Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Malware Virus And Other Viruses?


  • This topic is locked This topic is locked
19 replies to this topic

#1 anth

anth

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 05 January 2006 - 12:28 AM

Hello! I have read Preparation Guide for use before posting a HijackThis Log and have followed the instructions given.

From reading posts on Bleepingcomputer.com, I think that my computer is infected with malware. However, know nothing about computers beyond the very basics. When my computer was first infected, icons appeared everywhere on my desktop ranging from gambling, to realestate, to pharmacy drugs, amongst other things as well. My desktop background screen then changed from its original screen to black reading, "Warning! Spyware Detected On Your Computer!Install AntiVirus Or Spyware Remover To Clean Your Computer.View The List Of Top Spyware Removers Here." Winhound then appeared. I did not purchase it but my computer was extremely slow. So slow I thought it was a goner...Until I read your site and followed some instructions.

Currently, my coputers desktop still reads, Warning! Spyware Detected On Your Computer!Install AntiVirus Or Spyware Remover To Clean Your Computer.View The List Of Top Spyware Removers Here."[/i] Also, when logging on a box pops up with an X and a red circle around it reading, "C:¥Windows¥inet20001¥winlogon.exe." then there is a bunch of Japanese writing, I have a Japanese computer, saying something about how it is unable to find this regestry. I then click ok and another box pops up with an exclamation point reading the same thing. I then click ok again and my desktop loads.
Thank You!

Logfile of HijackThis v1.99.1
Scan saved at 14:09:52, on 2006/01/05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\HASEGA~1\LOCALS~1\Temp\hijackthis.zip の一時ディレクトリ 1\HijackThis.exe

R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\sstray.exe /s
O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: 辞書バー - {D1A62E0C-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandTate.dll
O9 - Extra button: 翻訳バー - {D1A62E0E-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandYoko.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/assistpc/index_j.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136308972656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3E1D3C-1632-4FEE-9AF7-E4261AD0EA28}: NameServer = 192.168.0.1
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:01 PM

Posted 07 January 2006 - 06:35 AM

Click here to download ewido anti-malware - it is a trial version of the program.
  • Install ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 anth

anth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 07 January 2006 - 11:37 PM

Thanks. I am going to do what you advised today. In addition, if all goes well, I would like to donate to your cause. However, because my computer had a virus do you think it will be safe to donate via my computer, or do you think I should use another.
Thank You!

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:01 PM

Posted 08 January 2006 - 03:54 AM

It will take a few steps to get you clean, after which your computer will be safe. Post the logs when you are ready.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 anth

anth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 08 January 2006 - 08:11 AM

Ok. Below is my Hijack This Log, after running Ewido. Unfortunatly, I cannot post my Ewido Log because when I went to save it my computer said some error and all the log was lost. Maybe because I am on a Japanese OS. I have no idea. Anyway, Ewido found and cured 20 viruses. I then ran Ewido again just in case but all was clean. I hope I didn't make things to complicated. Thank you for helping me Daemon..

Logfile of HijackThis v1.99.1
Scan saved at 22:03:29, on 2006/01/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dumprep.exe
C:\DOCUME~1\HASEGA~1\LOCALS~1\Temp\hijackthis.zip の一時ディレクトリ 2\HijackThis.exe

R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\sstray.exe /s
O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: 辞書バー - {D1A62E0C-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandTate.dll
O9 - Extra button: 翻訳バー - {D1A62E0E-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandYoko.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/assistpc/index_j.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136308972656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3E1D3C-1632-4FEE-9AF7-E4261AD0EA28}: NameServer = 192.168.0.1
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

#6 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:01 PM

Posted 08 January 2006 - 08:37 AM

You're doing fine :thumbsup:

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\inet20001\winlogon.exe
    C:\WINDOWS\batserv2.exe
    C:\WINDOWS\System\svwhost.exe
    C:\WINDOWS\sysldr32.exe
    C:\WINDOWS\sachostx.exe
    C:\WINDOWS\system32\kernels64.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\winlogon.exe
O4 - HKLM\..\Run: [BatSrv] C:\WINDOWS\batserv2.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [SystemLoader] C:\WINDOWS\sysldr32.exe
O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels64.exe
O20 - Winlogon Notify: browsela - C:\WINDOWS\system32\browsela.dll (file missing)
O20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)


Exit HijackThis when done. Reboot rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#7 anth

anth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 09 January 2006 - 04:48 AM

Hello Daemon! Below is my new Hijack This Log. I put Hijack this in a new folder and once I scanned my computer with the program a backup folder appeared in the new folder I created. I assume this means I did what you requested properly in terms of taking Hijack This out of a temporary folder.

I then downloaded killbox and copy and pasted the paths you listed. However, I did this individually, separating each entry with a comma. The reason is that I couldn't get all the paths pasted at once. It was only pasting the top path and no others. After I individually copied and pasted the paths I clicked the delete file button, I click Yes at the Delete on Reboot prompt. and clicked OK at any PendingFileRenameOperations prompt.

I then rebooted my computer manually. and completed the rest of your suggestions. Hope I did it correctly.
Thank You.

Logfile of HijackThis v1.99.1
Scan saved at 18:28:24, on 2006/01/09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\Reg.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Documents and Settings\HASEGAWAYUKA\デスクトップ\use this\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\sstray.exe /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: 辞書バー - {D1A62E0C-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandTate.dll
O9 - Extra button: 翻訳バー - {D1A62E0E-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandYoko.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/assistpc/index_j.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136308972656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3E1D3C-1632-4FEE-9AF7-E4261AD0EA28}: NameServer = 192.168.0.1
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

#8 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:01 PM

Posted 09 January 2006 - 01:12 PM

Looks better - how is it running now?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#9 anth

anth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 10 January 2006 - 04:07 AM

Hi Daemon. My computer is running a heck of a lot better than before. However, there are a few bumps in it still. If these can't be fixed, I appreciate all your help and will happily donate to your cause regardless.

There are only two problems that still occur. First, when I log on, my screen appears to have the desktop picture I have saved (nothing special, just a pre-installed Microsoft picture). However, before any desktop icons are loaded on the screen, my screen turns blue and then white. My screen then remains white and my dektop successfully loads.

when I right click on the white part of the desktop, my computer will show commands like I am online. For example the command box reads things like, [i]Google search, Translate this page to English, backwards link, ect.

Other than that, my computer seems to be working just fine. Thanks!

#10 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:01 PM

Posted 10 January 2006 - 02:52 PM

Do this for me and let me know if it improves things. Do this - click here to download Wallpaper.zip. Extract Wallpaper.reg from the zip file and save it to the desktop. When done, double-click the Wallpaper.reg and when asked to merge say yes.

Reboot and let me know.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#11 anth

anth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 11 January 2006 - 07:14 PM

Good Day Daemon. Ok, so here is the latest involving my computer issues. I performed your request but nothing different happened. Also, I never thought to do this before, but I logged on to another user and when I try to do this that little red x and then that yellow exclamation point pop up before the screen uploads-also with no picture. My computer is also running a bit slow. Could it be because I was running both Avast Home Ed. and kapersky on my computer. However, I recently uninstalled Kepersky due to personal ethical reason that I just became aware of. Now I am only running Avast?

Is my computer now a turtle with no face?
Thanks again.

#12 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:01 PM

Posted 12 January 2006 - 02:24 AM

Click here to download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop.

Next reboot into Safe Mode. You can get there by restarting your computer and continually tapping F8 until a menu appears. Use your arrow to highlight Safe Mode then hit enter.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive (where your operating system is installed). You will need that log later.

Next click Start>Settings>Control Panel>Display>Desktop>Customize Desktop>Web and uncheck "Security Info" if present.

Reboot back into Normal Mode and click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report, along with a new HijackThis Log and the contents of smitfiles.txt in your next reply.

Running two antivirus programs will slow your machine. What was the issue with Kaspersky?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#13 anth

anth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 12 January 2006 - 08:16 AM

Good Day/Night! Thanks again for your knowledge. I have followed your requests and below is a copy of Activescan, Hijack This, and SmitRem. While downloading Panda, Avast said that I was downloading a virus named:win32:ctx. Therefore I shut off Avast and let Panda connect to my computer. I hope that was correct move on my part. Also, After running smitRem, I followed your instructions to uncheck "security info" if present. It was not present but there was a title of "Warning Homepage" present with a check next to it. I left this checked. Just telling you in case it means something. Thanks again for your time.

Oh ya. As for Kaspersky, it was downloaded on my computer as a torrent. I never knew what a torrent was until two months ago and never thought about it their legal issue. Just assumed if it is on the net then it must be ok and if it wasn't then it someone would make them take it off. Long story short, I found out I was wrong, everything has to do with copyright, and if I really need it I will just buy it. Hence my choice for Avast.


Panda Active Scan
incident Status Location

Adware:adware/azesearch Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Favorites\PHARMACY\Breast Enlargement.url
Adware:adware/craft Not disinfected C:\WINDOWS\SYSTEM32\mscnf.dll
Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\vx.tll
Adware:adware/cws.yexe Not disinfected C:\messanger.ini
Adware:adware/cws.searchmeup Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Favorites\Gambling
Adware:adware/cws Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Favorites\shop
Spyware:Cookie/Azesearch Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@1.tnssearch[1].txt
Spyware:Cookie/Azesearch Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@60.topnssearch[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@ads.pointroll[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@belnk[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@clickbank[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@dist.belnk[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@perf.overture[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@qsrch[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@tribalfusion[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Anthony\Cookies\anthony@dist.belnk[2].txt
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Anthony\Local Settings\Temporary Internet Files\Content.IE5\218NSJCD\Install[1].exe
Spyware:Cookie/Azesearch Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@1.tnssearch[1].txt
Spyware:Cookie/Azesearch Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@60.topnssearch[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@adopt.hbmediapro[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@ads.pointroll[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@belnk[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@clickbank[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@dist.belnk[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@perf.overture[1].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@qsrch[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\HASEGAWAYUKA\Cookies\hasegawayuka@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HASEGAWAYUKA\デスクトップ\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\HASEGAWAYUKA\デスクトップ\smitRem.exe[Process.exe]



Logfile of HijackThis v1.99.1
Scan saved at 21:50:57, on 2006/01/12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\D-Link\AirPlus G Wireless Adapter Utility\AirPlus.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HASEGAWAYUKA\デスクトップ\use this\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WindowsUpdate] c:\windows\sstray.exe /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IMJPMIG9.0] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMJP9\IMJPMIG.EXE /Preload /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Microsoft Excel にエクスポート(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: The翻訳_ページ翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O8 - Extra context menu item: The翻訳_範囲指定翻訳 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O8 - Extra context menu item: The翻訳_翻訳設定 - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O8 - Extra context menu item: The翻訳_辞書参照 - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: リサーチ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra 'Tools' menuitem: The翻訳_ページ翻訳 - {D1A62E01-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_pagetran.htm
O9 - Extra button: (no name) - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra 'Tools' menuitem: The翻訳_辞書参照 - {D1A62E07-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\ttp_showdic.htm
O9 - Extra button: (no name) - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra 'Tools' menuitem: The翻訳_範囲指定翻訳 - {D1A62E08-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_seltran.htm
O9 - Extra button: (no name) - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra 'Tools' menuitem: The翻訳_翻訳設定 - {D1A62E0A-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\addins\Ie\afi_setdlg.htm
O9 - Extra button: 辞書バー - {D1A62E0C-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandTate.dll
O9 - Extra button: 翻訳バー - {D1A62E0E-C347-4344-A362-9BCE5FA7E31D} - C:\Program Files\TTI_V7_LE\IeTbandYoko.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://dynabook.com/assistpc/index_j.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136308972656
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B3E1D3C-1632-4FEE-9AF7-E4261AD0EA28}: NameServer = 192.168.0.1
O18 - Protocol: msjwwdat - {BAAB02DC-913E-40AA-B9ED-8068DEE42CFA} - C:\Program Files\Microsoft Office\Home Style\JWW\JWWData.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe

---------------------------------------------------------------------------------------------------------------------

smitRem ゥ log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key

WinHound.com key present!



Running WinHound.com fix!



WinHound.com key was successfully removed! :thumbsup:

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

svcp.csv


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~

secure32.html

~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 720 'explorer.exe'
Killing PID 720 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :flowers:

#14 anth

anth
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:01 AM

Posted 15 January 2006 - 09:07 AM

Hi Daemon! I am sure you are busy but I just thought I would do what I could on my end until you had a moment to help again. Just to let you know, I ran Ad-ware and had 18 problems that I just fixed. I then ran spybot and fixed one problem.
thanks.

#15 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:01 PM

Posted 16 January 2006 - 02:31 AM

Apologies for the delay.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\SYSTEM32\mscnf.dll
    C:\WINDOWS\SYSTEM32\vx.tll
    C:\messanger.ini

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

Post a new HJT log when done. What were the items that AdAware removed - cookies?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users