Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:trojan-gen My Hjt Log


  • This topic is locked This topic is locked
6 replies to this topic

#1 ml2487

ml2487

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Fishkill
  • Local time:02:51 AM

Posted 26 March 2007 - 12:25 PM

I just finished a fresh os install about a week ago and i must have got something already. avast pops up with alerts about 3 times in a row every once in a while. heres my log and many thanks in advance.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:20:46 PM, on 3/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINNT\system32\DeltTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {33CFF9A3-7ECB-4382-806D-AB0138BC7386} - C:\WINNT\system32\opnklkj.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINNT\system32\djnmtrey.dll
O2 - BHO: (no name) - {BF458AD7-C7E5-45F6-94E3-F432CA243830} - C:\WINNT\system32\pmkji.dll
O2 - BHO: (no name) - {F772A44A-7C3B-428F-A41C-8D087CD9B895} - C:\WINNT\system32\fdldhtmy.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\obewsrie.dll",setvm
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174583406375
O20 - Winlogon Notify: opnklkj - C:\WINNT\SYSTEM32\opnklkj.dll
O20 - Winlogon Notify: pmkji - C:\WINNT\system32\pmkji.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 5086 bytes

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:51 AM

Posted 27 March 2007 - 08:41 AM

Hello,

* Download VirtumundoBegone, place it on your desktop.
  • Doubleclick VirtumundoBeGone.exe to start the tool.
  • Follow the instructions on the screen.
  • Don't worry if you'll get a Blue screen with an error in it - this is normal.
After reboot,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present (some entries won't be present anymore):

O2 - BHO: (no name) - {33CFF9A3-7ECB-4382-806D-AB0138BC7386} - C:\WINNT\system32\opnklkj.dll
O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} - C:\WINNT\system32\djnmtrey.dll
O2 - BHO: (no name) - {BF458AD7-C7E5-45F6-94E3-F432CA243830} - C:\WINNT\system32\pmkji.dll
O2 - BHO: (no name) - {F772A44A-7C3B-428F-A41C-8D087CD9B895} - C:\WINNT\system32\fdldhtmy.dll
O4 - HKLM\..\Run: [SoundService] rundll32.exe "C:\WINNT\system32\obewsrie.dll",setvm
O20 - Winlogon Notify: opnklkj - C:\WINNT\SYSTEM32\opnklkj.dll
O20 - Winlogon Notify: pmkji - C:\WINNT\system32\pmkji.dll


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Post the contents of the log VBG.TXT which present on your desktop together with a new HijackThislog in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 ml2487

ml2487
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Fishkill
  • Local time:02:51 AM

Posted 27 March 2007 - 11:00 AM

ive gotta say ive only been on this site about twice in 3 years or so but it has to be the most helpful forum on the internet. thanks for your help. heres my vbg log:


[03/27/2007, 11:48:15] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Mike Light.THELAB\Desktop\VirtumundoBeGone.exe" )
[03/27/2007, 11:48:19] - Detected System Information:
[03/27/2007, 11:48:19] - Windows Version: 5.0.2195, Service Pack 4
[03/27/2007, 11:48:19] - Current Username: Mike Light (Admin)
[03/27/2007, 11:48:19] - Windows is in NORMAL mode.
[03/27/2007, 11:48:19] - Searching for Browser Helper Objects:
[03/27/2007, 11:48:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:19] - BHO 2: {33CFF9A3-7ECB-4382-806D-AB0138BC7386} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\opnklkj
[03/27/2007, 11:48:19] - Found: HKLM\...\Winlogon\Notify\opnklkj - This is probably Virtumundo.
[03/27/2007, 11:48:19] - Assigning {33CFF9A3-7ECB-4382-806D-AB0138BC7386} MSEvents Object
[03/27/2007, 11:48:19] - BHO list has been changed! Starting over...
[03/27/2007, 11:48:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:19] - BHO 2: {33CFF9A3-7ECB-4382-806D-AB0138BC7386} (MSEvents Object)
[03/27/2007, 11:48:19] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:19] - BHO 3: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\pmkji
[03/27/2007, 11:48:19] - Found: HKLM\...\Winlogon\Notify\pmkji - This is probably Virtumundo.
[03/27/2007, 11:48:19] - Assigning {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} MSEvents Object
[03/27/2007, 11:48:19] - BHO list has been changed! Starting over...
[03/27/2007, 11:48:19] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:19] - BHO 2: {33CFF9A3-7ECB-4382-806D-AB0138BC7386} (MSEvents Object)
[03/27/2007, 11:48:19] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:19] - BHO 3: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} (MSEvents Object)
[03/27/2007, 11:48:19] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:19] - BHO 4: {57E218E6-5A80-4f0c-AB25-83598F25D7E9} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\djnmtrey
[03/27/2007, 11:48:19] - Key not found: HKLM\...\Winlogon\Notify\djnmtrey, continuing.
[03/27/2007, 11:48:19] - BHO 5: {F772A44A-7C3B-428F-A41C-8D087CD9B895} ()
[03/27/2007, 11:48:19] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:19] - Checking for HKLM\...\Winlogon\Notify\fdldhtmy
[03/27/2007, 11:48:19] - Key not found: HKLM\...\Winlogon\Notify\fdldhtmy, continuing.
[03/27/2007, 11:48:19] - Finished Searching Browser Helper Objects
[03/27/2007, 11:48:19] - *** Detected MSEvents Object
[03/27/2007, 11:48:19] - Trying to remove MSEvents Object...
[03/27/2007, 11:48:20] - Terminating Process: IEXPLORE.EXE
[03/27/2007, 11:48:20] - Terminating Process: RUNDLL32.EXE
[03/27/2007, 11:48:20] - Disabling Automatic Shell Restart
[03/27/2007, 11:48:20] - Terminating Process: EXPLORER.EXE
[03/27/2007, 11:48:21] - Suspending the NT Session Manager System Service
[03/27/2007, 11:48:21] - Terminating Windows NT Logon/Logoff Manager
[03/27/2007, 11:48:21] - Re-enabling Automatic Shell Restart
[03/27/2007, 11:48:21] - File to disable: C:\WINNT\system32\opnklkj.dll
[03/27/2007, 11:48:21] - Renaming C:\WINNT\system32\opnklkj.dll -> C:\WINNT\system32\opnklkj.dll.vir
[03/27/2007, 11:48:21] - ! File rename was unsucessful.
[03/27/2007, 11:48:21] - Attempting to Deny Access to C:\WINNT\system32\opnklkj.dll
[03/27/2007, 11:48:21] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/27/2007, 11:48:21] - processed file: C:\WINNT\system32\opnklkj.dll

[03/27/2007, 11:48:21] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/27/2007, 11:48:21] - Removing HKLM\...\Browser Helper Objects\{33CFF9A3-7ECB-4382-806D-AB0138BC7386}
[03/27/2007, 11:48:21] - Removing HKCR\CLSID\{33CFF9A3-7ECB-4382-806D-AB0138BC7386}
[03/27/2007, 11:48:21] - Adding Kill Bit for ActiveX for GUID: {33CFF9A3-7ECB-4382-806D-AB0138BC7386}
[03/27/2007, 11:48:21] - Deleting ATLEvents/MSEvents Registry entries
[03/27/2007, 11:48:21] - Removing HKLM\...\Winlogon\Notify\opnklkj
[03/27/2007, 11:48:21] - Searching for Browser Helper Objects:
[03/27/2007, 11:48:21] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:21] - BHO 2: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC} (MSEvents Object)
[03/27/2007, 11:48:21] - ALERT: Found MSEvents Object!
[03/27/2007, 11:48:21] - BHO 3: {57E218E6-5A80-4f0c-AB25-83598F25D7E9} ()
[03/27/2007, 11:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:21] - Checking for HKLM\...\Winlogon\Notify\djnmtrey
[03/27/2007, 11:48:21] - Key not found: HKLM\...\Winlogon\Notify\djnmtrey, continuing.
[03/27/2007, 11:48:21] - BHO 4: {F772A44A-7C3B-428F-A41C-8D087CD9B895} ()
[03/27/2007, 11:48:21] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:21] - Checking for HKLM\...\Winlogon\Notify\fdldhtmy
[03/27/2007, 11:48:21] - Key not found: HKLM\...\Winlogon\Notify\fdldhtmy, continuing.
[03/27/2007, 11:48:21] - Finished Searching Browser Helper Objects
[03/27/2007, 11:48:21] - *** Detected MSEvents Object
[03/27/2007, 11:48:21] - Trying to remove MSEvents Object...
[03/27/2007, 11:48:22] - Terminating Process: IEXPLORE.EXE
[03/27/2007, 11:48:22] - Terminating Process: RUNDLL32.EXE
[03/27/2007, 11:48:22] - Disabling Automatic Shell Restart
[03/27/2007, 11:48:22] - Terminating Process: EXPLORER.EXE
[03/27/2007, 11:48:22] - Suspending the NT Session Manager System Service
[03/27/2007, 11:48:22] - Terminating Windows NT Logon/Logoff Manager
[03/27/2007, 11:48:22] - Re-enabling Automatic Shell Restart
[03/27/2007, 11:48:22] - File to disable: C:\WINNT\system32\pmkji.dll
[03/27/2007, 11:48:22] - Renaming C:\WINNT\system32\pmkji.dll -> C:\WINNT\system32\pmkji.dll.vir
[03/27/2007, 11:48:23] - ! File rename was unsucessful.
[03/27/2007, 11:48:23] - Attempting to Deny Access to C:\WINNT\system32\pmkji.dll
[03/27/2007, 11:48:23] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[03/27/2007, 11:48:23] - ERROR: The system cannot find the file specified.

[03/27/2007, 11:48:23] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[03/27/2007, 11:48:23] - Removing HKLM\...\Browser Helper Objects\{3F0EA7D9-533A-472F-9B1E-3EC98899AACC}
[03/27/2007, 11:48:23] - Removing HKCR\CLSID\{3F0EA7D9-533A-472F-9B1E-3EC98899AACC}
[03/27/2007, 11:48:23] - Adding Kill Bit for ActiveX for GUID: {3F0EA7D9-533A-472F-9B1E-3EC98899AACC}
[03/27/2007, 11:48:23] - Deleting ATLEvents/MSEvents Registry entries
[03/27/2007, 11:48:23] - Removing HKLM\...\Winlogon\Notify\pmkji
[03/27/2007, 11:48:23] - Searching for Browser Helper Objects:
[03/27/2007, 11:48:23] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/27/2007, 11:48:23] - BHO 2: {57E218E6-5A80-4f0c-AB25-83598F25D7E9} ()
[03/27/2007, 11:48:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:23] - Checking for HKLM\...\Winlogon\Notify\djnmtrey
[03/27/2007, 11:48:23] - Key not found: HKLM\...\Winlogon\Notify\djnmtrey, continuing.
[03/27/2007, 11:48:23] - BHO 3: {F772A44A-7C3B-428F-A41C-8D087CD9B895} ()
[03/27/2007, 11:48:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/27/2007, 11:48:23] - Checking for HKLM\...\Winlogon\Notify\fdldhtmy
[03/27/2007, 11:48:23] - Key not found: HKLM\...\Winlogon\Notify\fdldhtmy, continuing.
[03/27/2007, 11:48:23] - Finished Searching Browser Helper Objects
[03/27/2007, 11:48:23] - Finishing up...
[03/27/2007, 11:48:23] - A restart is needed.
[03/27/2007, 11:48:27] - Attempting to Restart via STOP error (Blue Screen!)


and the hjt:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:56:07 AM, on 3/27/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINNT\system32\DeltTray.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HJT\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [D-Link RangeBooster G WUA-2340] C:\Program Files\D-Link\RangeBooster G WUA-2340\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1174583406375
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINNT\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINNT\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

--
End of file - 4394 bytes

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:51 AM

Posted 27 March 2007 - 11:05 AM

Hi,

Your log looks clean again. How are things now?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 ml2487

ml2487
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Fishkill
  • Local time:02:51 AM

Posted 28 March 2007 - 12:33 AM

yeah seems to be working alright now. thanks again.

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:51 AM

Posted 28 March 2007 - 03:32 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:08:51 AM

Posted 29 March 2007 - 05:33 PM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users