Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Badly Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 BagelAnne

BagelAnne

  • Members
  • 96 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:37 PM

Posted 29 October 2006 - 01:49 PM

I have a gateway that is rumung xp home and was so infected I couldn't oven services or get on the internet. I have just done a repair installation of the operating system and am doing online scans that are comming up with tons of malware but no fix unless I buy their product.
I am hoping someone can help. Here are some of the scans:
Panda Active scan

Incident Status Location

Adware:adware/keenvalue Not disinfected c:\winnt\system32\drivers\etc\hosts.bho
Spyware:spyware/whazit Not disinfected c:\winnt\system32\fiz1
Adware:adware/powerstrip Not disinfected c:\winnt\system32\lmd.bin
Adware:adware/ezula Not disinfected c:\winnt\system32\sysfile.dll
Adware:adware/exact.bargainbuddy Not disinfected c:\winnt\system32\vx3.nls
Adware:adware/portalscan Not disinfected c:\winnt\system32\winupdt.bin
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/downloadware Not disinfected c:\program files\MLH
Adware:adware/quickbrowser Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Adware:adware/sahagent Not disinfected Windows Registry
Adware:Adware/QuickBrowser Not disinfected C:\Documents and Settings\Owner\Desktop\New Compressed (zipped) Folder.zip[NetMeeting/KG/KGhost.dll]
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Owner\k.html
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\HJT\backups\backup-20041109-174814-529-PowerReg Scheduler.exe
Adware:Adware/Gator Not disinfected C:\WINNT\Downloaded Program Files\HDPlugin1019.inf
Adware:Adware/SAHAgent Not disinfected C:\WINNT\inf\bi6.inf
Spyware:Spyware/CouponAge Not disinfected C:\WINNT\system32\cacore.dll
Spyware:Spyware/CouponAge Not disinfected C:\WINNT\system32\casync.dll
Spyware:Spyware/Abcsearch Not disinfected C:\WINNT\system32\msehek.dll
Spyware:Spyware/Omi Not disinfected C:\WINNT\system32\msfdje.gif

Combofix:
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-29 to 2006-10-29 ))))))))))))))))))))))))))))))))))


2006-10-28 19:51 72,576 -ra------ C:\WINNT\system32\drivers\netusbxp.sys
2006-10-28 19:23 0 --a------ C:\CONFIG.SYS
2006-10-28 19:23 0 --a------ C:\AUTOEXEC.BAT
2006-10-28 19:16 179,200 --a------ C:\WINNT\system32\qmgr.dll
2006-10-28 19:16 17,408 --a------ C:\WINNT\system32\qmgrprxy.dll
2006-10-28 19:15 90,624 --a------ C:\WINNT\system32\msoert2.dll
2006-10-28 19:15 9,728 --a------ C:\WINNT\system32\mstinit.exe
2006-10-28 19:15 77,824 --a------ C:\WINNT\system32\isign32.dll
2006-10-28 19:15 73,728 --a------ C:\WINNT\system32\ils.dll
2006-10-28 19:15 70,400 --a------ C:\WINNT\system32\drivers\sr.sys
2006-10-28 19:15 69,632 --a------ C:\WINNT\system32\icwdial.dll
2006-10-28 19:15 65,536 --a------ C:\WINNT\system32\msconf.dll
2006-10-28 19:15 61,952 --a------ C:\WINNT\system32\srclient.dll
2006-10-28 19:15 61,440 --a------ C:\WINNT\system32\icwphbk.dll
2006-10-28 19:15 47,616 --a------ C:\WINNT\system32\inetres.dll
2006-10-28 19:15 40,960 --a------ C:\WINNT\system32\safrslv.dll
2006-10-28 19:15 39,424 --a------ C:\WINNT\system32\safrcdlg.dll
2006-10-28 19:15 33,280 --a------ C:\WINNT\system32\racpldlg.dll
2006-10-28 19:15 32,768 --a------ C:\WINNT\system32\mnmsrvc.exe
2006-10-28 19:15 32,384 --a------ C:\WINNT\system32\mnmdd.dll
2006-10-28 19:15 28,672 --a------ C:\WINNT\system32\isrdbg32.dll
2006-10-28 19:15 266,240 --a------ C:\WINNT\system32\inetcfg.dll
2006-10-28 19:15 26,624 --a------ C:\WINNT\system32\safrdm.dll
2006-10-28 19:15 249,856 --a------ C:\WINNT\system32\mstask.dll
2006-10-28 19:15 24,576 --a------ C:\WINNT\system32\nmmkcert.dll
2006-10-28 19:15 228,864 --a------ C:\WINNT\system32\msoeacct.dll
2006-10-28 19:15 218,112 --a------ C:\WINNT\system32\srrstr.dll
2006-10-28 19:15 158,720 --a------ C:\WINNT\system32\schedsvc.dll
2006-10-28 19:15 155,136 --a------ C:\WINNT\system32\srsvc.dll
2006-10-28 19:13 98,816 --a------ C:\WINNT\system32\clipbrd.exe
2006-10-28 19:13 95,744 --a------ C:\WINNT\system32\wuaueng.dll
2006-10-28 19:13 534,016 --a------ C:\WINNT\system32\spider.exe
2006-10-28 19:13 339,968 --a------ C:\WINNT\system32\mspaint.exe
2006-10-28 19:13 179,200 --a------ C:\WINNT\system32\accwiz.exe
2006-10-28 19:13 124,416 --a------ C:\WINNT\system32\sndrec32.exe
2006-10-28 19:13 116,736 --a------ C:\WINNT\system32\mplay32.exe
2006-10-28 19:13 112,128 --a------ C:\WINNT\system32\wuauclt.exe
2006-10-28 19:12 88,576 --a------ C:\WINNT\system32\tscfgwmi.dll
2006-10-28 19:12 85,504 --a------ C:\WINNT\system32\catsrvps.dll
2006-10-28 19:12 8,704 --a------ C:\WINNT\system32\icaapi.dll
2006-10-28 19:12 73,864 --a------ C:\WINNT\system32\rdpwsx.dll
2006-10-28 19:12 61,952 --a------ C:\WINNT\system32\rdshost.exe
2006-10-28 19:12 6,144 --a------ C:\WINNT\system32\msdtc.exe
2006-10-28 19:12 57,344 --a------ C:\WINNT\system32\licwmi.dll
2006-10-28 19:12 56,320 --a------ C:\WINNT\system32\remotepg.dll
2006-10-28 19:12 54,784 --a------ C:\WINNT\system32\msdtclog.dll
2006-10-28 19:12 53,248 --a------ C:\WINNT\system32\servdeps.dll
2006-10-28 19:12 503,296 --a------ C:\WINNT\system32\mstscax.dll
2006-10-28 19:12 50,048 --a------ C:\WINNT\system32\drivers\DMusic.sys
2006-10-28 19:12 41,984 --a------ C:\WINNT\system32\rdpclip.exe
2006-10-28 19:12 40,448 --a------ C:\WINNT\system32\tscupgrd.exe
2006-10-28 19:12 4,096 --a------ C:\WINNT\system32\wuauserv.dll
2006-10-28 19:12 385,536 --a------ C:\WINNT\system32\mstsc.exe
2006-10-28 19:12 32,768 --a------ C:\WINNT\system32\cfgbkend.dll
2006-10-28 19:12 20,232 --a------ C:\WINNT\system32\drivers\tdtcp.sys
2006-10-28 19:12 197,632 --a------ C:\WINNT\system32\termsrv.dll
2006-10-28 19:12 181,632 --a------ C:\WINNT\system32\drivers\rdpdr.sys
2006-10-28 19:12 18,432 --a------ C:\WINNT\system32\qprocess.exe
2006-10-28 19:12 174,592 --a------ C:\WINNT\system32\cmprops.dll
2006-10-28 19:12 16,384 --a------ C:\WINNT\system32\mmfutil.dll
2006-10-28 19:12 14,848 --a------ C:\WINNT\system32\rdpsnd.dll
2006-10-28 19:12 134,656 --a------ C:\WINNT\system32\rdchost.dll
2006-10-28 19:12 130,048 --a------ C:\WINNT\system32\sessmgr.exe
2006-10-28 19:12 12,288 --a------ C:\WINNT\system32\rdsaddin.exe
2006-10-28 19:12 11,144 --a------ C:\WINNT\system32\drivers\tdpipe.sys
2006-10-28 19:09 55,808 --a------ C:\WINNT\system32\drivers\redbook.sys
2006-10-28 19:05 37,896 --a------ C:\WINNT\system32\drivers\termdd.sys
2006-10-28 19:03 70,656 --a------ C:\WINNT\system32\storprop.dll
2006-10-28 19:03 24,661 --a------ C:\WINNT\system32\spxcoins.dll
2006-10-28 19:03 13,312 --a------ C:\WINNT\system32\irclass.dll
2006-10-28 19:03 10,496 --a------ C:\WINNT\system32\drivers\irenum.sys
2006-10-28 16:19 5,056 --a------ C:\WINNT\system32\drivers\AloPar.sys
2006-10-22 16:40 10,344 --a------ C:\WINNT\system32\drivers\symlcbrd.sys
2006-10-04 03:59 127,208 --a------ C:\WINNT\system32\mucltui.dll
2006-10-01 11:07 5,632 --a------ C:\WINNT\system32\ptpusb.dll
2006-10-01 11:07 159,232 --a------ C:\WINNT\system32\ptpusd.dll
2006-10-01 11:07 13,824 --a------ C:\WINNT\system32\drivers\usbscan.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-29 12:22 -------- d-------- C:\Program Files\Enigma Software Group
2006-10-29 10:58 -------- d-------- C:\Program Files\Symantec
2006-10-29 10:57 -------- d-------- C:\Program Files\QuickTime
2006-10-29 10:56 -------- d-------- C:\Program Files\MSN Messenger
2006-10-29 10:53 -------- d-------- C:\Program Files\iTunes
2006-10-29 10:52 -------- d-------- C:\Program Files\Internet Explorer
2006-10-29 10:52 -------- d-------- C:\Program Files\Google
2006-10-29 10:49 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-29 09:46 -------- d-------- C:\Program Files\Western Digital Technologies
2006-10-28 20:14 -------- d-------- C:\Program Files\Lavasoft
2006-10-28 20:00 -------- d-------- C:\Documents and Settings\Owner\Application Data\Google
2006-10-28 19:31 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-28 19:23 -------- d-------- C:\Program Files\Windows Media Player
2006-10-28 19:16 -------- d-------- C:\Program Files\Movie Maker
2006-10-28 19:15 -------- d-------- C:\Program Files\Outlook Express
2006-10-28 19:15 -------- d-------- C:\Program Files\NetMeeting
2006-10-28 19:15 -------- d-------- C:\Program Files\Common Files\System
2006-10-28 19:13 -------- d-------- C:\Program Files\Windows NT
2006-10-28 19:13 -------- d-------- C:\Program Files\MSN
2006-10-28 16:14 -------- d-------- C:\Program Files\Eisenworld
2006-10-28 14:30 -------- d---s---- C:\Documents and Settings\Owner\Application Data\Microsoft
2006-10-27 12:25 -------- d-------- C:\Program Files\Hijackthis
2006-10-26 18:33 -------- d-------- C:\Program Files\VCOM
2006-10-26 18:33 -------- d-------- C:\Documents and Settings\Owner\Application Data\VCOM
2006-10-26 18:31 -------- d-a------ C:\Program Files\Common Files
2006-10-26 18:31 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-10-26 16:12 -------- d-------- C:\Program Files\ewido
2006-10-22 16:32 -------- d-------- C:\Program Files\AIM95
2006-10-16 07:42 -------- d-------- C:\Documents and Settings\Owner\Application Data\LimeWire
2006-10-16 07:28 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-12 20:28 -------- d-------- C:\Program Files\iPod
2006-10-12 20:24 -------- d-------- C:\Program Files\Apple Software Update
2006-10-12 07:46 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sun
2006-10-06 20:19 -------- d-------- C:\Program Files\Java
2006-10-06 20:19 -------- d-------- C:\Program Files\Common Files\Java
2006-10-06 14:03 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-01 12:46 -------- d-------- C:\Program Files\Ahead
2006-09-26 08:06 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2006-09-24 19:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\Sony Corporation
2006-09-24 19:16 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-24 19:15 -------- d-------- C:\Program Files\Sony
2006-09-15 21:04 48816 --a------ C:\WINNT\system32\S32EVNT1.DLL
2006-09-15 21:04 109744 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2006-09-11 15:30 275112 --a------ C:\WINNT\system32\drivers\srtspl.sys
2006-09-11 15:30 243368 --a------ C:\WINNT\system32\drivers\srtsp.sys
2006-09-11 15:30 24232 --a------ C:\WINNT\system32\drivers\srtspx.sys
2006-09-02 14:35 613056 --a------ C:\WINNT\system32\SymNeti.dll
2006-09-02 14:35 36032 --a------ C:\WINNT\system32\drivers\symndisv.sys
2006-09-02 14:35 239808 --a------ C:\WINNT\system32\SymRedir.dll
2006-09-02 14:35 186048 --a------ C:\WINNT\system32\drivers\symtdi.sys
2006-09-02 14:34 39104 --a------ C:\WINNT\system32\drivers\symids.sys
2006-09-02 14:34 33216 --a------ C:\WINNT\system32\drivers\symndis.sys
2006-09-02 14:34 26432 --a------ C:\WINNT\system32\drivers\symredrv.sys
2006-09-02 14:34 144832 --a------ C:\WINNT\system32\drivers\symfw.sys
2006-09-02 14:34 11968 --a------ C:\WINNT\system32\drivers\symdns.sys
2006-08-29 10:32 -------- d-------- C:\Program Files\Real
2006-08-21 07:21 16896 --a------ C:\WINNT\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINNT\system32\fltmc.exe
2006-08-04 08:40 2297552 --a------ C:\WINNT\system32\d3dx9_26.dll
2006-07-29 18:32 48936 --a------ C:\WINNT\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\Money Express.exe\""
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Start WingMan Profiler"=""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1126047141\\ee\\AOLHostManager.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"HPDJ Taskbar Utility"="C:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\hpztsb04.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"GWMDMMSG"="GWMDMMSG.exe"
"NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
"Hot Key Kbd 9910 Daemon"="SK9910DM.EXE"
"SpyHunter"="C:\\Program Files\\Enigma Software Group\\SpyHunter\\SpyHunter.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://us.f214.mail.yahoo.com/ym/us/ShowLetter?box=Mahoney&MsgId=1329_6488_22_1578_573067_0_6_750755_1460223937&bodyPart=4&YY=59692&order=down&sort=date&pos=0&view=a&head=b"
"SubscribedURL"="http://us.f214.mail.yahoo.com/ym/us/ShowLetter?box=Mahoney&MsgId=1329_6488_22_1578_573067_0_6_750755_1460223937&bodyPart=4&YY=59692&order=down&sort=date&pos=0&view=a&head=b"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,02,00,00,23,00,00,00,1c,00,00,00,1e,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,1c,00,00,00,1e,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e3,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,70,0d,52,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{8af37f72-e87e-471c-b5be-15f07e6d61b9}"="AolHook"
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

Completion time: 06-10-29 13:26:18.71
C:\ComboFix.txt ... 06-10-29 13:26

Logfile of HijackThis v1.99.1
Scan saved at 1:46:05 PM, on 10/29/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1126047141\ee\AOLHostManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\GWMDMMSG.exe
C:\Program Files\Common Files\AOL\1126047141\ee\AOLServiceHost.exe
C:\WINNT\System32\SK9910DM.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\System32\WgaTray.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126047141\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - Startup: Herramienta de búsqueda de soportes de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\AIM95_c2\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://paucis28.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1159905266128
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/ac.../ActiveData.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/lo...3/bin/imvid.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINNT\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: PrismXL - Unknown owner - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:37 PM

Posted 31 October 2006 - 05:25 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

There really is no way to secure your computer without first patching and updating Windows to close numerous security holes in your current system. Please visit Windows Update and install Service Pack 1.

http://windowsupdate.microsoft.com/

Once you have done that, please post a fresh hijackthis log back here as a reply in this thread.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:37 PM

Posted 16 November 2006 - 05:28 PM

As there has been no response, this thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users