows 7 Home Premium, 64Bit, SP1, AMD Radeon HD 6450, Adobe CS 5.5

Dell Dimension P4,2.80GHz,512MB,XPHomeEdition Versions 2002 SP2, NVIDIA GeForce Fx 5200, JLMS DVD-Rom, LITE-ON DVDRW, DVD Shrink, DVD Decryptor, Nero, Sonic, ShowBiz
Advertisement
_ 		__
echoreply
Member
_ 		16. March 2008 @ 11:42 _ Link to this message    Send private message to this user   
hi,

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O4 - HKLM\..\Run: [antiviirus] "C:\Program Files\antiviirus.exe"

navigate to the C:\Program Files\ dir and delete the .exe

next:
Please download Malwarebytes' Anti-Malware to your desktop:

http://www.besttechie.net/tools/mbam-setup.exe

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

post the malwarebytes log and a new hjt log
[ + quote]
http://www.virusvault.us/
baddassb
Member
_ 		19. March 2008 @ 00:01 _ Link to this message    Send private message to this user   
WILL ADD HJT LOG TOMORROW. THANKS AGAIN!! :o)
malwarebytes log:

Malwarebytes' Anti-Malware 1.08
Database version: 499

Scan type: Full Scan (C:\|)
Objects scanned: 123343
Time elapsed: 6 hour(s), 26 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\bokpkov.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\etlrlws.brfg (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\etlrlws.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4ecb354d-bb66-4b7a-ac4d-5a2dace34e08} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87f99ad1-22a9-46ad-8bcd-def34c065ca6} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87f99ad1-22a9-46ad-8bcd-def34c065ca6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3a35d29a-df13-45ed-9f38-a00af13ac412} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5207d7ca-312b-4864-ba2a-197099f9c708} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{03bf5db1-978b-45ad-99c7-cb3b01ef72cb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{64ee2279-0486-4aaf-93dd-f364e6244d01} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9738cd16-ff74-43a9-bccf-4373325d000c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{14759279-4231-4c95-aebc-4cd691cceeaf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5bf5ba79-ee76-4f83-8a3b-cd34ba68aa85} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{810a2b38-f413-4a63-ab08-6f6a7a0e426b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9da24776-fda7-49e1-bfb2-6ec4d3e160da} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.brfg (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4ecb354d-bb66-4b7a-ac4d-5a2dace34e08} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bokpkov (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\altvxvm (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\Installer\{d259155b-03f4-455b-a7e5-aa7df9f3f8f9} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\Installer\{65cf391a-1441-42d6-b0bf-b682f5919663} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\Installer\{0e131af9-4af9-4a7c-be0c-bb5a253c9064} (Trojan.Alphabet) -> No action taken.

Files Infected:
C:\WINDOWS\bokpkov.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\DMcGee\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Desktop\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.



[ + quote]
HP Pavilion HPE, Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 8.00GB, Windows 7 Home Premium, 64Bit, SP1, AMD Radeon HD 6450, Adobe CS 5.5

Dell Dimension P4,2.80GHz,512MB,XPHomeEdition Versions 2002 SP2, NVIDIA GeForce Fx 5200, JLMS DVD-Rom, LITE-ON DVDRW, DVD Shrink, DVD Decryptor, Nero, Sonic, ShowBiz
baddassb
Member
_ 		19. March 2008 @ 18:27 _ Link to this message    Send private message to this user   
Originally posted by baddassb:
 HJT LOG BELOW. THANKS AGAIN!! :o)
malwarebytes log:

Malwarebytes' Anti-Malware 1.08
Database version: 499

Scan type: Full Scan (C:\|)
Objects scanned: 123343
Time elapsed: 6 hour(s), 26 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 17
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\bokpkov.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> No action taken.

Registry Keys Infected:
HKEY_CLASSES_ROOT\etlrlws.brfg (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\etlrlws.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4ecb354d-bb66-4b7a-ac4d-5a2dace34e08} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87f99ad1-22a9-46ad-8bcd-def34c065ca6} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87f99ad1-22a9-46ad-8bcd-def34c065ca6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{3a35d29a-df13-45ed-9f38-a00af13ac412} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{5207d7ca-312b-4864-ba2a-197099f9c708} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{03bf5db1-978b-45ad-99c7-cb3b01ef72cb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{64ee2279-0486-4aaf-93dd-f364e6244d01} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{9738cd16-ff74-43a9-bccf-4373325d000c} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{14759279-4231-4c95-aebc-4cd691cceeaf} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5bf5ba79-ee76-4f83-8a3b-cd34ba68aa85} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{810a2b38-f413-4a63-ab08-6f6a7a0e426b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9da24776-fda7-49e1-bfb2-6ec4d3e160da} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.brfg (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.ToolBar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{4ecb354d-bb66-4b7a-ac4d-5a2dace34e08} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\bokpkov (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\altvxvm (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\Installer\{d259155b-03f4-455b-a7e5-aa7df9f3f8f9} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\Installer\{65cf391a-1441-42d6-b0bf-b682f5919663} (Trojan.Alphabet) -> No action taken.
C:\WINDOWS\Installer\{0e131af9-4af9-4a7c-be0c-bb5a253c9064} (Trojan.Alphabet) -> No action taken.

Files Infected:
C:\WINDOWS\bokpkov.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\DMcGee\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Desktop\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Desktop\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Favorites\Error Cleaner.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Favorites\Privacy Protector.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\DMcGee\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> No action taken.
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:15 PM, on 3/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Conversions Plus\FormatM.exe
C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Notes\ntmulti.exe
C:\PROGRA~1\Marimba\CASTAN~1\lib\jre\bin\java.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\pdfDocs\Resources\pdfDocsMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: RDL Rolex - {87F99AD1-22A9-46AD-8BCD-DEF34C065CA6} - C:\WINDOWS\drnpfdxvsl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: etlrlws - {4ECB354D-BB66-4B7A-AC4D-5A2DACE34E08} - C:\WINDOWS\etlrlws.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSI_UDAgent] "C:\WINDOWS\system32\udagent.exe" -c
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [eCopy Desktop Printer Service] C:\PROGRA~1\eCopy\Desktop\PCLprint\mrmlnc32.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [MacLicense] "C:\PROGRA~1\CONVER~1\MacLic.exe"
O4 - HKLM\..\Run: [Workshare3GW] "C:\Program Files\Workshare\Modules\WMConfigAssistant.exe" /userinit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [pdfDocs] C:\Program Files\pdfDocs\Resources\pdfDocsMon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: MacName.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {B48798CE-A2E0-4918-BC00-0F72FBA708E2} - file://C:\Program Files\Upromise_Remind_U\UpromisesRemindU\UpromisetRemindU\uproC0.htm (file missing) (HKCU)
O15 - Trusted Zone: *.mwe.com
O15 - Trusted Zone: *.westlaw.com
O15 - Trusted Zone: online.wjs.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://childm02.lan.mwe.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5...b?1112704985828
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/j...ows-i586-jc.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://www.homesteadhotels.com/minisite/...nd/MSSurVid.cab
O16 - DPF: {BAB7B1B6-1FA2-41A2-A0A2-2CF82ACC3CA8} - http://www.topmoxie.com/external/builds/upromise/upro1050_310.cab
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://microsystemsevents.webex.com/client/T25L/nbr/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\Software\..\Telephony: DomainName = na.lan.mwe.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.lan.mwe.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = na.lan.mwe.com,lan.mwe.com,eu.lan.mwe.com
O20 - AppInit_DLLs:
O21 - SSODL: altvxvm - {810A2B38-F413-4A63-AB08-6F6A7A0E426B} - C:\WINDOWS\altvxvm.dll
O21 - SSODL: WinMon - {d259155b-03f4-455b-a7e5-aa7df9f3f8f9} - C:\WINDOWS\Installer\{d259155b-03f4-455b-a7e5-aa7df9f3f8f9}\WinMon.dll (file missing)
O21 - SSODL: bokpkov - {14759279-4231-4C95-AEBC-4CD691CCEEAF} - C:\WINDOWS\bokpkov.dll
O21 - SSODL: zip - {65cf391a-1441-42d6-b0bf-b682f5919663} - C:\WINDOWS\Installer\{65cf391a-1441-42d6-b0bf-b682f5919663}\zip.dll (file missing)
O21 - SSODL: RomVolume - {0e131af9-4af9-4a7c-be0c-bb5a253c9064} - C:\WINDOWS\Installer\{0e131af9-4af9-4a7c-be0c-bb5a253c9064}\RomVolume.dll (file missing)
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MacFormatService - DataViz Inc. - C:\Program Files\Conversions Plus\FormatM.exe
O23 - Service: MarimbaClient - Marimba, Inc. - C:\PROGRA~1\Marimba\CASTAN~1\Tuner.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 12464 bytes

[ + quote]
HP Pavilion HPE, Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 8.00GB, Windows 7 Home Premium, 64Bit, SP1, AMD Radeon HD 6450, Adobe CS 5.5

Dell Dimension P4,2.80GHz,512MB,XPHomeEdition Versions 2002 SP2, NVIDIA GeForce Fx 5200, JLMS DVD-Rom, LITE-ON DVDRW, DVD Shrink, DVD Decryptor, Nero, Sonic, ShowBiz
echoreply
Member
_ 		19. March 2008 @ 18:55 _ Link to this message    Send private message to this user   
after you ran malwarebytes did you do this:

* Be sure that everything is checked, and click Remove Selected.

if not, check for updates then rescan and after the scan click on Remove Selected
[ + quote]
http://www.virusvault.us/
baddassb
Member
_ 		19. March 2008 @ 21:54 _ Link to this message    Send private message to this user   
I PERFORMED A QUICK SCAN BECAUSE THE FULL SCAN RAN FOR SIX HOURS, BUT IT DISPLAYED THE EXACT SAME ITEMS INFECTED.

THANK YOU VERY, VERY MUCH.

EVERYTHING IS ACTING NORMAL (NO CONSTANT SPYWARE POPUPS EVERY 30 SECS). TASKMGR WAS DISABLED AND I WAS UNABLE TO USE GPEDIT.MSC TO ENABLE IT, SO I DELETED THE KEY FROM REGISTRY AND IT'S BACK AGAIN.

AGAIN, THANKS!!! :o)
[ + quote]
HP Pavilion HPE, Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz, 8.00GB, Windows 7 Home Premium, 64Bit, SP1, AMD Radeon HD 6450, Adobe CS 5.5

Dell Dimension P4,2.80GHz,512MB,XPHomeEdition Versions 2002 SP2, NVIDIA GeForce Fx 5200, JLMS DVD-Rom, LITE-ON DVDRW, DVD Shrink, DVD Decryptor, Nero, Sonic, ShowBiz
Advertisement
_ 		__
 
_
echoreply
Member
_ 		21. March 2008 @ 21:14 _ Link to this message    Send private message to this user   
ok good and your welcome. rescan and post a new hjt log.

echoreply
[ + quote]
http://www.virusvault.us/
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > hijack log - system acting weird
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork