Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I Infected


  • Please log in to reply
2 replies to this topic

#1 jm1919

jm1919

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 26 April 2006 - 05:13 AM

Logfile of HijackThis v1.99.1
Scan saved at 4:53:48 AM, on 4/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Documents and Settings\Jeff\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...ie5update&O1=b1
O1 - Hosts: # Copyright © 1993-1999 Microsoft Corp.
O1 - Hosts: #
O1 - Hosts: # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
O1 - Hosts: #
O1 - Hosts: # This file contains the mappings of IP addresses to host names. Each
O1 - Hosts: # entry should be kept on an individual line. The IP address should
O1 - Hosts: # be placed in the first column followed by the corresponding host name.
O1 - Hosts: # The IP address and the host name should be separated by at least one
O1 - Hosts: # space.
O1 - Hosts: #
O1 - Hosts: # Additionally, comments (such as these) may be inserted on individual
O1 - Hosts: # lines or following the machine name denoted by a '#' symbol.
O1 - Hosts: #
O1 - Hosts: # For example:
O1 - Hosts: #
O1 - Hosts: # 102.54.94.97 rhino.acme.com # source server
O1 - Hosts: # 38.25.63.10 x.acme.com # x client host
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winrnr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O16 - DPF: Microsoft XML Parser for Java -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144921110545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145577306765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll
O23 - Service: Application Layer Gateway Service (ALG) - Microsoft Corporation - C:\WINDOWS\System32\alg.exe
O23 - Service: Application Management (AppMgmt) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio (AudioSrv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Indexing Service (cisvc) - Microsoft Corporation - C:\WINDOWS\System32\cisvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Microsoft Corporation - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Cryptographic Services (CryptSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: DHCP Client (Dhcp) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager (dmserver) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client (Dnscache) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service (ERSvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log (Eventlog) - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System (EventSystem) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Help and Support (helpsvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Human Interface Device Access (HidServ) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL (HTTPFilter) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Microsoft Corporation - C:\WINDOWS\System32\imapi.exe
O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft Corporation - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Microsoft Corporation - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - Microsoft Corporation - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network Connections (Netman) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Removable Storage (NtmsSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Microsoft Corporation - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Plug and Play (PlugPlay) - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services (PolicyAgent) - Microsoft Corporation - C:\WINDOWS\System32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Microsoft Corporation - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - Microsoft Corporation - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card (SCardSvr) - Microsoft Corporation - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon (seclogon) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification (SENS) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Print Spooler (Spooler) - Microsoft Corporation - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service (srservice) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: SSDP Discovery Service (SSDPSRV) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Microsoft Corporation - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Microsoft Corporation - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony (TapiSrv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services (TermService) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Themes - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Microsoft Corporation - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Microsoft Corporation - C:\WINDOWS\System32\ups.exe
O23 - Service: Volume Shadow Copy (VSS) - Microsoft Corporation - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time (W32Time) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation (winmgmt) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Microsoft Corporation - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Security Center (wscsvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates (wuauserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service (xmlprov) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

BC AdBot (Login to Remove)

 


m

#2 jm1919

jm1919
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 28 April 2006 - 11:19 AM

RemoveIT Pro XT SE logfile

10:08:33 AM: Scanning, please wait...
10:08:33 AM: Infected file [Win32.Tex.B] C:\WINDOWS\regedit.com
10:08:54 AM: Infected file [Win32.Tex.B] C:\WINDOWS\R.COM
10:08:54 AM: Infected file [Win32.Tex.B] C:\WINDOWS\regedit.exe
10:09:01 AM: Infected file [Win32.Tex.B] C:\WINDOWS\ServicePackFiles\i386\regedit.exe
10:09:03 AM: Infected file [Win32.Tex.B] C:\WINDOWS\system32\dllcache\regedit.exe
10:08:45 AM: 5 Dangerous files has been found on your computer.


Logfile of HijackThis v1.99.1
Scan saved at 11:05:49 AM, on 4/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)[/b]

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft.com/isapi/redir.dll?P...ie5update&O1=b1
O1 - Hosts: # Copyright © 1993-1999 Microsoft Corp.
O1 - Hosts: #
O1 - Hosts: # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
O1 - Hosts: #
O1 - Hosts: # This file contains the mappings of IP addresses to host names. Each
O1 - Hosts: # entry should be kept on an individual line. The IP address should
O1 - Hosts: # be placed in the first column followed by the corresponding host name.
O1 - Hosts: # The IP address and the host name should be separated by at least one
O1 - Hosts: # space.
O1 - Hosts: #
O1 - Hosts: # Additionally, comments (such as these) may be inserted on individual
O1 - Hosts: # lines or following the machine name denoted by a '#' symbol.
O1 - Hosts: #
O1 - Hosts: # For example:
O1 - Hosts: #
O1 - Hosts: # 102.54.94.97 rhino.acme.com # source server
O1 - Hosts: # 38.25.63.10 x.acme.com # x client host
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winrnr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\rsvpsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mswsock.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144921110545
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145577306765
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) - http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O18 - Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
O18 - Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\SHELL32.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\System32\stobject.dll
O23 - Service: Application Layer Gateway Service (ALG) - Microsoft Corporation - C:\WINDOWS\System32\alg.exe
O23 - Service: Application Management (AppMgmt) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Audio (AudioSrv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Indexing Service (cisvc) - Microsoft Corporation - C:\WINDOWS\System32\cisvc.exe
O23 - Service: COM+ System Application (COMSysApp) - Microsoft Corporation - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Cryptographic Services (CryptSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: DCOM Server Process Launcher (DcomLaunch) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: DHCP Client (Dhcp) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Logical Disk Manager (dmserver) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: DNS Client (Dnscache) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Error Reporting Service (ERSvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Event Log (Eventlog) - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: COM+ Event System (EventSystem) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Fast User Switching Compatibility (FastUserSwitchingCompatibility) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Help and Support (helpsvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: HTTP SSL (HTTPFilter) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Microsoft Corporation - C:\WINDOWS\System32\imapi.exe
O23 - Service: TCP/IP NetBIOS Helper (LmHosts) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Microsoft Corporation - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Microsoft Corporation - C:\WINDOWS\System32\msdtc.exe
O23 - Service: Windows Installer (MSIServer) - Microsoft Corporation - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Network Connections (Netman) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Location Awareness (NLA) (Nla) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Removable Storage (NtmsSvc) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Microsoft Corporation - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: Plug and Play (PlugPlay) - Microsoft Corporation - C:\WINDOWS\system32\services.exe
O23 - Service: IPSEC Services (PolicyAgent) - Microsoft Corporation - C:\WINDOWS\System32\lsass.exe
O23 - Service: Protected Storage (ProtectedStorage) - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Remote Access Auto Connection Manager (RasAuto) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Remote Access Connection Manager (RasMan) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Microsoft Corporation - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Remote Procedure Call (RPC) (RpcSs) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: QoS RSVP (RSVP) - Microsoft Corporation - C:\WINDOWS\System32\rsvp.exe
O23 - Service: Security Accounts Manager (SamSs) - Microsoft Corporation - C:\WINDOWS\system32\lsass.exe
O23 - Service: Smart Card (SCardSvr) - Microsoft Corporation - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Task Scheduler (Schedule) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Secondary Logon (seclogon) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: System Event Notification (SENS) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Shell Hardware Detection (ShellHWDetection) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Print Spooler (Spooler) - Microsoft Corporation - C:\WINDOWS\system32\spoolsv.exe
O23 - Service: System Restore Service (srservice) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: SSDP Discovery Service (SSDPSRV) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Image Acquisition (WIA) (stisvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Microsoft Corporation - C:\WINDOWS\System32\dllhost.exe
O23 - Service: Performance Logs and Alerts (SysmonLog) - Microsoft Corporation - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telephony (TapiSrv) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Terminal Services (TermService) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Themes - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Distributed Link Tracking Client (TrkWks) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Microsoft Corporation - C:\WINDOWS\system32\wdfmgr.exe
O23 - Service: Universal Plug and Play Device Host (upnphost) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Microsoft Corporation - C:\WINDOWS\System32\ups.exe
O23 - Service: Volume Shadow Copy (VSS) - Microsoft Corporation - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Time (W32Time) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: WebClient - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Windows Management Instrumentation (winmgmt) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Portable Media Serial Number Service (WmdmPmSN) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: WMI Performance Adapter (WmiApSrv) - Microsoft Corporation - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Security Center (wscsvc) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Automatic Updates (wuauserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe
O23 - Service: Wireless Zero Configuration (WZCSVC) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe
O23 - Service: Network Provisioning Service (xmlprov) - Microsoft Corporation - C:\WINDOWS\System32\svchost.exe

#3 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:12:08 AM

Posted 03 May 2006 - 04:51 PM

Hello jm1919 and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

I cannot find much information good or bad about RemoveIt Pro. From the website they really want you to purchase the Enterprise version so the SE version (the freeware version) might be throwing up false positives as a goad to get you to purchase it. If you want to have the files checked out with multiple scanners to see if there is actually a problem with them then go to Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:

Several scanning engines will be used to check the file for any threats. If you have any questions regardingthe results then post them back here and I will take a look at the information.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users