Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I have no clue what to keep or remove. First time


  • This topic is locked This topic is locked
14 replies to this topic

#1 pap10

pap10

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 31 December 2005 - 03:44 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:22:33 PM, on 12/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\JIMCRU~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrustSoftAntiSpyware] C:\Program Files\TrustSoft AntiSpyware\TrustSoftAntiSpyware.exe /STARTUP
O4 - HKLM\..\RunOnce: [MSINET.OCX] regsvr32.exe /s C:\WINDOWS\system32\MSINET.OCX
O4 - HKLM\..\RunOnce: [MSCOMCTL.OCX] regsvr32.exe /s C:\WINDOWS\system32\MSCOMCTL.OCX
O4 - HKLM\..\RunOnce: [msscript.ocx] regsvr32.exe /s C:\WINDOWS\system32\msscript.ocx
O4 - HKLM\..\RunOnce: [CCRPPRG6.OCX] regsvr32.exe /s C:\WINDOWS\system32\CCRPPRG6.OCX
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Jim Crumbock"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Jim Crumbock"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} - http://activex.micro...jects/ocget.dll
O16 - DPF: {0153B313-673A-1F7C-1B12-3AED646997AF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {0A8B5103-4EAC-2C69-5068-06F90750ABFA} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram...detect.cab?8044
O16 - DPF: {114AA3BE-BD66-578F-838E-3C4C14F19867} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1396FF3D-9877-0047-7770-19261F4268A3} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {13ADD035-36CD-6564-73E0-55FA74441287} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1917D5CA-5B1C-74CD-43EC-3B0D17C245BD} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1B1EF257-DA1B-7016-CD0D-499A77AD667F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1BD4386B-1277-609C-7170-48805E409B40} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {1C9353E4-C651-2D02-3E96-2D177A0E2C03} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {1C97C226-DB13-184B-6912-541801E4D906} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1CB4F464-F403-4DED-5B75-12AB2417EE17} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {1D6E3B6C-35E7-63F7-CF13-40333CAE4369} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {20CD1FA0-6AFA-0691-E4CF-4BB230E248AC} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2170805B-13B4-1ABA-B3D2-12061B1C24EC} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {235EC782-6AED-0F6A-4C8C-08FE7FEB6370} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2C452710-2864-0C15-E591-05751606FF48} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2C6E53B2-C031-06E5-AB6D-00B1308DEAD4} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2FC95D0B-B5F6-2276-7974-402257270CC0} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {30FF76FE-E959-656F-BCBF-31472BE78205} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {34766365-5F85-055A-2400-764663450C0D} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {36E11D4A-D9D0-34E1-2396-4F342E70EEB7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {39825F4B-DC05-3FE5-1783-0735609868C6} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3A1E1FB8-1482-749D-ED08-4CC2027E7039} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3A697046-3705-0E52-C678-73350C1FA03F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3B9103CA-8F77-1EE7-7AB9-30B1517F2C8B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3C8348DD-BC92-1ABE-7913-2D6F79BCA9DD} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3DA63FBE-61D9-55AB-2B59-66482CE07C36} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3E677ED9-698E-7D65-A6D9-584461700E8A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {40C5EFF6-4C07-27E0-B695-28A74B45884B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {432FE8C7-A1A0-226F-0A67-287B5F15CC71} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {438C8C41-CC88-3742-11DB-6A712373A49A} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {4454FFF2-879E-7C14-12A1-338823CC5052} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4668BC90-0944-07AE-18A7-76B8056DF7EF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {48538AE1-AC48-449C-3F7E-3B4E00CF67D9} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4B26C57D-1C52-385C-2261-7D0E0C7AA48B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4C1BB238-E2D5-6DFD-AAC4-5B1D1C516F7A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4F28DBA8-2515-1792-71B4-1F476EB72958} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5006FBBD-404C-12A6-BA4F-15942080123A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5073C7DF-68FF-0675-3390-0DB744845E1E} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {50AFCD9C-5172-471A-5948-2460296157AA} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {50DBE7E1-54DF-052B-EB85-564F6F87F753} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://highconvert.c...s/dimpy/bot.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {5643F805-0554-0493-587B-2A31697F744F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {565D4ADA-1BE9-4FAA-5214-15E959CCE023} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {56D911B8-6BDC-5DE7-327B-614D465D2BAF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5F5658A7-CB0A-4870-BF08-6C636B4C0A46} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {604CE36D-4829-7B5C-BB34-382C74C2507D} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {61C99043-1C47-31FE-DD4C-26073E3EE6E7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {66D3B5C5-6229-2A33-2429-648B62915E3F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {68066CCC-21AB-08B0-FD9B-7C443E092759} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126269047389
O16 - DPF: {72505842-29A3-7B7E-E682-28E065325243} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {72BDEA44-B0D6-1748-CDC4-123B38B57D68} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {759D0793-BEE6-0C7F-5896-655814B9CF8C} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {77090158-B041-2A62-030C-15D87D0AEC0D} - http://69.50.173.166/1/rdgUS2156.exe
O16 - DPF: {78BFEEB1-51E5-1436-2039-5E9A18F61AC7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {79243B12-3E29-6CA3-C0E0-5490042A14CA} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {7AB89D8C-8A12-030C-5D5E-5B0831704CDB} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC899} - http://www.kogalu.co...rnz/chatter.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.micro...jects/ocget.dll
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-l...ad/ccaccess.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...613/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

I do not know if this the right place to post my hijack this log for help. My browser is slow to react. I have performed all scans but it still seems slower then normal. The last scan came up with a cws hijacker and I removed it at the end of the scan. I have seen hijack this mention quite often and it seems like the kind of help I can use to determine what I should remove and what I should keep.
Thank you for any help you can give me. Pap10

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 05 January 2006 - 07:38 PM

Hello pap10, welcome to the forum. Sorry about the delay in responding :( If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 pap10

pap10

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 06 January 2006 - 06:27 AM

To LDTATE; Thanks for replying. I have run all my spyware software and anti-virus programs and everything is coming up clean. The only problem I had was over the holidays my computer seem slow to react while browing the net. Then I heard on the news that XP had a flaw that they had not fixed and it left XP open to be hacked. I was concerned because there wasn't much information on how to protect my machine from being hacked. Here is my hijackthis log, if you can look it over and make any suggestion I will be thankful for your time and help.

Thanks again
pap10

Logfile of HijackThis v1.99.1
Scan saved at 7:04:19 AM, on 1/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HistoryKill\histkill.exe
C:\Program Files\BestPopUpKiller\BestPopupKiller.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\DOCUME~1\JIMCRU~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} - http://activex.micro...jects/ocget.dll
O16 - DPF: {0153B313-673A-1F7C-1B12-3AED646997AF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {0A8B5103-4EAC-2C69-5068-06F90750ABFA} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram...detect.cab?8044
O16 - DPF: {114AA3BE-BD66-578F-838E-3C4C14F19867} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1396FF3D-9877-0047-7770-19261F4268A3} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {13ADD035-36CD-6564-73E0-55FA74441287} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1917D5CA-5B1C-74CD-43EC-3B0D17C245BD} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1B1EF257-DA1B-7016-CD0D-499A77AD667F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1BD4386B-1277-609C-7170-48805E409B40} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {1C9353E4-C651-2D02-3E96-2D177A0E2C03} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {1C97C226-DB13-184B-6912-541801E4D906} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1CB4F464-F403-4DED-5B75-12AB2417EE17} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {1D6E3B6C-35E7-63F7-CF13-40333CAE4369} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {20CD1FA0-6AFA-0691-E4CF-4BB230E248AC} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2170805B-13B4-1ABA-B3D2-12061B1C24EC} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {235EC782-6AED-0F6A-4C8C-08FE7FEB6370} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2C452710-2864-0C15-E591-05751606FF48} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2C6E53B2-C031-06E5-AB6D-00B1308DEAD4} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2FC95D0B-B5F6-2276-7974-402257270CC0} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {30FF76FE-E959-656F-BCBF-31472BE78205} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {34766365-5F85-055A-2400-764663450C0D} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {36E11D4A-D9D0-34E1-2396-4F342E70EEB7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {39825F4B-DC05-3FE5-1783-0735609868C6} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3A1E1FB8-1482-749D-ED08-4CC2027E7039} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3A697046-3705-0E52-C678-73350C1FA03F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3B9103CA-8F77-1EE7-7AB9-30B1517F2C8B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3C8348DD-BC92-1ABE-7913-2D6F79BCA9DD} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3DA63FBE-61D9-55AB-2B59-66482CE07C36} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3E677ED9-698E-7D65-A6D9-584461700E8A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {40C5EFF6-4C07-27E0-B695-28A74B45884B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {432FE8C7-A1A0-226F-0A67-287B5F15CC71} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {438C8C41-CC88-3742-11DB-6A712373A49A} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {4454FFF2-879E-7C14-12A1-338823CC5052} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4668BC90-0944-07AE-18A7-76B8056DF7EF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {48538AE1-AC48-449C-3F7E-3B4E00CF67D9} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4B26C57D-1C52-385C-2261-7D0E0C7AA48B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4C1BB238-E2D5-6DFD-AAC4-5B1D1C516F7A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4F28DBA8-2515-1792-71B4-1F476EB72958} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5006FBBD-404C-12A6-BA4F-15942080123A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5073C7DF-68FF-0675-3390-0DB744845E1E} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {50AFCD9C-5172-471A-5948-2460296157AA} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {50DBE7E1-54DF-052B-EB85-564F6F87F753} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://highconvert.c...s/dimpy/bot.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {5643F805-0554-0493-587B-2A31697F744F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {565D4ADA-1BE9-4FAA-5214-15E959CCE023} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {56D911B8-6BDC-5DE7-327B-614D465D2BAF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5F5658A7-CB0A-4870-BF08-6C636B4C0A46} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {604CE36D-4829-7B5C-BB34-382C74C2507D} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {61C99043-1C47-31FE-DD4C-26073E3EE6E7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {66D3B5C5-6229-2A33-2429-648B62915E3F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {68066CCC-21AB-08B0-FD9B-7C443E092759} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126269047389
O16 - DPF: {72505842-29A3-7B7E-E682-28E065325243} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {72BDEA44-B0D6-1748-CDC4-123B38B57D68} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {759D0793-BEE6-0C7F-5896-655814B9CF8C} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {77090158-B041-2A62-030C-15D87D0AEC0D} - http://69.50.173.166/1/rdgUS2156.exe
O16 - DPF: {78BFEEB1-51E5-1436-2039-5E9A18F61AC7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {79243B12-3E29-6CA3-C0E0-5490042A14CA} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {7AB89D8C-8A12-030C-5D5E-5B0831704CDB} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC899} - http://www.kogalu.co...rnz/chatter.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.micro...jects/ocget.dll
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-l...ad/ccaccess.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...613/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 18 January 2006 - 09:07 PM

pap10, please don't start a new topic. I had no notification that you posted a new log.
Please use the Posted Image to reply. Thanks

Post a new HijackThis log HERE please.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 pap10

pap10

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 January 2006 - 10:20 AM

Sorry about posting in wrong place. My machine isn't having any serious problems as of now but I still will appreciate if you could give me any advice as to what to keep or remove from the hijack this log.
Thanks Pap 10
Logfile of HijackThis v1.99.1
Scan saved at 11:16:14 AM, on 1/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jim Crumbock\Desktop\hijackthis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Bugnosis - {3A6514CD-A457-11D4-8AF3-000102686B79} - C:\Program Files\Bugnosis\WebBug.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Bugnosis - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - C:\Program Files\Bugnosis\WebBug.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} - http://activex.micro...jects/ocget.dll
O16 - DPF: {0153B313-673A-1F7C-1B12-3AED646997AF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {0A8B5103-4EAC-2C69-5068-06F90750ABFA} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram...detect.cab?8044
O16 - DPF: {114AA3BE-BD66-578F-838E-3C4C14F19867} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1396FF3D-9877-0047-7770-19261F4268A3} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {13ADD035-36CD-6564-73E0-55FA74441287} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1917D5CA-5B1C-74CD-43EC-3B0D17C245BD} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1B1EF257-DA1B-7016-CD0D-499A77AD667F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1BD4386B-1277-609C-7170-48805E409B40} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {1C9353E4-C651-2D02-3E96-2D177A0E2C03} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {1C97C226-DB13-184B-6912-541801E4D906} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1CB4F464-F403-4DED-5B75-12AB2417EE17} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {1D6E3B6C-35E7-63F7-CF13-40333CAE4369} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {20CD1FA0-6AFA-0691-E4CF-4BB230E248AC} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2170805B-13B4-1ABA-B3D2-12061B1C24EC} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {235EC782-6AED-0F6A-4C8C-08FE7FEB6370} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2C452710-2864-0C15-E591-05751606FF48} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2C6E53B2-C031-06E5-AB6D-00B1308DEAD4} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {2FC95D0B-B5F6-2276-7974-402257270CC0} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {30FF76FE-E959-656F-BCBF-31472BE78205} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {34766365-5F85-055A-2400-764663450C0D} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {36E11D4A-D9D0-34E1-2396-4F342E70EEB7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {39825F4B-DC05-3FE5-1783-0735609868C6} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3A1E1FB8-1482-749D-ED08-4CC2027E7039} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3A697046-3705-0E52-C678-73350C1FA03F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3B9103CA-8F77-1EE7-7AB9-30B1517F2C8B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3C8348DD-BC92-1ABE-7913-2D6F79BCA9DD} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3DA63FBE-61D9-55AB-2B59-66482CE07C36} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {3E677ED9-698E-7D65-A6D9-584461700E8A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {40C5EFF6-4C07-27E0-B695-28A74B45884B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {432FE8C7-A1A0-226F-0A67-287B5F15CC71} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {438C8C41-CC88-3742-11DB-6A712373A49A} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {4454FFF2-879E-7C14-12A1-338823CC5052} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4668BC90-0944-07AE-18A7-76B8056DF7EF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {48538AE1-AC48-449C-3F7E-3B4E00CF67D9} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4B26C57D-1C52-385C-2261-7D0E0C7AA48B} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4C1BB238-E2D5-6DFD-AAC4-5B1D1C516F7A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {4F28DBA8-2515-1792-71B4-1F476EB72958} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5006FBBD-404C-12A6-BA4F-15942080123A} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5073C7DF-68FF-0675-3390-0DB744845E1E} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {50AFCD9C-5172-471A-5948-2460296157AA} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {50DBE7E1-54DF-052B-EB85-564F6F87F753} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://highconvert.c...s/dimpy/bot.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {5643F805-0554-0493-587B-2A31697F744F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {565D4ADA-1BE9-4FAA-5214-15E959CCE023} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {56D911B8-6BDC-5DE7-327B-614D465D2BAF} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {5F5658A7-CB0A-4870-BF08-6C636B4C0A46} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {604CE36D-4829-7B5C-BB34-382C74C2507D} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {61C99043-1C47-31FE-DD4C-26073E3EE6E7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {66D3B5C5-6229-2A33-2429-648B62915E3F} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {68066CCC-21AB-08B0-FD9B-7C443E092759} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126269047389
O16 - DPF: {72505842-29A3-7B7E-E682-28E065325243} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {72BDEA44-B0D6-1748-CDC4-123B38B57D68} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {759D0793-BEE6-0C7F-5896-655814B9CF8C} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {77090158-B041-2A62-030C-15D87D0AEC0D} - http://69.50.173.166/1/rdgUS2156.exe
O16 - DPF: {78BFEEB1-51E5-1436-2039-5E9A18F61AC7} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {79243B12-3E29-6CA3-C0E0-5490042A14CA} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {7AB89D8C-8A12-030C-5D5E-5B0831704CDB} - http://69.50.173.166/1/gdnUS2050.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC899} - http://www.kogalu.co...rnz/chatter.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.micro...jects/ocget.dll
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-l...ad/ccaccess.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...613/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 January 2006 - 03:49 PM

I suggest you do this:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O16 - DPF: {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} - http://activex.micro...jects/ocget.dll

ALL of these 016's with this number: 69.50.173.166
O16 - DPF: {72505842-29A3-7B7E-E682-28E065325243} - http://69.50.173.166/1/gdnUS2050.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"



1. Open My Computer
2. Right click on your hard drive that you wish to clean (C drive, for example)
3. In the context menu that opens, select properties
4. Under the general tab you should select Disk Cleanup
5. Windows will scan your drive which will take a few seconds/minutes
6. A box will display the various files you can remove.
Check all boxes except compress old files (If listed)
7. Click OK and windows will comply.

Restart your computer.

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 pap10

pap10

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 January 2006 - 08:06 PM

Thank you for such a quick reply to my request. I checked each item and did a disk cleanup. Everything seems to working just fine. I am posting the new hijack this log as you requested.
Thanks again, pap10
Logfile of HijackThis v1.99.1
Scan saved at 9:02:32 PM, on 1/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jim Crumbock\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0A8B5103-4EAC-2C69-5068-06F90750ABFA} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram...detect.cab?8044
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1BD4386B-1277-609C-7170-48805E409B40} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {1C9353E4-C651-2D02-3E96-2D177A0E2C03} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {1CB4F464-F403-4DED-5B75-12AB2417EE17} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC95D0B-B5F6-2276-7974-402257270CC0} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {30FF76FE-E959-656F-BCBF-31472BE78205} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {438C8C41-CC88-3742-11DB-6A712373A49A} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://highconvert.c...s/dimpy/bot.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {565D4ADA-1BE9-4FAA-5214-15E959CCE023} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {68066CCC-21AB-08B0-FD9B-7C443E092759} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126269047389
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC899} - http://www.kogalu.co...rnz/chatter.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.micro...jects/ocget.dll
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-l...ad/ccaccess.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...613/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 January 2006 - 08:11 PM

Now they changed to: http://66.230.175.129/1/gdnUS2161.exe


We need to Disable AdWatch

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:

Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.


Please download the trial version of ewido anti-malware 3.5 here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Then please run Ewido, click on the Scanner run a full scan and let it clean everything it finds. Save the logfile from the scan.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#9 pap10

pap10

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 January 2006 - 09:40 PM

I followed your instruction, I turned off the program you asked me to and I downloaded the ewido. I booted up in safe mode and then I ran the ewido scan and it did not find anything.Logfile of HijackThis v1.99.1
Scan saved at 10:27:09 PM, on 1/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Evidence Eliminator\ee.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jim Crumbock\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: {0A8B5103-4EAC-2C69-5068-06F90750ABFA} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram...detect.cab?8044
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1BD4386B-1277-609C-7170-48805E409B40} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {1C9353E4-C651-2D02-3E96-2D177A0E2C03} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {1CB4F464-F403-4DED-5B75-12AB2417EE17} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2FC95D0B-B5F6-2276-7974-402257270CC0} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {30FF76FE-E959-656F-BCBF-31472BE78205} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {438C8C41-CC88-3742-11DB-6A712373A49A} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://highconvert.c...s/dimpy/bot.exe
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {565D4ADA-1BE9-4FAA-5214-15E959CCE023} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {68066CCC-21AB-08B0-FD9B-7C443E092759} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126269047389
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC899} - http://www.kogalu.co...rnz/chatter.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.micro...jects/ocget.dll
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-l...ad/ccaccess.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...613/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:14:07 PM, 1/19/2006
+ Report-Checksum: BE4B214E

+ Scan result:

No infected objects found.


::Report End

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 19 January 2006 - 09:46 PM

Download: ResetProtocolDefaults.reg
http://www.mvps.org/...colDefaults.reg

Locate "ResetProtocolDefaults.reg"
Right-click and select: Merge (Ok the prompt)


I suggest you do this:

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O15 - Trusted Zone: http://*.windowsupdate.com

O16 - DPF: {0A8B5103-4EAC-2C69-5068-06F90750ABFA} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {1BD4386B-1277-609C-7170-48805E409B40} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {1C9353E4-C651-2D02-3E96-2D177A0E2C03} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {1CB4F464-F403-4DED-5B75-12AB2417EE17} - http://66.230.175.129/1/gdnUS2047.exe
O16 - DPF: {2FC95D0B-B5F6-2276-7974-402257270CC0} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {30FF76FE-E959-656F-BCBF-31472BE78205} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {438C8C41-CC88-3742-11DB-6A712373A49A} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {527196A4-B1A3-4647-931D-37BA5AF23037} - http://highconvert.c...s/dimpy/bot.exe
O16 - DPF: {565D4ADA-1BE9-4FAA-5214-15E959CCE023} - http://66.230.175.129/1/gdnUS1384.exe
O16 - DPF: {68066CCC-21AB-08B0-FD9B-7C443E092759} - http://66.230.175.129/1/gdnUS2161.exe
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC899} - http://www.kogalu.co...rnz/chatter.cab
O16 - DPF: {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} - http://activex.micro...jects/ocget.dll
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} - http://www.content-l...ad/ccaccess.cab


Close ALL windows and browsers except HijackThis and click "Fix checked"


Empty Recycle Bin

Reboot and "copy/paste" a new log file into this thread.
Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#11 pap10

pap10

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 19 January 2006 - 10:39 PM

I checked the locations and the machine is working okay. I do not notice any problems. Here is the latest hijack this log.
Logfile of HijackThis v1.99.1
Scan saved at 11:34:45 PM, on 1/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Jim Crumbock\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: (no name) - {930E4DE1-973D-42D6-BF6E-6788E06BD003} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-2.1.215.15\QOELoader.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Jim Crumbock"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Jim Crumbock"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.goldenram...detect.cab?8044
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...cm/ICSCM_ca.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create & Print ActiveX Plug-in) - http://www.imgag.com...stall/AxCtp.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatro...an/pestscan.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126269047389
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://www.imgag.com...tall/AxCtp2.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://www.imgag.com...all/Crusher.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.s...rl/SymAData.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcaf...613/mcfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain =
O17 - HKLM\Software\..\Telephony: DomainName =
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain =
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 January 2006 - 06:45 AM

Good Job :thumbup:


Log looks good :D :thumbup: How is it running any issues?

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Click Start> My Computer, select the Tools menu and then Folder Options, after the new window appears select the View tab…]
This time select the: Restore Defaults
Select: Apply, and click OK




If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#13 pap10

pap10

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 20 January 2006 - 07:53 AM

To LDTate I just finished doing the last task. Everything is working well. I am very happy with all the help and advice you have given to me. Thank you once again. pap10

#14 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 January 2006 - 03:35 PM

Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#15 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 20 January 2006 - 03:35 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users