Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Warning! Spywre detected on your computer!


  • This topic is locked This topic is locked
7 replies to this topic

#1 jmad

jmad

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 01 January 2009 - 10:09 PM

Hi,

I've used this forum before and once again I'm back seeking your help. Despite my efforts to steer clear of malicious software I've had something on my computer that keeps coming back and has resisted my attempts to clean it off. It's a Desktop that claims that I have spyware on my computer and their is either a bright blue or white background with a rectangular message "Warning! Spyware detected on your computer!". Nothing seems to be working poorly but I am concerned that it may leave me vulnerable to other malicious software. I have attached the DDS log file. Thanks for your help.




DDS (Version 1.1.0) - FAT32x86
Run by dittman at 22:37:36.93 on Thu 01/01/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.256.4 [GMT -5:00]


============== Running Processes ===============

C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINNT\system32\UMonit2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Iomega\Tools\IMGICON.EXE
C:\Program Files\MacOpener\MacName.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dittman.KAPLANRIG2\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://home.netscape.com/home/winsearch200.html
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\winnt\downloaded program files\googletoolbar1.dll
BHO: BrowserHelper Class: {ebcdda60-2a68-11d3-8a43-0060083cfb9c} - c:\winnt\system32\nzdd.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\winnt\downloaded program files\googletoolbar1.dll
uRun: [DbSys] c:\winnt\system32\wjytsfmr.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\program files\mozilla firefox\plugins\NPSWF32_FlashUtil.exe -p
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [MacLicense] "c:\program files\macopener\MacLic.exe"
mRun: [Adaptec DirectCD] c:\progra~1\hpcd-w~1\directcd\directcd.exe
mRun: [HP CD-Writer] c:\program files\hp cd-writer\mmenu\hpcdtray.exe
mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE
mRun: [PopUpKiller] c:\program files\popup killer\popupkiller.EXE
mRun: [vptray] c:\program files\navnt\vptray.exe
mRun: [projselector] "c:\program files\common files\roxio shared\project selector\projselector.exe" -r
mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe"
mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe"
mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe
mRun: [Gene USB Monitor] c:\winnt\system32\UMonit2k.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
mExplorerRun: [AgYX2NcYL5] c:\documents and settings\dittman.kaplanrig2\desktop\AdobeFlashPlayerExt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~1.lnk - c:\program files\iomega\iomega backup\dtiom98.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~2.lnk - c:\program files\iomega\tools\IMGICON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\iomega~3.lnk - c:\program files\iomega\tools\IMGSTART.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\macname.lnk - c:\program files\macopener\MacName.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\realdo~1.lnk - c:\program files\real\realdownload\Realdownload.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\symant~1.lnk - c:\program files\microsoft office\office\1033\OLFSNT40.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monitor.lnk - c:\program files\sandisk\sandisk transfermate\SD Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodaks~1.lnk - c:\program files\kodak\kodak software updater\7288971\program\Kodak Software Updater.exe
uPolicies-system: NoDispBackgroundPage = 1 (0x1)
uPolicies-system: NoDispScrSavPage = 1 (0x1)
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Name-Space Handler: ftp\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\winnt\system32\nzdd.dll
Name-Space Handler: http\RealDownload - {EBCDDA5E-2A68-11D3-8A43-0060083CFB9C} - c:\winnt\system32\nzdd.dll
Notify: NavLogon - c:\winnt\system32\NavLogon.dll
SSODL: AppChk - {09C632BA-6897-0531-6A4D-04524EC3385E} - c:\program files\ivjggoe\AppChk.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dittma~1.kap\applic~1\mozilla\firefox\profiles\b6k5dznw.default\
FF - component: c:\documents and settings\dittman.kaplanrig2\application data\mozilla\firefox\profiles\b6k5dznw.default\extensions\kodak-companion@mozilla.com\platform\winnt_x86-msvc\components\mozFotofox.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll

============= SERVICES / DRIVERS ===============


============== File Associations ===============

txtfile=c:\winnt\NOTEPAD.EXE

=============== Created Last 30 ================

2009-01-01 22:37 16,384 a------- c:\winnt\system32\Perflib_Perfdata_31c.dat
2009-01-01 14:13 <DIR> --d----- c:\documents and settings\dittman.kaplanrig2\DoctorWeb
2009-01-01 13:46 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-31 16:25 <DIR> --d----- c:\winnt\winsxs
2008-12-31 16:25 <DIR> --d----- c:\winnt\PCHEALTH

==================== Find3M ====================

2008-10-17 12:41 310,032 a------- c:\winnt\system32\dllcache\NETAPI32.DLL
2008-10-16 14:13 1,809,944 a------- c:\winnt\system32\dllcache\wuaueng.dll
2008-10-16 14:09 92,696 a------- c:\winnt\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\winnt\system32\dllcache\wuauclt.exe
2007-04-01 16:54 13,951,112 a------- c:\program files\MPSetup.exe
2007-04-01 08:44 21,011,000 a------- c:\program files\Bookworm_Adventure-setup.exe
2003-12-08 13:22 1,760,378 a------- c:\program files\aaw6.exe
2001-07-12 11:17 14,658,960 a------- c:\program files\winstar.zip
2001-07-09 06:50 404 a------- c:\program files\STAMP.BIN
2001-05-31 13:25 13,550,274 a------- c:\program files\data1.cab
2000-06-16 10:08 389 a------- c:\program files\layout.bin
2000-06-16 10:08 49 a------- c:\program files\setup.lid
2000-06-16 10:07 411,287 a------- c:\program files\_sys1.cab
2000-06-16 10:07 108,650 a------- c:\program files\_user1.cab
2000-06-16 10:07 87 a------- c:\program files\DATA.TAG
2000-06-16 10:07 67 a------- c:\program files\SETUP.INI
2000-05-25 21:43 57,883,342 a------- c:\program files\worm.mov
2000-05-08 07:03 71,993 a------- c:\program files\setup.ins
2000-03-29 09:42 21,952 ----h--- c:\program files\folder.htt
2000-03-29 09:42 271 ----h--- c:\program files\desktop.ini
1999-12-07 12:00 32,528 a------- c:\winnt\inf\wbfirdma.sys
1998-12-08 18:53 186,368 a------- c:\program files\common files\IRAREG.DLL
1998-12-08 18:53 99,840 a------- c:\program files\common files\IRAABOUT.DLL
1998-12-08 18:53 70,144 a------- c:\program files\common files\IRAMDMTR.DLL
1998-12-08 18:53 48,640 a------- c:\program files\common files\IRALPTTR.DLL
1998-12-08 18:53 31,744 a------- c:\program files\common files\IRAWEBTR.DLL
1998-12-08 18:53 17,920 a------- c:\program files\common files\IRASRIAL.DLL
1997-11-20 23:56 40 a------- c:\program files\path.txt
1997-11-20 12:28 8 a------- c:\program files\Apps.lst
1997-08-29 13:32 281,077 a------- c:\program files\_INST16.EX_
1997-08-29 13:19 320,127 a------- c:\program files\_INST32I.EX_
1997-08-26 11:02 59,904 a------- c:\program files\SETUP.EXE
1997-08-26 11:02 8,192 a------- c:\program files\_ISDEL.EXE
1997-08-26 11:01 11,264 a------- c:\program files\_SETUP.DLL
1997-05-30 10:31 4,557 a------- c:\program files\lang.dat
1997-05-06 13:15 417 a------- c:\program files\os.dat
2003-03-17 15:05 946,960 ---shr-- c:\winnt\system32\dllcache\msjava.dll

============= FINISH: 22:39:12.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jmad

jmad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 03 January 2009 - 11:45 AM

So after reading several other postings and trying several other Malware/Spyware removal programs Malwarebyte Anti-Malware came through and found many things that others hadn't and took care of the problem. No more HiJacked Wallpaper. Hopefully it won't come back. Something that I didn't mention in my last posting is whatever problem I was having wouldn't allow me to access my Wallpaper options and even more problematic it wouldn't allow me to boot in safe mode.

Thanks

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:21 PM

Posted 13 January 2009 - 12:26 PM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Let's download HijackThis:

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Posted Image

#4 jmad

jmad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 16 January 2009 - 12:48 AM

I tried a HiJackThis scan but it won't save a log.

#5 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:21 PM

Posted 16 January 2009 - 07:25 AM

Log may be here:
C:\Program Files\Trend Micro\HijackThis

If you can't find:
Run HijackThis. Click "Do system scan only".
After scanning, click "Save log" :thumbsup:

Edited by Baabiouz, 16 January 2009 - 07:25 AM.

Posted Image

#6 jmad

jmad
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 16 January 2009 - 07:42 AM

Scanned and saved the log. Thanks for your help. The problems still haven't come back. I am curious if there are any remnants.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:49:40 AM, on 1/16/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\MacOpener\FORMATM.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\PopUp Killer\popupkiller.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINNT\system32\UMonit2k.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Cobian Backup 9\Cobian.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Iomega\Tools\IMGICON.EXE
C:\Program Files\MacOpener\MacName.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Cobian Backup 9\cbInterface.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar1.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINNT\System32\nzdd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [MacLicense] "C:\Program Files\MacOpener\MacLic.exe"
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\HPCD-W~1\DirectCD\directcd.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PopUpKiller] C:\Program Files\PopUp Killer\popupkiller.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2k.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Cobian Backup 9] "C:\Program Files\Cobian Backup 9\Cobian.exe"
O4 - HKCU\..\Run: [DbSys] C:\WINNT\system32\wjytsfmr.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [AgYX2NcYL5] C:\Documents and Settings\dittman.KAPLANRIG2\Desktop\AdobeFlashPlayerExt.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Program Files\Iomega\Iomega Backup\dtiom98.exe
O4 - Global Startup: Iomega Icons.lnk = C:\Program Files\Iomega\Tools\IMGICON.EXE
O4 - Global Startup: Iomega Startup Options.lnk = C:\Program Files\Iomega\Tools\IMGSTART.EXE
O4 - Global Startup: MacName.lnk = C:\Program Files\MacOpener\MacName.exe
O4 - Global Startup: RealDownload.lnk = C:\Program Files\Real\RealDownload\Realdownload.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mgh.harvard.edu
O17 - HKLM\System\CCS\Services\Tcpip\..\{2489AC97-685E-4962-B491-819665AC61A7}: Domain = mgh.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mgh.harvard.edu
O17 - HKLM\System\CS1\Services\Tcpip\..\{2489AC97-685E-4962-B491-819665AC61A7}: Domain = mgh.harvard.edu
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mgh.harvard.edu
O17 - HKLM\System\CS2\Services\Tcpip\..\{2489AC97-685E-4962-B491-819665AC61A7}: Domain = mgh.harvard.edu
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: MacFormatService - DataViz Inc. - C:\Program Files\MacOpener\FORMATM.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINNT\System32\ZipToA.exe

--
End of file - 8042 bytes

#7 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:21 PM

Posted 16 January 2009 - 08:08 AM

Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below:

O4 - HKCU\..\Run: [DbSys] C:\WINNT\system32\wjytsfmr.exe
O4 - HKLM\..\Policies\Explorer\Run: [AgYX2NcYL5] C:\Documents and Settings\dittman.KAPLANRIG2\Desktop\AdobeFlashPlayerExt.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) -


Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Reboot your computer.

Please set your system to show hidden files:
http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/

Please remove these files:

C:\Documents and Settings\dittman.KAPLANRIG2\Desktop\AdobeFlashPlayerExt.exe
C:\WINNT\system32\wjytsfmr.exe

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Please post Mbam results and a fresh hijackthis log back here :thumbsup:
Posted Image

#8 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:21 PM

Posted 01 February 2009 - 05:37 AM

Hello.

This topic is now Closed
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Baabiouz
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users