Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Information On My Hijackthis Log


  • This topic is locked This topic is locked
4 replies to this topic

#1 Hack-Knight

Hack-Knight

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 06 September 2007 - 11:10 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:48:17 PM, on 9/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Kirk's PC\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zone.com/asp/aoe2redir.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [DC6_check] "C:\Program Files\Common Files\dc6_startupmon.exe"
O4 - HKLM\..\Run: [ERS_check] "C:\Program Files\Common Files\ers_startupmon.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: msmhost - {36469A3E-C230-4F33-900A-EBF28B81C4E8} - C:\WINDOWS\msmhost.dll
O21 - SSODL: msmdev - {AC17DA8F-A1D5-436B-A805-F0F4F72FD98C} - C:\WINDOWS\msmdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:43 AM

Posted 07 September 2007 - 02:04 AM

Hi,

* Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Hack-Knight

Hack-Knight
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:43 PM

Posted 07 September 2007 - 12:57 PM

Ok here is the report for SDfix:



SDFix: Version 1.102

Run by Administrator on Fri 09/07/2007 at 12:16 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\Program Files\VideoAccessCodec\install.ico - Deleted
C:\Program Files\VideoAccessCodec\Uninstall.exe - Deleted
C:\Program Files\VideoAccessCodec\VideoAccessCodec.ocx - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe - Deleted
C:\WINDOWS\main_uninstaller.exe - Deleted
C:\WINDOWS\msmdev.dll - Deleted
C:\WINDOWS\msmhost.dll - Deleted
C:\WINDOWS\rs.txt - Deleted


Folder C:\Program Files\VideoAccessCodec - Removed
Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YPAGER.EXE:*:Enabled:Yahoo! Messenger"
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"="C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe:*:Enabled:Yahoo! FT Server"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"="C:\\WINDOWS\\system32\\usmt\\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard"
"C:\\iPAQ\\WCESCOMM.EXE"="C:\\iPAQ\\WCESCOMM.EXE:*:Enabled:Connection Manager"
"C:\\iPAQ\\WCESMGR.EXE"="C:\\iPAQ\\WCESMGR.EXE:*:Enabled:ActiveSync Application"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\\DXSDK\\samples\\Multimedia\\Demos\\bin\\DuelVoice.exe"="C:\\DXSDK\\samples\\Multimedia\\Demos\\bin\\DuelVoice.exe:*:Enabled:DirectPlay Sample Application: Duel"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\DXSDK\\samples\\Multimedia\\Demos\\bin\\Duel.exe"="C:\\DXSDK\\samples\\Multimedia\\Demos\\bin\\Duel.exe:*:Enabled:DirectPlay Sample Application: Duel"
"C:\\Sierra\\Counter-Strike\\cstrike.exe"="C:\\Sierra\\Counter-Strike\\cstrike.exe:*:Enabled:CounterStrike Launcher"
"C:\\Program Files\\Valve\\Steam\\Steam.exe"="C:\\Program Files\\Valve\\Steam\\Steam.exe:*:Enabled:Steam"
"C:\\NeverwinterNights\\NWN\\nwmain.exe"="C:\\NeverwinterNights\\NWN\\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\demonwise\\team fortress classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\demonwise\\team fortress classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\demonwise\\half-life\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\demonwise\\half-life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe"="C:\\Program Files\\WinAntiVirus Pro 2006\\Updater.exe:*:Enabled:updater.exe"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe"="C:\\Program Files\\Cisco Systems\\Clean Access Agent\\CCAAgent.exe:*:Enabled:Clean Access Agent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:ęTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\Kirk's PC\Desktop\khvictoryman.com\Thumbs.db
C:\Documents and Settings\Kirk's PC\Desktop\khvictoryman.com\Background Images\Thumbs.db
C:\Documents and Settings\Kirk's PC\Desktop\khvictoryman.com\Beyond TV_files\Thumbs.db
C:\Documents and Settings\Kirk's PC\Desktop\khvictoryman.com\MSWord Frames and Content\M1_files\Thumbs.db
C:\Documents and Settings\Kirk's PC\Desktop\khvictoryman.com\MSWord Frames and Content\M2_files\Thumbs.db
C:\Documents and Settings\Kirk's PC\Desktop\khvictoryman.com\MSWord Frames and Content\M_files\Thumbs.db
C:\Documents and Settings\Kirk's PC\NetHood\ftp.ti.com\Desktop.ini
C:\Program Files\shockwave.com\AlienX\system0xs01.dll
C:\WINDOWS\MD 2\My Music\Favorites\MSN.com.url
C:\Program Files\shockwave.com\AlienX\system0xs01.dll
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Advanced .NET Framework (Localization) - Work with Resource Files\bin\es\How-To Work with Resource Files.resources.dll
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Advanced .NET Framework (Localization) - Work with Resource Files\bin\fr\How-To Work with Resource Files.resources.dll
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Advanced .NET Framework (Localization) - Work with Resource Files\bin\it\How-To Work with Resource Files.resources.dll
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Advanced .NET Framework (Localization) - Work with Resource Files\bin\it-IT\How-To Work with Resource Files.resources.dll
C:\WINDOWS\MD 2\My Games\Cxbx-0.7.8c\Cxbx-0.7.8c\Cxbx.dll
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\MD 2\My Games\project64_1.6.exe
C:\WINDOWS\MD 2\My Games\Cxbx-0.7.8c\Cxbx-0.7.8c\Cxbx.exe
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT1.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT10.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT11.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT12.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT13.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT14.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT15.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT16.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT17.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT18.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT19.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT1A.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT1B.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT1C.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT1D.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT1E.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT1F.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT2.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT20.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT21.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT22.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT23.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT24.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT25.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT26.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT27.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT28.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT29.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT2A.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT2B.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT2C.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT2D.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT2E.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT2F.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT3.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT30.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT31.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT32.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT33.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT34.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT35.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT36.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT37.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT38.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT39.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT3A.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT3B.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT3C.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT3D.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT3E.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT3F.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT4.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT40.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT41.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT42.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT43.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT44.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT5.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT6.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT7.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT8.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BIT9.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITA.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITB.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITC.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITC3.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITC4.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITC6.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITD.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITE.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\BITF.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\OffBC.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\~79B.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\~7A1.tmp
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\~9E.tmp
C:\Program Files\InterActual\InterActual Player\itiB4.tmp
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Framework - Comparison of DataBinding in Web and Windows Forms\Web App\Setup.vbs
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Framework - How-To Send and Receive Data\Setup.vbs
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Web Development - Data Entry Form\Setup.vbs
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Web Development - Exposing a Simple Web Service\Web Sites\SetupWebs.vbs
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Web Development - Master-Details Web Form\Setup.vbs
C:\WINDOWS\MD 2\MSDN\101 VB.NET Samples\Web Development - Paging through Query Results\Setup.vbs
C:\Documents and Settings\Kirk's PC\Local Settings\Temp\Temporary Directory 1 for nudearibeth.zip\Thumbs.db
C:\WINDOWS\MD 2\My Games\Cxbx-0.7.8c.zip

Finished



Ok here is the NEW Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:39 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
F:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.zone.com/asp/aoe2redir.asp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [RemoveCpl] RemoveCpl.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://qus8l.hpwis.com
O16 - DPF: Microsoft WFC Forms Designer - file://E:\VJ98\wfcforms.cab
O16 - DPF: Visual Studio 6 Extensibility Libraries - file://E:\VJ98\vstudio6.cab
O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7669 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:43 AM

Posted 07 September 2007 - 01:06 PM

Hi,

First of all, * Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab
Select "Privacy Protection" you find in there and press the delete button on the right.
Hit ok below > apply in previous window.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
O22 - SharedTaskScheduler: hemadynamometer - {6076d2b1-634c-4685-843b-f826045ea5dc} - (no file)
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
<== this entry should already be gone. If not, then it means that you forgot my previous instruction

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next folder:

C:\SDFix

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click "Delete".
  • Click "Delete Files", "Delete cookies" and "Delete history"
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Post a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:43 AM

Posted 17 September 2007 - 08:29 AM

Due to the lack of feedback, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users