Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help!


  • This topic is locked This topic is locked
7 replies to this topic

#1 dfm

dfm

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 15 November 2006 - 04:25 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:13:50 AM, on 2006/11/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\Server.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\czpinger.exe
C:\WINDOWS\system32\czprnmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\PC Stop\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Shell23] C:\WINDOWS\system32\Server
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl04g\FAXRX.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - file://D:\binary\jre-1_5_0_04-windows-i586-p.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{788D0AC6-C80E-4BB9-98DF-C35125400E38}: NameServer = 196.30.31.193 196.46.70.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:20 AM

Posted 16 November 2006 - 05:52 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do not run a scan just yet. We will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.

  • Clean out your Temporary Internet files.
    • Internet Explorer
      • Close Internet Explorer and close any instances of Windows Explorer.
      • Click Start -> Control Panel and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
    • Firefox (In case you also have Firefox installed)
      • Open Firefox and go to Tools -> Options.
      • Click Privacy in the menu on the left side of the Options window.
      • Click the Clear button located to the right of each option (History, Cookies, Cache).
      • Click OK to close the Options window.
        Alternatively, you can clear all information stored while browsing by clicking Clear All.
        A confirmation dialog box will be shown before clearing the information.
    IMPORTANT: Close all windows and do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess.

  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware scan report along with a new hijackthis log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dfm

dfm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 16 November 2006 - 10:58 PM

Hi Sam,

Thanks for the reply. Sorry I'v taken so long to respond, been really busy at work. I will try what u advised this weekend and will post results on Monday.

Thanks again for your help.

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:20 AM

Posted 17 November 2006 - 08:59 AM

No problem. I know all about being busy at work. :thumbsup:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dfm

dfm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 21 November 2006 - 03:24 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:02:35 AM 2006/11/21

+ Scan result:



C:\Program Files\Common Files\Companion Wizard\compwiz.exe -> Adware.WinAntiVirus : Ignored.
C:\Program Files\Common Files\WinAntiVirus Pro 2006\WapCHK.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018867.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018868.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018869.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018870.sys -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018871.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018872.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018873.ini -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018874.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018875.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018877.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018878.cpl -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018879.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018882.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018883.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018884.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018886.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018887.exe -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018890.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018891.sys -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018910.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018911.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018912.dll -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018913.dll -> Adware.WinAntiVirus : Ignored.
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Ignored.
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP62\A0019122.exe -> Backdoor.IRCBot.xq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP63\A0019467.exe -> Backdoor.IRCBot.xq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP63\A0019471.exe -> Backdoor.IRCBot.xq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP62\A0019232.exe -> Downloader.PurityScan.dc : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP69\A0019569.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018968.exe -> Proxy.Horst.kq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0018970.exe -> Proxy.Horst.kq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0019034.exe -> Proxy.Horst.kq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0019036.exe -> Proxy.Horst.kq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0019087.exe -> Proxy.Horst.kq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP61\A0019089.exe -> Proxy.Horst.kq : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP62\A0019219.exe -> Proxy.Horst.ky : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP62\A0019221.exe -> Proxy.Horst.ky : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP62\A0019355.exe -> Proxy.Horst.ky : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP62\A0019376.exe -> Proxy.Horst.ky : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP64\A0019562.exe -> Proxy.Horst.lc : Ignored.
C:\System Volume Information\_restore{2E8874A4-7A79-4D94-91BB-1A2BCEF2C534}\RP69\A0019571.exe -> Proxy.Horst.lc : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@adbrite[1].txt -> TrackingCookie.Adbrite : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@advertising[1].txt -> TrackingCookie.Advertising : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@atdmt[2].txt -> TrackingCookie.Atdmt : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@casalemedia[1].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@casalemedia[2].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@casalemedia[3].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@casalemedia[5].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@casalemedia[6].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@casalemedia[7].txt -> TrackingCookie.Casalemedia : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@doubleclick[2].txt -> TrackingCookie.Doubleclick : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@fastclick[3].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@media.fastclick[1].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@media.fastclick[2].txt -> TrackingCookie.Fastclick : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@image.masterstats[1].txt -> TrackingCookie.Masterstats : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@serving-sys[1].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@serving-sys[2].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@serving-sys[3].txt -> TrackingCookie.Serving-sys : Ignored.
C:\Documents and Settings\PC Stop\Cookies\pc stop@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Ignored.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 10:17:33 AM, on 2006/11/21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\Server.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Brother\Brmfl04g\FAXRX.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\czpinger.exe
C:\WINDOWS\system32\czprnmon.exe
C:\Documents and Settings\PC Stop\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
F2 - REG:system.ini: Shell=
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Shell23] C:\WINDOWS\system32\Server
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: FAXRX.lnk = C:\Program Files\Brother\Brmfl04g\FAXRX.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - file://D:\binary\jre-1_5_0_04-windows-i586-p.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

#6 dfm

dfm
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 21 November 2006 - 03:25 AM

Howsit, sorry for the late reply. Also, do you know whats the best antivirus software to get for a multiuser network.

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:20 AM

Posted 21 November 2006 - 03:08 PM

Are you still getting virus alerts?


Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.



I don't know about what's best for a multiuser network, but I really like AVG on my home computers.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:08:20 AM

Posted 08 December 2006 - 07:06 PM

Unfortunately there has been no response. :thumbsup:
This thread will now be closed.

If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users