Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log: Please Help Diagnose


  • Please log in to reply
3 replies to this topic

#1 jmm42

jmm42

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 30 November 2005 - 09:21 PM

Thanks for your help guys...winfixer is in my computer and doesn't start to open too.



Logfile of HijackThis v1.99.1
Scan saved at 21:14:38, on 2005-11-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\VVSN\VVSN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Tai Ming Au\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\iiifd.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\xxwxx.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Tai Ming Au\Desktop\FreeRAM XP Pro v 1.40.exe" -win
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=presario&pf=laptop
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: iiifd - C:\WINDOWS\SYSTEM32\iiifd.dll
O20 - Winlogon Notify: xxwxx - C:\WINDOWS\system32\xxwxx.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 02 December 2005 - 03:58 PM

Hi and :thumbsup: to BleepingComputer!

My name is David Posted Image

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

#3 jmm42

jmm42
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 02 December 2005 - 09:15 PM

********
20:09: | Start of Session, 2 décembre 2005 |
20:09: Spy Sweeper started
20:09: Sweep initiated using definitions version 577
20:09: Starting Memory Sweep
20:19: Found Adware: whenu savenow
20:19: Detected running threat: C:\Program Files\VVSN\VVSN.exe (ID = 188685)
20:19: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || VVSN (ID = 0)
20:22: Memory Sweep Complete, Elapsed Time: 00:12:18
20:22: Starting Registry Sweep
20:23: HKLM\software\microsoft\windows\currentversion\run\ || vvsn (ID = 140442)
20:23: Found Adware: spyanytime
20:23: HKCR\jasonbutton.xpbutton\ (3 subtraces) (ID = 142085)
20:23: HKCR\clsid\{f3c047af-74b1-4c61-9756-92f8d9f11a56}\ (23 subtraces) (ID = 142086)
20:23: HKCR\interface\{92d590b4-a6b6-4841-9c47-cb8d86bfded0}\ (8 subtraces) (ID = 142087)
20:23: HKCR\interface\{c793dc5a-4494-4c30-93b0-0784604871dc}\ (8 subtraces) (ID = 142088)
20:23: HKCR\typelib\{56acc949-e6ee-4bf7-af56-0a44fede4b42}\ (9 subtraces) (ID = 142089)
20:23: Found System Monitor: system spy
20:23: HKCR\.ssa\ (1 subtraces) (ID = 143523)
20:23: Registry Sweep Complete, Elapsed Time:00:01:22
20:23: Starting Cookie Sweep
20:23: Found Spy Cookie: 2o7.net cookie
20:23: tai ming au@122.2o7[1].txt (ID = 1958)
20:23: Found Spy Cookie: 247realmedia cookie
20:23: tai ming au@247realmedia[2].txt (ID = 1953)
20:23: tai ming au@2o7[2].txt (ID = 1957)
20:23: Found Spy Cookie: go.com cookie
20:23: tai ming au@abc.go[1].txt (ID = 2729)
20:23: tai ming au@abcnews.go[1].txt (ID = 2729)
20:23: Found Spy Cookie: about cookie
20:23: tai ming au@about[2].txt (ID = 2037)
20:23: Found Spy Cookie: yieldmanager cookie
20:23: tai ming au@ad.yieldmanager[2].txt (ID = 3751)
20:23: Found Spy Cookie: adknowledge cookie
20:23: tai ming au@adknowledge[2].txt (ID = 2072)
20:23: Found Spy Cookie: specificclick.com cookie
20:23: tai ming au@adopt.specificclick[2].txt (ID = 3400)
20:23: Found Spy Cookie: adrevolver cookie
20:23: tai ming au@adrevolver[1].txt (ID = 2088)
20:23: tai ming au@adrevolver[2].txt (ID = 2088)
20:23: Found Spy Cookie: addynamix cookie
20:23: tai ming au@ads.addynamix[1].txt (ID = 2062)
20:23: Found Spy Cookie: pointroll cookie
20:23: tai ming au@ads.pointroll[2].txt (ID = 3148)
20:23: Found Spy Cookie: adserver cookie
20:23: tai ming au@adserver[1].txt (ID = 2141)
20:23: Found Spy Cookie: adultfriendfinder cookie
20:23: tai ming au@adultfriendfinder[1].txt (ID = 2165)
20:23: Found Spy Cookie: falkag cookie
20:23: tai ming au@as-eu.falkag[1].txt (ID = 2650)
20:23: tai ming au@as-us.falkag[1].txt (ID = 2650)
20:23: tai ming au@as1.falkag[2].txt (ID = 2650)
20:23: Found Spy Cookie: atwola cookie
20:23: tai ming au@atwola[1].txt (ID = 2255)
20:23: Found Spy Cookie: a cookie
20:23: tai ming au@a[1].txt (ID = 2027)
20:23: Found Spy Cookie: banner cookie
20:23: tai ming au@banner[1].txt (ID = 2276)
20:23: Found Spy Cookie: belnk cookie
20:23: tai ming au@belnk[1].txt (ID = 2292)
20:23: Found Spy Cookie: bluestreak cookie
20:23: tai ming au@bluestreak[1].txt (ID = 2314)
20:23: Found Spy Cookie: bravenet cookie
20:23: tai ming au@bravenet[1].txt (ID = 2322)
20:23: Found Spy Cookie: bs.serving-sys cookie
20:23: tai ming au@bs.serving-sys[1].txt (ID = 2330)
20:23: Found Spy Cookie: burstnet cookie
20:23: tai ming au@burstnet[2].txt (ID = 2336)
20:23: Found Spy Cookie: casalemedia cookie
20:23: tai ming au@casalemedia[2].txt (ID = 2354)
20:23: Found Spy Cookie: ccbill cookie
20:23: tai ming au@ccbill[1].txt (ID = 2369)
20:23: Found Spy Cookie: centrport net cookie
20:23: tai ming au@centrport[1].txt (ID = 2374)
20:23: tai ming au@dist.belnk[2].txt (ID = 2293)
20:23: Found Spy Cookie: ru4 cookie
20:23: tai ming au@edge.ru4[1].txt (ID = 3269)
20:23: tai ming au@go[1].txt (ID = 2728)
20:23: Found Spy Cookie: screensavers.com cookie
20:23: tai ming au@i.screensavers[1].txt (ID = 3298)
20:23: Found Spy Cookie: domainsponsor cookie
20:23: tai ming au@landing.domainsponsor[1].txt (ID = 2535)
20:23: tai ming au@maxim.122.2o7[1].txt (ID = 1958)
20:23: Found Spy Cookie: maxserving cookie
20:23: tai ming au@maxserving[1].txt (ID = 2966)
20:23: tai ming au@movies.about[1].txt (ID = 2038)
20:23: Found Spy Cookie: okcounter.com cookie
20:23: tai ming au@okcounter[1].txt (ID = 3093)
20:23: Found Spy Cookie: overture cookie
20:23: tai ming au@overture[2].txt (ID = 3105)
20:23: Found Spy Cookie: partypoker cookie
20:23: tai ming au@partypoker[1].txt (ID = 3111)
20:23: Found Spy Cookie: paypopup cookie
20:23: tai ming au@paypopup[1].txt (ID = 3119)
20:23: tai ming au@perf.overture[1].txt (ID = 3106)
20:23: Found Spy Cookie: questionmarket cookie
20:23: tai ming au@questionmarket[1].txt (ID = 3217)
20:23: Found Spy Cookie: realmedia cookie
20:23: tai ming au@realmedia[1].txt (ID = 3235)
20:23: Found Spy Cookie: valuead cookie
20:23: tai ming au@reduxads.valuead[1].txt (ID = 3627)
20:23: Found Spy Cookie: revenue.net cookie
20:23: tai ming au@revenue[1].txt (ID = 3257)
20:23: tai ming au@rsi.abc.go[1].txt (ID = 2729)
20:23: tai ming au@rsi.abcnews.go[1].txt (ID = 2729)
20:23: Found Spy Cookie: server.iad.liveperson cookie
20:23: tai ming au@server.iad.liveperson[1].txt (ID = 3341)
20:23: Found Spy Cookie: serving-sys cookie
20:23: tai ming au@serving-sys[2].txt (ID = 3343)
20:23: Found Spy Cookie: starware.com cookie
20:23: tai ming au@starware[2].txt (ID = 3441)
20:23: Found Spy Cookie: onestat.com cookie
20:23: tai ming au@stat.onestat[2].txt (ID = 3098)
20:23: Found Spy Cookie: statcounter cookie
20:23: tai ming au@statcounter[2].txt (ID = 3447)
20:23: Found Spy Cookie: reliablestats cookie
20:23: tai ming au@stats1.reliablestats[2].txt (ID = 3254)
20:23: Found Spy Cookie: tradedoubler cookie
20:23: tai ming au@tradedoubler[2].txt (ID = 3575)
20:23: Found Spy Cookie: trafficmp cookie
20:23: tai ming au@trafficmp[2].txt (ID = 3581)
20:23: Found Spy Cookie: trb.com cookie
20:23: tai ming au@trb[2].txt (ID = 3587)
20:23: Found Spy Cookie: tribalfusion cookie
20:23: tai ming au@tribalfusion[1].txt (ID = 3589)
20:23: Found Spy Cookie: tripod cookie
20:23: tai ming au@tripod[1].txt (ID = 3591)
20:23: Found Spy Cookie: weborama cookie
20:23: tai ming au@weborama[1].txt (ID = 3658)
20:23: Found Spy Cookie: burstbeacon cookie
20:23: tai ming au@www.burstbeacon[1].txt (ID = 2335)
20:23: Found Spy Cookie: xiti cookie
20:23: tai ming au@xiti[1].txt (ID = 3717)
20:23: tai ming au@z1.adserver[1].txt (ID = 2142)
20:23: Found Spy Cookie: zedo cookie
20:23: tai ming au@zedo[2].txt (ID = 3762)
20:23: Cookie Sweep Complete, Elapsed Time: 00:00:03
20:23: Starting File Sweep
20:24: c:\program files\vvsn (3 subtraces) (ID = -2147480376)
20:24: Found System Monitor: spyanytime pcspy
20:24: c:\documents and settings\all users\application data\sysdata (5 subtraces) (ID = -2147480287)
20:27: Found System Monitor: ufp 007 spy
20:27: unins000.exe (ID = 48061)
20:35: help.chm (ID = 76462)
20:36: xpbutton.ocx (ID = 76484)
20:49: spyanytime pc spy.lnk (ID = 76467)
20:50: vvsn.exe (ID = 188685)
20:50: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || VVSN (ID = 0)
20:52: vvsninst.exe (ID = 74460)
20:55: Found Adware: marketscore
20:55: rk.bin (ID = 69224)
21:01: spyanytime help.lnk (ID = 76478)
21:02: spyanytime help.lnk (ID = 76462)
21:02: File Sweep Complete, Elapsed Time: 00:38:33
21:02: Full Sweep has completed. Elapsed time 00:52:36
21:02: Traces Found: 145
21:04: Removal process initiated
21:06: Quarantining All Traces: spyanytime pcspy
21:06: Quarantining All Traces: system spy
21:06: Quarantining All Traces: ufp 007 spy
21:06: Quarantining All Traces: marketscore
21:06: Quarantining All Traces: spyanytime
21:06: spyanytime is in use. It will be removed on reboot.
21:06: spyanytime help.lnk is in use. It will be removed on reboot.
21:06: Quarantining All Traces: whenu savenow
21:06: whenu savenow is in use. It will be removed on reboot.
21:06: vvsn.exe is in use. It will be removed on reboot.
21:06: Quarantining All Traces: 247realmedia cookie
21:06: Quarantining All Traces: 2o7.net cookie
21:06: Quarantining All Traces: a cookie
21:06: Quarantining All Traces: about cookie
21:06: Quarantining All Traces: addynamix cookie
21:06: Quarantining All Traces: adknowledge cookie
21:06: Quarantining All Traces: adrevolver cookie
21:06: Quarantining All Traces: adserver cookie
21:06: Quarantining All Traces: adultfriendfinder cookie
21:06: Quarantining All Traces: atwola cookie
21:06: Quarantining All Traces: banner cookie
21:06: Quarantining All Traces: belnk cookie
21:06: Quarantining All Traces: bluestreak cookie
21:06: Quarantining All Traces: bravenet cookie
21:06: Quarantining All Traces: bs.serving-sys cookie
21:06: Quarantining All Traces: burstbeacon cookie
21:06: Quarantining All Traces: burstnet cookie
21:06: Quarantining All Traces: casalemedia cookie
21:06: Quarantining All Traces: ccbill cookie
21:06: Quarantining All Traces: centrport net cookie
21:06: Quarantining All Traces: domainsponsor cookie
21:06: Quarantining All Traces: falkag cookie
21:06: Quarantining All Traces: go.com cookie
21:06: Quarantining All Traces: maxserving cookie
21:06: Quarantining All Traces: okcounter.com cookie
21:06: Quarantining All Traces: onestat.com cookie
21:06: Quarantining All Traces: overture cookie
21:06: Quarantining All Traces: partypoker cookie
21:06: Quarantining All Traces: paypopup cookie
21:06: Quarantining All Traces: pointroll cookie
21:06: Quarantining All Traces: questionmarket cookie
21:06: Quarantining All Traces: realmedia cookie
21:06: Quarantining All Traces: reliablestats cookie
21:06: Quarantining All Traces: revenue.net cookie
21:06: Quarantining All Traces: ru4 cookie
21:06: Quarantining All Traces: screensavers.com cookie
21:06: Quarantining All Traces: server.iad.liveperson cookie
21:06: Quarantining All Traces: serving-sys cookie
21:06: Quarantining All Traces: specificclick.com cookie
21:06: Quarantining All Traces: starware.com cookie
21:06: Quarantining All Traces: statcounter cookie
21:06: Quarantining All Traces: tradedoubler cookie
21:06: Quarantining All Traces: trafficmp cookie
21:06: Quarantining All Traces: trb.com cookie
21:06: Quarantining All Traces: tribalfusion cookie
21:06: Quarantining All Traces: tripod cookie
21:06: Quarantining All Traces: valuead cookie
21:06: Quarantining All Traces: weborama cookie
21:06: Quarantining All Traces: xiti cookie
21:06: Quarantining All Traces: yieldmanager cookie
21:06: Quarantining All Traces: zedo cookie
21:06: Preparing to restart your computer. Please wait...
21:06: Removal process completed. Elapsed time 00:01:50
********
20:06: | Start of Session, 2 décembre 2005 |
20:06: Spy Sweeper started
20:07: Your spyware definitions have been updated.
20:09: | End of Session, 2 décembre 2005 |



Logfile of HijackThis v1.99.1
Scan saved at 21:12:51, on 2005-12-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tai Ming Au\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\xxwxx.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Tai Ming Au\Desktop\FreeRAM XP Pro v 1.40.exe" -win
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q304&bd=presario&pf=laptop
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendowifi.com/troubleshooting/usbaptest.cab
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd...ds/iaieplay.dll
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O20 - Winlogon Notify: xxwxx - C:\WINDOWS\system32\xxwxx.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:07 AM

Posted 03 December 2005 - 05:13 AM

Fix these with HJT:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...sario&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\xxwxx.dll (file missing)
O20 - Winlogon Notify: xxwxx - C:\WINDOWS\system32\xxwxx.dll (file missing)

Clean Log!! Posted Image
How's everything running?

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users