Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Tryign To Remove Onsafepro.com And Softworldnetwork.com


  • Please log in to reply
2 replies to this topic

#1 Nazbrat

Nazbrat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 19 February 2008 - 11:36 PM

this is my first time posting here for help. My firewall keeps alerting me about svchost or some other program trying to connect to onsafepro.com How do i get rid of it? below is combofix log HJT will follow

ComboFix 08-02-20.2 - david 2008-02-19 20:11:01.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.999 [GMT -8:00]
Running from: C:\Documents and Settings\david\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://onsafepro.com
hxxp://softworldnetwork.com
.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 20:04 . 2008-02-19 20:04 <DIR> d-------- C:\SmitfraudFix
2008-02-19 19:54 . 2008-02-19 19:54 <DIR> d-------- C:\Deckard
2008-02-18 21:41 . 2008-02-19 13:42 <DIR> d-------- C:\Documents and Settings\david\Application Data\skypePM
2008-02-18 21:41 . 2008-02-18 21:41 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-18 21:38 . 2008-02-19 16:25 <DIR> d-------- C:\Documents and Settings\david\Application Data\Skype
2008-02-18 21:37 . 2008-02-18 21:37 <DIR> d-------- C:\Program Files\Skype
2008-02-18 21:37 . 2008-02-18 21:37 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-18 21:36 . 2008-02-18 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-15 14:54 . 2008-02-15 14:54 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-02-15 14:54 . 2008-02-15 14:54 <DIR> d-------- C:\Documents and Settings\david\Application Data\SystemRequirementsLab
2008-02-11 13:48 . 1999-05-19 00:19 33,792 --a------ C:\WINDOWS\system32\NPSExec.exe
2008-02-10 18:28 . 2008-02-11 13:48 298 --a------ C:\WINDOWS\EReg072.dat
2008-02-10 18:24 . 2008-02-10 18:24 <DIR> d-------- C:\Program Files\Electronic Arts
2008-02-02 17:58 . 2008-02-02 17:58 <DIR> d-------- C:\Program Files\Unity
2008-01-31 09:52 . 2008-01-31 09:52 <DIR> d-------- C:\Program Files\Uniblue
2008-01-31 09:26 . 2008-01-31 09:26 <DIR> d-------- C:\Documents and Settings\david\Application Data\Uniblue
2008-01-31 08:43 . 2008-01-31 09:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-31 08:43 . 2008-01-31 08:45 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-31 08:18 . 2007-09-05 22:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-31 08:18 . 2006-04-27 15:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-31 08:18 . 2008-01-27 14:37 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-31 08:18 . 2003-06-05 19:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-31 08:18 . 2004-07-31 16:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-31 08:18 . 2007-10-03 22:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-30 10:26 . 2008-02-17 17:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-30 10:26 . 2008-01-30 10:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-25 17:31 . 2008-01-25 17:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-25 14:49 . 2008-01-25 14:49 <DIR> d-------- C:\Documents and Settings\david\Application Data\Metacafe
2008-01-25 07:26 . 2008-01-25 07:27 1,129,580 --a------ C:\SmitfraudFix.exe
2008-01-22 18:34 . 2008-01-22 18:34 499,200 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.scr
2008-01-22 18:34 . 2008-01-22 18:34 204,715 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.sx4
2008-01-22 18:34 . 2008-01-22 18:34 152,240 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.sx3
2008-01-22 18:34 . 2008-01-22 18:34 148,351 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.sx1
2008-01-22 18:34 . 2008-01-22 18:34 136,138 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.sx6
2008-01-22 18:34 . 2008-01-22 18:34 133,320 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.sx2
2008-01-22 18:34 . 2008-01-22 18:34 121,878 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.sx7
2008-01-22 18:34 . 2008-01-22 18:34 118,661 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.sx5
2008-01-22 18:34 . 2008-01-22 18:34 29,184 --a------ C:\WINDOWS\system32\sstunst2.exe
2008-01-22 18:34 . 2008-01-22 18:34 13,533 --a------ C:\WINDOWS\system32\HPC Introduction of Characters.msf
2008-01-22 11:32 . 2008-01-22 09:55 196,608 --a------ C:\WINDOWS\aswmklt.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 02:16 --------- d-----w C:\Documents and Settings\dad\Application Data\Metacafe
2008-02-18 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Metacafe
2008-02-06 21:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-06 21:20 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-02-05 18:02 --------- d-----w C:\Program Files\America's Army
2008-01-31 17:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-29 19:57 --------- d-----w C:\Documents and Settings\david\Application Data\Xfire
2008-01-28 13:49 --------- d-s---w C:\Program Files\Xfire
2008-01-24 17:36 --------- d-----w C:\Documents and Settings\david\Application Data\teamspeak2
2008-01-23 02:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-01-19 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-19 15:36 --------- d-----w C:\Program Files\GameSpy Arcade
2008-01-19 15:35 --------- d-----w C:\Program Files\EA GAMES
2008-01-18 00:19 --------- d-----w C:\Documents and Settings\david\Application Data\MusicIP
2008-01-16 22:37 54,608 ----a-w C:\WINDOWS\system32\xfcodec.dll
2008-01-13 01:15 --------- d-----w C:\Documents and Settings\dad\Application Data\DivX
2008-01-13 01:14 --------- d-----w C:\Program Files\Metacafe
2007-12-26 03:31 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-26 03:31 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-25 22:48 --------- d-----w C:\Program Files\MusicIP
2007-12-21 08:04 --------- d-----w C:\Program Files\ATITool
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-02-04 19:01 32 ----a-r C:\Documents and Settings\chris and sean\hash.dat
2004-07-22 18:51 3,432,656 ----a-w C:\Program Files\ManagedDX.CAB
2004-07-20 06:58 1,156,363 ----a-w C:\Program Files\BDANT.cab
2004-07-20 06:53 976,020 ----a-w C:\Program Files\BDAXP.cab
2004-07-09 22:17 13,265,040 ----a-w C:\Program Files\dxnt.cab
2004-07-09 17:13 703,080 ----a-w C:\Program Files\BDA.cab
2004-07-09 17:13 15,493,481 ----a-w C:\Program Files\DirectX.cab
2004-07-09 12:08 472,576 ----a-w C:\Program Files\dxsetup.exe
2004-07-09 12:08 2,242,560 ----a-w C:\Program Files\dsetup32.dll
2004-07-09 11:03 62,976 ----a-w C:\Program Files\DSETUP.dll
2001-08-23 12:00 94,784 --sh--w C:\WINDOWS\twain.dll
2004-08-04 07:56 50,688 --sh--w C:\WINDOWS\twain_32.dll
2004-08-04 07:56 11,776 --sha-w C:\WINDOWS\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 02:48 157592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52 339968]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 09:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 00:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 17:06 45056]
"HPHmon04"="C:\WINDOWS\System32\hphmon04.exe" [2002-11-22 11:48 348160]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 11:35 90112]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-06-30 16:56 2376928]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"CTHelper"="CTHELPER.EXE" [2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 13:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SchedulingAgent"="mstask.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.exe" [2006-08-11 13:42 25600 C:\WINDOWS\MIDIDEF.EXE]

C:\Documents and Settings\dad\Start Menu\Programs\Startup\
Metacafe.lnk - C:\Program Files\Metacafe\MetacafeAgent.exe [2007-09-04 07:04:34 149256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"aswmklt"= {CC1077AC-D2F5-453F-8F20-F8720A3780F8} - C:\WINDOWS\aswmklt.dll [2008-01-22 09:55 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 14:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^david^Start Menu^Programs^Startup^Screen Saver Control.lnk]
backup=C:\WINDOWS\pss\Screen Saver Control.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^david^Start Menu^Programs^Startup^V CAST Music Monitor.lnk]
backup=C:\WINDOWS\pss\V CAST Music Monitor.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 16:41 45056 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-06-28 08:14 270648 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-08-03 23:56 1667584 C:\Program Files\Messenger\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-04-27 08:41 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SchedulingAgent]
--a------ 2004-08-03 23:56 12288 C:\WINDOWS\system32\mstinit.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 13:03 36975 C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Bonjour Service"=2 (0x2)

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-09-17 10:53]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 10:55]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 21:59]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 20:38:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-20 03:26:53 C:\WINDOWS\Tasks\HP Usg Login.job"
- C:\Program Files\hp photosmart 11\printer\Hphusg04.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-19 20:17:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-19 20:21:17
ComboFix-quarantined-files.txt 2008-02-20 04:20:57
ComboFix2.txt 2008-02-01 19:45:34

BC AdBot (Login to Remove)

 


#2 Nazbrat

Nazbrat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 19 February 2008 - 11:38 PM

HiJackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:37:31 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O21 - SSODL: aswmklt - {CC1077AC-D2F5-453F-8F20-F8720A3780F8} - C:\WINDOWS\aswmklt.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 4787 bytes

#3 Simon V.

Simon V.

  • Members
  • 439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 PM

Posted 06 March 2008 - 06:01 AM

Hello, and welcome to the forum :thumbsup:

I'm sorry for the delay, the forums are very busy. If you still need help, please post a new HijackThis log and give a description of how your computer is currently running.
Simon V.

Posted Image
Posted Image

So How Did I Get Infected In The First Place?
Stand Up and Be Counted!

My help at this forum is free, but if you wish to make a donation to help me continue the fight against malware - click here.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users