Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Videos


  • Please log in to reply
3 replies to this topic

#1 notoriousjoe1

notoriousjoe1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 27 December 2006 - 10:52 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:41:13 PM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Joe\LOCALS~1\Temp\Rar$EX00.515\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\Poker.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 28 December 2006 - 09:51 AM

You have no active AntiVirus!

Get the free AVG 7.5 install it, check for updates and run a full scan

AVG 7.5 - http://free.grisoft.com/freeweb.php/doc/2/
===================

Download Superantispyware

http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
On the main screen, under Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click OK.
Make sure everything in the white box has a check next to it, then click Next.
It will quarantine what it found and if it asks if you want to reboot, click Yes.
To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
Click close and close again to exit the program.
Please paste that information here for me with a new HijackThis log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 notoriousjoe1

notoriousjoe1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 31 December 2006 - 01:06 PM

SUPERAntiSpyware Scan Log
Generated 12/31/2006 at 11:52 AM

Application Version : 3.4.1000

Core Rules Database Version : 3156
Trace Rules Database Version: 1171

Scan type : Quick Scan
Total Scan Time : 00:09:12

Memory items scanned : 514
Memory threats detected : 0
Registry items scanned : 687
Registry threats detected : 0
File items scanned : 9888
File threats detected : 51

Adware.Tracking Cookie
C:\Documents and Settings\Joe\Cookies\joe@ads.addynamix[1].txt
C:\Documents and Settings\Joe\Cookies\joe@advertising[1].txt
C:\Documents and Settings\Joe\Cookies\joe@citi.bridgetrack[1].txt
C:\Documents and Settings\Joe\Cookies\joe@ad.yieldmanager[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adlegend[1].txt
C:\Documents and Settings\Joe\Cookies\joe@linksynergy[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adserver[1].txt
C:\Documents and Settings\Joe\Cookies\joe@hitbox[2].txt
C:\Documents and Settings\Joe\Cookies\joe@www.burstnet[1].txt
C:\Documents and Settings\Joe\Cookies\joe@1070847646[1].txt
C:\Documents and Settings\Joe\Cookies\joe@indextools[2].txt
C:\Documents and Settings\Joe\Cookies\joe@edge.ru4[1].txt
C:\Documents and Settings\Joe\Cookies\joe@statcounter[1].txt
C:\Documents and Settings\Joe\Cookies\joe@mb[2].txt
C:\Documents and Settings\Joe\Cookies\joe@2o7[1].txt
C:\Documents and Settings\Joe\Cookies\joe@statse.webtrendslive[2].txt
C:\Documents and Settings\Joe\Cookies\joe@rotator.adjuggler[2].txt
C:\Documents and Settings\Joe\Cookies\joe@ehg-foxmovies.hitbox[2].txt
C:\Documents and Settings\Joe\Cookies\joe@pt.crossmediaservices[1].txt
C:\Documents and Settings\Joe\Cookies\joe@overture[1].txt
C:\Documents and Settings\Joe\Cookies\joe@doubleclick[2].txt
C:\Documents and Settings\Joe\Cookies\joe@mediaplex[1].txt
C:\Documents and Settings\Joe\Cookies\joe@mb[1].txt
C:\Documents and Settings\Joe\Cookies\joe@serving-sys[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adbrite[2].txt
C:\Documents and Settings\Joe\Cookies\joe@revsci[2].txt
C:\Documents and Settings\Joe\Cookies\joe@adrevolver[2].txt
C:\Documents and Settings\Joe\Cookies\joe@adrevolver[1].txt
C:\Documents and Settings\Joe\Cookies\joe@anad.tacoda[1].txt
C:\Documents and Settings\Joe\Cookies\joe@tacoda[1].txt
C:\Documents and Settings\Joe\Cookies\joe@adopt.specificclick[1].txt
C:\Documents and Settings\Joe\Cookies\joe@atdmt[2].txt
C:\Documents and Settings\Joe\Cookies\joe@tradedoubler[1].txt
C:\Documents and Settings\Joe\Cookies\joe@tribalfusion[1].txt
C:\Documents and Settings\Joe\Cookies\joe@casalemedia[1].txt
C:\Documents and Settings\Joe\Cookies\joe@questionmarket[1].txt
C:\Documents and Settings\Joe\Cookies\joe@fastclick[2].txt
C:\Documents and Settings\Joe\Cookies\joe@msnportal.112.2o7[1].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@ad.yieldmanager[1].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@advertising[2].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@atdmt[2].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@doubleclick[1].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@edge.ru4[2].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@msnportal.112.2o7[1].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@overture[1].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@questionmarket[2].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@revsci[2].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@tribalfusion[1].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@wpni.112.2o7[1].txt
C:\Documents and Settings\Joe\Local Settings\Temp\Cookies\joe@zedo[2].txt

Adware.180solutions/Search Assistant
C:\DOCUMENTS AND SETTINGS\JOE\LOCAL SETTINGS\TEMP\TSL23.TMP

#4 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:34 AM

Posted 31 December 2006 - 01:37 PM

How are things
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users