Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is Anything Bad Here?


  • Please log in to reply
1 reply to this topic

#1 corley45

corley45

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:33 PM

Posted 01 November 2006 - 09:55 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:48:36 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\YTBSDK.exe
C:\Documents and Settings\samuel sr\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Fix-It AV] C:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\RunOnce: [SpeedStartup] C:\Program Files\Speed Startup\speedstartup.exe runonce
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [SpeedStartup] C:\Program Files\Speed Startup\speedstartup.exe bootup
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: ccleaner - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - C:\Program Files\CCleaner\ccleaner.exe (HKCU)
O9 - Extra 'Tools' menuitem: ccleaner - {3037FC09-62A6-4446-AA30-BB9DB0CD9B65} - C:\Program Files\CCleaner\ccleaner.exe (HKCU)
O9 - Extra button: cal - {36C2D576-631E-44c6-90B4-4EBE9646DA53} - C:\Documents and Settings\samuel sr\Desktop\calc.exe (HKCU)
O9 - Extra 'Tools' menuitem: cal - {36C2D576-631E-44c6-90B4-4EBE9646DA53} - C:\Documents and Settings\samuel sr\Desktop\calc.exe (HKCU)
O9 - Extra button: restore - {46FBD990-906E-4cd1-83EB-0523EE60006B} - C:\Documents and Settings\samuel sr\Desktop\SysRestorePoint.exe (HKCU)
O9 - Extra 'Tools' menuitem: restore - {46FBD990-906E-4cd1-83EB-0523EE60006B} - C:\Documents and Settings\samuel sr\Desktop\SysRestorePoint.exe (HKCU)
O9 - Extra button: restore - {49A4746B-488B-4843-9C66-F8C97464CF19} - C:\Documents and Settings\samuel sr\Desktop\SysRestorePoint.exe (HKCU)
O9 - Extra 'Tools' menuitem: restore - {49A4746B-488B-4843-9C66-F8C97464CF19} - C:\Documents and Settings\samuel sr\Desktop\SysRestorePoint.exe (HKCU)
O9 - Extra button: eraser - {C5D305B0-431B-45d3-8E07-707D1F36AF0D} - C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe (HKCU)
O9 - Extra 'Tools' menuitem: eraser - {C5D305B0-431B-45d3-8E07-707D1F36AF0D} - C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe (HKCU)
O9 - Extra button: AddaButton - {D0281F6F-F450-4baa-A932-16EDDFD9F219} - C:\Program Files\AddaButton\aab.exe (HKCU)
O9 - Extra 'Tools' menuitem: AddaButton - {D0281F6F-F450-4baa-A932-16EDDFD9F219} - C:\Program Files\AddaButton\aab.exe (HKCU)
O9 - Extra button: restore - {D7C9BA79-A8C8-442e-B239-6C571815DBD4} - C:\Documents and Settings\samuel sr\Desktop\SysRestorePoint.exe (HKCU)
O9 - Extra 'Tools' menuitem: restore - {D7C9BA79-A8C8-442e-B239-6C571815DBD4} - C:\Documents and Settings\samuel sr\Desktop\SysRestorePoint.exe (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEC61E0-0A5C-4E26-A79A-EF41B10EBB4A}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{948485A2-B93C-4DAA-8D9E-1DE173A4E392}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{A174D161-88F1-4CF4-A559-3C54C279DD79}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AEC61E0-0A5C-4E26-A79A-EF41B10EBB4A}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\..\{1AEC61E0-0A5C-4E26-A79A-EF41B10EBB4A}: NameServer = 85.255.116.73,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Fix-It Task Manager - Avanquest Publishing USA, Inc. - C:\PROGRA~1\VCOM\Fix-It\mxtask.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 03 November 2006 - 05:29 AM

Hi corley45 and Welcome to the Bleeping Computer!


Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
  • Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin; follow the prompts.
  • You will be asked to reboot your computer,
  • Your system may take longer than usual to load; this is normal.
  • Report.txt should be generated once the fix completes.
  • Once the desktop loads-> Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

    O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEC61E0-0A5C-4E26-A79A-EF41B10EBB4A}: NameServer = 85.255.116.73,85.255.112.150

    O17 - HKLM\System\CCS\Services\Tcpip\..\{948485A2-B93C-4DAA-8D9E-1DE173A4E392}: NameServer = 85.255.116.73,85.255.112.150

    O17 - HKLM\System\CCS\Services\Tcpip\..\{A174D161-88F1-4CF4-A559-3C54C279DD79}: NameServer = 85.255.116.73,85.255.112.150

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150

    O17 - HKLM\System\CS1\Services\Tcpip\..\{1AEC61E0-0A5C-4E26-A79A-EF41B10EBB4A}: NameServer = 85.255.116.73,85.255.112.150

    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150

    O17 - HKLM\System\CS2\Services\Tcpip\..\{1AEC61E0-0A5C-4E26-A79A-EF41B10EBB4A}: NameServer = 85.255.116.73,85.255.112.150

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.73 85.255.112.150

    Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button
Now open the Control Panel-> In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically

Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable one some systems.

Click Start--> Click Run--> Type in cmd and Click OK.

Once the Command Prompt Window opens,type in or Copy&Paste the command below

ipconfig /flushdns (that space between g and / is needed)

Hit enter and them close out the command prompt window.


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThis log and Report.txt from Fix WareOut.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users