Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Worm.win32.netsky


  • This topic is locked This topic is locked
8 replies to this topic

#1 rigodon

rigodon

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 19 December 2007 - 01:49 PM

Hi, I think I am stuck with Worm.Win32.Netsky. Probably was a leftover from SpySheriff (which was removed through smitfraudfix). The scans stopped the agressive popups but my explorer is still slow and the home page keeps going back to random adds. If you see anything wrong, I would really appreciate it.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:13 PM, on 12/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PATRICK FORGUES\Application Data\Mozilla\Profiles\default\p1k156l3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BDEX System - {A8565FBC-8D53-4D4F-9BB0-CBC68A22B126} - C:\WINDOWS\blopenvxdt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: The retnsrp - {CC304A4D-FC79-4CD3-9A67-46E3AF59319D} - C:\WINDOWS\retnsrp.dll (file missing)
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172342694716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178716682431
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...810/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O21 - SSODL: leorop - {B4B4231F-B1AE-4685-BDD4-A16D45CD147B} - C:\WINDOWS\leorop.dll (file missing)
O21 - SSODL: nopzet - {F78A466A-2805-4D57-984F-AA6A81F43227} - C:\WINDOWS\nopzet.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Ethernet Service (EthernetService) - Unknown owner - ethernet.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7228 bytes

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 20 December 2007 - 07:44 AM

Hi,

I see you have two Firewalls (Blackice and Sygate) installed and no Antivirus.
More than 1 Firewall installed is a real bad idea, it may cause your system to crash or at least cause a serious system slowdown and connection problems. So I suggest you uninstall one of them.

Also install an Antivirus, because you really need one. How are you supposed to prevent further infections otherwise? By the way, AVG Antispyware is NO Antivirus.

Also, I see you Microsoft Antispyware installed. This one is real outdated, so uninstall it if still present.

Then reboot. Important.

After reboot, * Download SDFix and save it to your Desktop.

* Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Windows Safe Mode, restart your computer and, just before Windows starts to load, tap the F8 key a few times.
Choose Safe Mode from the menu that will appear and press Enter.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 rigodon

rigodon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 20 December 2007 - 07:25 PM

Thanks, reinstalled AVG antivirus and removed a firewall and microsoft antispyware. Hope this helps.

SDFix: Version 1.119

Run by Patrick Forgues on Thu 12/20/2007 at 06:07 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default HomePage Value
Restoring Default Desktop Components Value

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\NVSCV32.EXE - Deleted
C:\WINDOWS\SYSTEM32\TASKMA~1.EXE - Deleted
C:\Documents and Settings\Patrick Forgues\Desktop\Error Cleaner.url - Deleted
C:\Documents and Settings\Patrick Forgues\Favorites\Error Cleaner.url - Deleted
C:\Documents and Settings\Patrick Forgues\Desktop\Privacy Protector.url - Deleted
C:\Documents and Settings\Patrick Forgues\Favorites\Privacy Protector.url - Deleted
C:\Documents and Settings\Patrick Forgues\Desktop\Spyware&Malware Protection.url - Deleted
C:\Documents and Settings\Patrick Forgues\Favorites\Spyware&Malware Protection.url - Deleted
C:\WINDOWS\privacy_danger\index.htm - Deleted
C:\WINDOWS\privacy_danger\images\capt.gif - Deleted
C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted
C:\WINDOWS\privacy_danger\images\down.gif - Deleted
C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\PATRIC~1\LOCALS~1\Temp\ac8zt2.dat - Deleted
C:\u.exe - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\xpupdate.exe - Deleted



Folder C:\WINDOWS\privacy_danger - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 18:25:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 24 Dec 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 7 Oct 2005 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Fri 7 Oct 2005 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Sat 11 Mar 2006 31,232 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\~WRL0004.tmp"
Sun 12 Mar 2006 33,280 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\~WRL0874.tmp"
Mon 8 May 2006 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti11.tmp"
Thu 20 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Patrick Forgues\Local Settings\Temp\BIT24.tmp"
Thu 20 Dec 2007 0 A..H. --- "C:\Documents and Settings\Patrick Forgues\Local Settings\Temp\BIT27A.tmp"
Thu 20 Dec 2007 322,681 A..H. --- "C:\Documents and Settings\Patrick Forgues\Local Settings\Temp\BIT3C7.tmp"
Thu 20 Dec 2007 322,681 A..H. --- "C:\Documents and Settings\Patrick Forgues\Local Settings\Temp\BIT3CA.tmp"
Thu 20 Dec 2007 331,481 A..H. --- "C:\Documents and Settings\Patrick Forgues\Local Settings\Temp\BIT3EC.tmp"
Thu 20 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Patrick Forgues\Local Settings\Temp\BIT8.tmp"
Thu 20 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Patrick Forgues\Local Settings\Temp\BITC2.tmp"
Thu 15 May 2003 43,008 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sun 5 Feb 2006 126,976 ...H. --- "C:\Documents and Settings\Patrick Forgues\Application Data\Microsoft\Word\~WRL0317.tmp"
Sun 12 Mar 2006 34,816 ...H. --- "C:\Documents and Settings\Patrick Forgues\Application Data\Microsoft\Word\~WRL0384.tmp"
Sun 5 Feb 2006 126,464 ...H. --- "C:\Documents and Settings\Patrick Forgues\Application Data\Microsoft\Word\~WRL0745.tmp"
Wed 13 Apr 2005 494,080 ...H. --- "C:\Documents and Settings\Patrick Forgues\Application Data\Microsoft\Word\~WRL1075.tmp"
Sun 12 Mar 2006 39,424 ...H. --- "C:\Documents and Settings\Patrick Forgues\Application Data\Microsoft\Word\~WRL3043.tmp"
Wed 13 Apr 2005 493,568 ...H. --- "C:\Documents and Settings\Patrick Forgues\Application Data\Microsoft\Word\~WRL3630.tmp"
Sun 5 Feb 2006 126,464 ...H. --- "C:\Documents and Settings\Patrick Forgues\Application Data\Microsoft\Word\~WRL3826.tmp"
Wed 14 Nov 2007 3,869,184 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0002.tmp"
Wed 14 Nov 2007 3,869,696 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0004.tmp"
Wed 14 Nov 2007 3,871,232 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0110.tmp"
Thu 15 Nov 2007 5,345,792 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0165.tmp"
Wed 14 Nov 2007 3,872,256 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0369.tmp"
Wed 14 Nov 2007 3,872,768 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0424.tmp"
Thu 15 Nov 2007 5,042,176 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0597.tmp"
Thu 15 Nov 2007 5,042,176 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0655.tmp"
Wed 14 Nov 2007 3,869,184 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0819.tmp"
Thu 15 Nov 2007 5,042,176 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL0960.tmp"
Thu 15 Nov 2007 5,345,792 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1252.tmp"
Wed 14 Nov 2007 3,881,984 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1301.tmp"
Wed 14 Nov 2007 3,869,696 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1405.tmp"
Wed 14 Nov 2007 3,873,792 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1467.tmp"
Thu 15 Nov 2007 3,882,496 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1541.tmp"
Thu 15 Nov 2007 3,885,568 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1579.tmp"
Wed 14 Nov 2007 3,881,984 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1623.tmp"
Thu 15 Nov 2007 5,346,816 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1771.tmp"
Thu 15 Nov 2007 3,882,496 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1826.tmp"
Thu 15 Nov 2007 5,345,792 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL1849.tmp"
Wed 14 Nov 2007 3,883,008 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL2030.tmp"
Thu 15 Nov 2007 5,041,664 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL2503.tmp"
Thu 15 Nov 2007 3,883,520 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL2553.tmp"
Thu 15 Nov 2007 5,347,840 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL2560.tmp"
Wed 14 Nov 2007 3,873,280 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL2861.tmp"
Thu 15 Nov 2007 3,883,520 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL2915.tmp"
Wed 14 Nov 2007 3,872,256 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL2957.tmp"
Thu 15 Nov 2007 5,041,664 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3210.tmp"
Thu 15 Nov 2007 3,884,544 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3219.tmp"
Thu 15 Nov 2007 5,041,664 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3270.tmp"
Wed 14 Nov 2007 3,869,184 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3324.tmp"
Thu 15 Nov 2007 3,882,496 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3445.tmp"
Wed 14 Nov 2007 3,870,208 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3484.tmp"
Wed 14 Nov 2007 3,872,256 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3753.tmp"
Thu 15 Nov 2007 3,881,984 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\~WRL3831.tmp"
Mon 26 Nov 2007 31,744 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL0005.tmp"
Mon 26 Nov 2007 22,016 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL0161.tmp"
Mon 26 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL0220.tmp"
Mon 26 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL0395.tmp"
Tue 27 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL0501.tmp"
Tue 27 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL0844.tmp"
Mon 26 Nov 2007 21,504 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL1054.tmp"
Mon 26 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL1185.tmp"
Mon 26 Nov 2007 23,040 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL1434.tmp"
Tue 27 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL1460.tmp"
Mon 26 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2019.tmp"
Tue 27 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2063.tmp"
Tue 27 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2208.tmp"
Tue 27 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2444.tmp"
Mon 26 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2499.tmp"
Tue 27 Nov 2007 37,888 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2560.tmp"
Mon 26 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2707.tmp"
Tue 27 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2847.tmp"
Tue 27 Nov 2007 25,600 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2903.tmp"
Tue 27 Nov 2007 41,984 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL2979.tmp"
Tue 27 Nov 2007 24,064 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3043.tmp"
Mon 26 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3142.tmp"
Mon 26 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3326.tmp"
Mon 26 Nov 2007 23,552 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3359.tmp"
Tue 27 Nov 2007 27,136 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3391.tmp"
Tue 27 Nov 2007 26,624 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3406.tmp"
Tue 27 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3441.tmp"
Tue 27 Nov 2007 19,456 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3684.tmp"
Mon 26 Nov 2007 24,576 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3943.tmp"
Tue 27 Nov 2007 37,888 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL3979.tmp"
Mon 26 Nov 2007 22,528 ...H. --- "C:\Documents and Settings\Patrick Forgues\My Documents\poly-2007\ethique\equi\~WRL4045.tmp"
Fri 27 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Fri 27 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Fri 27 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Fri 27 May 2005 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"

Finished!






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:42 PM, on 12/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.5.0\bin\jucheck.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PATRICK FORGUES\Application Data\Mozilla\Profiles\default\p1k156l3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172342694716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178716682431
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...810/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Ethernet Service (EthernetService) - Unknown owner - ethernet.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe

--
End of file - 7299 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 21 December 2007 - 02:04 AM

Hi,

Please uninstall AdwareRemover2007 via software > add/remove programs if present.
Then reboot.

After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

O4 - HKCU\..\Run: [AdwareRemover2007] C:\Program Files\AdwareRemover2007\AdwareRemover2007.exe
O23 - Service: Ethernet Service (EthernetService) - Unknown owner - ethernet.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Then, go to start > run and copy and paste next command in the field:

sc delete EthernetService

Hit enter

Navigate to and delete next folders:

C:\Program Files\AdwareRemover2007
C:\SDFix

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 3.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 3".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation, Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    • Java 2 Runtime Environment, SE v1.4.2
    • J2SE Runtime Environment 5.0
    • J2SE Runtime Environment 5.0 Update 6
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u3-windows-i586-p.exe to install the newest version.
Post a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 rigodon

rigodon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 21 December 2007 - 02:56 AM

Hope I did everything right (adware remover kept reinstalling itself on reboots, it doesn't anymore) and deleted the files (only found 1 outdated java).

Thanks again


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:53:26 AM, on 12/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\PATRICK FORGUES\Application Data\Mozilla\Profiles\default\p1k156l3.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1172342694716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178716682431
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...810/mcfscan.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\RapApp.exe

--
End of file - 7039 bytes

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 21 December 2007 - 03:08 AM

Hi,

This looks OK again.

How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 rigodon

rigodon
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:29 PM

Posted 21 December 2007 - 12:26 PM

Hi, everything seems perfect now. I left the computer open for a couple hours and there were no popups.

Huuuuuge thanks for all of this.

Have a merry Christmas!!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 21 December 2007 - 12:40 PM

Glad I could help. :blink:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again and a Merry Christmas as well :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:29 AM

Posted 01 January 2008 - 06:25 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users