Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log....help?..?


  • Please log in to reply
8 replies to this topic

#1 Baurge

Baurge

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:46 AM

Posted 17 April 2006 - 12:54 PM

Okay not to many big things going on with my computer but I wanted to run a hijackthis log and post it to see if someone a lil more...well...smarter than me might notice any problems so here's meh log:

Logfile of HijackThis v1.99.1
Scan saved at 1:49:42 PM, on 4/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\AOL\1138324450\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VC BOOK SOAP EXTRA] C:\Documents and Settings\All Users\Application Data\amok user vc book\Grey Ref.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138324450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ForBash] C:\DOCUME~1\Raymond\APPLIC~1\RULEWA~1\dart five bin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138328371281
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Autodesk - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Everything no matter how great will come to an end.....

BC AdBot (Login to Remove)

 


m

#2 Baurge

Baurge
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:46 AM

Posted 22 April 2006 - 06:10 PM

An updated hijackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 7:07:11 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\AOL\1138324450\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VC BOOK SOAP EXTRA] C:\Documents and Settings\All Users\Application Data\amok user vc book\Grey Ref.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138324450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ForBash] C:\DOCUME~1\Raymond\APPLIC~1\RULEWA~1\dart five bin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} -
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138328371281
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: PAVWAIT.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Autodesk - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Everything no matter how great will come to an end.....

#3 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 22 April 2006 - 10:00 PM

OK, Baurge, I'll start out with posting a link to your other post so anyone reading this will know why we're removing stuff that is otherwise legit.

http://www.bleepingcomputer.com/forums/top...tml#entry273078

HJT has revealed a couple of Norton remnants as well as the Panda one found by Silent Runners. Fixing these items should help with the problem you descried in the other thread--let me know.

You have a LOP infection. As far as Hotoffers, I was looking at some bad information earlier, so you don't have that to worry about.

I'm also going to mark an item in blue for you to fix at your option. My suggestion is to uninstall Limewire and if you have to use P2P to try something else. You may have it configured to be safer than most, but I've seen some PC's that are eaten up with malware stored in Limewire folders. You defintely don't want it to run at startup (which is why I suggest fixing the item with HJT) and it's not a good idea to leave your files open to just anyone. See here for more information: http://forums.spybot.info/showthread.php?t=282

Scan again with HijackThis 1.99.1. Put a checkmark by the following entries, double-checking to be sure that only these entries are checked:

O4 - HKLM\..\Run: [VC BOOK SOAP EXTRA] C:\Documents and Settings\All Users\Application Data\amok user vc book\Grey Ref.exe
O4 - HKCU\..\Run: [ForBash] C:\DOCUME~1\Raymond\APPLIC~1\RULEWA~1\dart five bin.exe
O4 - Startup: LimeWire On Startup.lnk.disabled
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) -
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} -
O20 - AppInit_DLLs: PAVWAIT.DLL


Close all other windows--you should only see HijackThis on your Desktop--and then click the "Fix checked" button.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Reboot your computer into Safe Mode and delete the following folders:

C:\Documents and Settings\All Users\Application Data\amok user vc book
C:\Documents and Settings\Raymond\Application Data\RULEWA~1
<--the ~1 is windows way of abreviating long file names, so this folder name will start with RULEWA and contain the dart five bin.exe file.

Also do a search for the PAVWAIT.DLL and delete it if found and don't worry if it's not there as it may already be gone.

Click on the Start button & select Run.
Type in tasks & click OK.
In the ensuing window, click on the Advanced menu (located above) & select View Hidden Tasks.

Right click on and delete the following job (the .job extension may not show):

AE14913A93BF01EA

It would be a good idea to run Disk Cleanup. Type cleanmgr in the run box by going to Start>Run. Have it clean out the following three:

Temporary Files
Temporary Internet Files
Recycle Bin

Reboot back to normal mode.

You may have some more LOP files and folders scattered around. Download fl.zip.
Extract the contents to a new folder on your Desktop. NOTE: It must be unzipped to work properly.
Within the folder, locate & double-click fl.bat.
It should produce a report at c:\findlop.txt. Post the contents of the report in your next reply.

Scan again with HijackThis and post another log. And let me know how things are running.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#4 Baurge

Baurge
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:46 AM

Posted 23 April 2006 - 10:02 AM

Thanks for all of the help. I did everything you said. Windows still registered "one or more" anti-virus programs but my computer does seem to run a little better. Here's the two reports you asked for:

fl.bat:

Volume in drive C has no label.
Volume Serial Number is 882B-32B0

Directory of C:\Documents and Settings\All Users\Application Data

02/26/2006 04:38 PM <DIR> Adobe
02/13/2006 11:53 PM <DIR> Adobe Systems
01/26/2006 09:14 PM <DIR> AOL
01/26/2006 09:13 PM <DIR> AOL Downloads
02/05/2006 09:34 AM <DIR> Apple Computer
02/12/2006 01:28 AM <DIR> Autodesk
01/26/2006 07:21 PM <DIR> hpqwmi
01/26/2006 07:12 PM <DIR> InstallShield
01/26/2006 07:24 PM <DIR> Motive
01/26/2006 07:44 PM <DIR> MotiveSysIDs
01/26/2006 07:17 PM <DIR> muvee Technologies
01/26/2006 07:03 PM <DIR> QuickTime
01/26/2006 08:19 PM <DIR> Spybot - Search & Destroy
01/26/2006 07:42 PM <DIR> Support.com
02/14/2006 08:03 AM <DIR> Trymedia
03/09/2006 11:08 AM <DIR> WhiteCap (Holiday Edition)
01/26/2006 10:20 PM <DIR> Windows Genuine Advantage
02/26/2006 05:23 PM <DIR> WinSoftware
0 File(s) 0 bytes
18 Dir(s) 64,653,516,800 bytes free
Volume in drive C has no label.
Volume Serial Number is 882B-32B0

Directory of C:\Documents and Settings\Raymond\Application Data

01/26/2006 09:15 PM <DIR> acccore
03/21/2006 07:09 PM <DIR> Adobe
02/26/2006 04:40 PM <DIR> AdobeUM
03/28/2006 07:31 AM <DIR> Ahead
02/07/2006 01:16 AM <DIR> Apple Computer
02/12/2006 12:39 AM <DIR> Autodesk
04/23/2006 10:56 AM <DIR> DMCache
01/27/2006 08:16 PM <DIR> Google
01/26/2006 11:43 PM <DIR> Help
01/26/2006 09:25 PM <DIR> ICQLite
01/26/2006 06:33 PM <DIR> Identities
01/31/2006 06:25 AM <DIR> IDM
01/27/2006 02:25 AM <DIR> InterVideo
02/06/2006 02:09 PM <DIR> Lavasoft
01/28/2006 08:22 PM <DIR> Leadertech
04/11/2006 12:08 PM <DIR> LimeWire
02/23/2006 03:30 PM <DIR> Macromedia
02/02/2006 12:35 AM <DIR> Mathsoft
02/11/2006 01:54 PM <DIR> MathWorks
02/10/2006 10:04 PM <DIR> Media city info
02/07/2006 11:39 PM <DIR> Media Player Classic
04/10/2006 11:26 AM <DIR> Morpheus
01/30/2006 05:12 AM <DIR> Morpheus Ultra
01/26/2006 09:13 PM <DIR> Mozilla
02/19/2006 11:47 AM <DIR> My Games
02/16/2006 01:58 PM <DIR> Real
01/28/2006 08:25 PM <DIR> Sonic
01/26/2006 09:10 PM <DIR> Sun
01/26/2006 07:25 PM <DIR> Symantec
02/22/2006 04:34 PM <DIR> Viewpoint
02/26/2006 09:43 AM <DIR> VSO_HWE
0 File(s) 0 bytes
31 Dir(s) 64,653,516,800 bytes free
Volume in drive C has no label.
Volume Serial Number is 882B-32B0

Directory of C:\Documents and Settings\Default User\Application Data

01/26/2006 10:11 AM <DIR> .
01/26/2006 10:11 AM <DIR> ..
04/21/2006 12:14 AM 62 desktop.ini
1 File(s) 62 bytes
2 Dir(s) 64,653,516,800 bytes free
Volume in drive C has no label.
Volume Serial Number is 882B-32B0

Directory of C:\Documents and Settings\LocalService\Application Data

Volume in drive C has no label.
Volume Serial Number is 882B-32B0

Directory of C:\Documents and Settings\NetworkService\Application Data

[TRACE] Enumerating jobs and queues

hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 10:59:27 AM, on 4/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\AOL\1138324450\ee\AOLSoftware.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138324450\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138328371281
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Autodesk - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again for all the help....I know some about computer but no where near as much as you ^_^...don't wory though i'll get there...just completed my first year towards my computer engineering major...hehe can't wait till i get to that point and instead of asking for help i'm the one dishing it out....

Edited by Baurge, 23 April 2006 - 10:04 AM.

Everything no matter how great will come to an end.....

#5 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 23 April 2006 - 08:27 PM

OK, your log is clean and LOP no longer appears to be active. Looks like you've done a good job of cleaning up anything else on your own. The way LOP names their files, most scanners will miss it.

I see one other folder that might be LOP:

C:\Documents and Settings\Raymond\Application Data\Media city info

The way to recognize lop is to look in your application data folders (listed in the fl.bat log) and look for folders with names that are real words that seem to be randomly strung together. Inside those folders will be files named the same way. Take as example the names of the files and folders I've asked you to delete.

amok user vc book
RULEWA~1
dart five bin.exe
Grey Ref.exe


Gotta be careful tho, cause you've got one that I thought would be LOP--BigDogPath--but the file VM_STI.EXE doesn't fit the pattern and there is no folder in application Data anyway. I suggest you go thru those AD folders and delete any with files inside that fit the pattern.

Another way to find bad files is to look at the dates they were created--more recent files that fit the criteria is another clue. But you appear to have a new computer or have reformatted as all your files were created this year and it's young yet.

To tidy up, you can also delete any AD folders from software you know you have uninstalled. For example Limewire. :thumbsup:

You also definitely need to delete this folder:

C:\Documents and Settings\All Users\Application Data\WinSoftware

That's from fradulant/rogue security software that is plaguing everyone nowdays. I don't see any sisgns that it is active but since they make an AV this could have something to do with your message about more than one AV being installed. Go to Add/Remove programs and look for and delete any programs found on this page and let me know if any were there: http://www.freedownloadscenter.com/Best/winsoftware.html

And could you tell me where you're getting the message you have two AV's installed? I've never heard of that. Is it from Security Center? If you could post a screenshot that would help a lot.

Thanks again for all the help....I know some about computer but no where near as much as you ^_^...don't wory though i'll get there...just completed my first year towards my computer engineering major...hehe can't wait till i get to that point and instead of asking for help i'm the one dishing it out....

Well, I don't that much about computers, just have some experience with malware and simple set ups. You learn a lot about the registry in this business, but I'm a real clutz at hardware. If you think you have time for it, you could join our training program and start dishing out help pretty soon. Shoot me a PM if you're interested. :flowers:

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#6 Baurge

Baurge
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:46 AM

Posted 23 April 2006 - 09:22 PM

Screenshot of where it states I have two anti-virus programs running. Thanks again for all the help I deleted the two items you spoke about. Your right about the WinSoftware it was a programs my father put on here for me and i researched it and found out it was malware and deleted it promptly. I thought I got rid of all of it. So I deleted that. Do you think that some of that may still be lingering arround? I also deleted that other on because I had no idea what that one was and there was nothing inside the folder so it's gone.
Once again here's the screenshot:

Opted for a link cause it's rather large image and didn't want to take up to much space on forum ^_^. Screenshot

Thanks again for the help.

Edited by Baurge, 23 April 2006 - 09:25 PM.

Everything no matter how great will come to an end.....

#7 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 28 April 2006 - 10:48 AM

Hey Baurge, sorry it's taken so long to get back to you.

Thanks for the screenshot. So it is Security Center. I did a little research and that problem is rarely reported but one that did had the same situation as far as this happening after Norton was uninstalled. I don't see a solution for it. You could make the message go away by telling Security Center you will monitor your AV yourself. You can do that by going to Control Panel to open Security Center and click on "Change the way Security Center alerts me" and take the check out of the AV part. SC is a good idea but malware has already found out how to manipulate it so it's better to monitor it yourself anyway.

I have a couple of ideas on how to investigate how to solve this instead of just using a workaround, but I think we should migrate back to your other thread to do that. We mostly use HijackThis sessions to clear malware from systems. Your last log looks clean, but I would like you to run some deeper scans to see if we can catch anything else and and maybe some leftovers.

BTW, ewido is a very effective scanner that is a good supplement to antivirus and antispyware applications, so i recommend you keep it in your arsenal. The 14 day trial is just for some extended features so you will still be able to use it to clean up malware after the trial.

Download and install the trial version of ewido security suite.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch Ewido by double-clicking the desktop icon.
- You may get a message that the database could not be found. This is normal-- click the OK button.
- The program will now go to the main screen.
- On the left hand side of the main screen click update.
- Click on Start update.
- The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, try the solutions on this page and let me know how it went:
http://www.ewido.net/en/support/?AID=26

Once the updates are installed close Ewido.

Reboot your computer into Safe Mode.

Open Ewido and do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • If ewido detects an infected file click "Perform action on all infections"
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report.txt file to your desktop.
Now close ewido security suite.

Please post the contents of the report.txt file in your next post.

Reboot back into normal mode and then...

Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
NOTE: If you are running XP SP2, you may need to click on the Information Bar to allow the ActiveX to install and may need to repeat step 1.
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Click "Scan Settings" and check the option to use the EXTENDED DATABASE, then click "OK"
7. Select a target to scan: Click on "My Computer"
8. When the scan is complete choose to save the results as "Save as Text"
9. Post the Kaspersky scan results in your next reply.

Then post one more HJT log along with the others. If you are still clean, as I suspect you are, we can wrap this thread up.

The fate of all mankind, I see

Is in the hands of fools

--King Crimson


#8 Baurge

Baurge
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:05:46 AM

Posted 29 April 2006 - 02:37 PM

Thanks for all the help and no worries about long time to respond i'm sure you got alot of things going on and can't just concentrate on my problems ^_^. Here are two of the logs you wanted....I tried to download the "Kaspersky Webscan" but it wouldn't load all together I'd go to click accept and wouldn't get anything activeX or otherwise (i noticed that internet explorer and another web browser I have called mathox both stated a script error whenever I clicked on the accept button)....I am running IE 7 Beta 2 so that might be the problem well here's the other two scans:


New hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 3:34:21 PM, on 4/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\idmmbc.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Customer...DataManager.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {47CEF84E-92D8-4C4A-86D7-CB982889DCC0} (Oberon Media Network Optimizer) - http://mp1.mplay.oberon-media.com/client/flashnet.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138328371281
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Autodesk - (no file)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ewido scan: (took like 2 1/2 hours >.<)

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:03:45 PM, 4/29/2006
+ Report-Checksum: A9CA7BD2

+ Scan result:

:mozilla.8:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Raymond\Application Data\Mozilla\Firefox\Profiles\xtr65glv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Raymond\Cookies\raymond@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Raymond\Cookies\raymond@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Raymond\Cookies\raymond@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Raymond\Cookies\raymond@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Raymond\Cookies\raymond@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Raymond\Cookies\raymond@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\WinRar\Crack\Patch09c.exe -> Downloader.VB.ts : Cleaned with backup


::Report End

Thanks for all the help ^_^

Edited by Baurge, 29 April 2006 - 04:41 PM.

Everything no matter how great will come to an end.....

#9 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,522 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:46 AM

Posted 01 May 2006 - 09:28 AM

OK, Baurge, your log is still clean. Ewido found and cleaned one malicious file: C:\Program Files\WinRar\Crack\Patch09c.exe

That is the kind of thing that you'll get by leaving your file sharing folders open. Or if you're downloading cracks yourself, be advised you're just asking for trouble as most of them are infected. I see Morpheus in your AD folder, so again, if you're going to use P2P be careful--scan every file with your antivirus before you open them (this is still risky if the malware is too new for current definitions, and that's common now).

Have fun with IE 7. Sounds like you had some problem with it as far as running ActiveX, but since it's still in beta I have no idea how to help you with that. You might want to start a new thread in the main forums to talk about it.

I missed one more Symantec leftover. You can fix this line with HijackThis:

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

If you have any problem with the deletion let me know

I don't know if it would do you any good at this point, but Symantec's SymNRT removal tool has been updated and may be worth running again.
http://www.bleepingcomputer.com/forums/ind...ndpost&p=273334

Altho with the beta IE 7 running now I would be cautious about that. IE is really a part of the operating system so it's hard to predict what's changed and what software and fixes are compatable with it.

I'll post in the other thread about my other ideas on this when i get a chance. Following is the standard speech given to everyone with a clean log--go thru the thread linked to and follow the recommendations that apply to you in order to keep your PC more secure. You may want to forego purging system retore since you are running a beta and may need it.

Disable and Enable System Restore. - You should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and re-enable System Restore here:

Windows XP System Restore Guide

Re-enable System Restore with instructions from the tutorial above.


Next,

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1:Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and if there are any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

The fate of all mankind, I see

Is in the hands of fools

--King Crimson





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users