WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

My Hijack Log

Started by wbird22 , Jun 10 2006 02:09 AM

Please log in to reply

12 replies to this topic

#1 wbird22

New Member

New Member
6 posts

Posted 10 June 2006 - 02:09 AM

HELP! I get random programs downloaded that I can't get rid of.

Logfile of HijackThis v1.99.1
Scan saved at 12:33:03 AM, on 6/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\WWluLVlpbiBIYW4\command.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Icons\Seticon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\updatev01.exe
C:\WINDOWS\system32\D0CAD2D1CCCEC.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\bin\iPodService.exe
C:\WINDOWS\hrsbdll.EXE
C:\WINDOWS\hrsbenc.EXE
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
D:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\WinZip\winzip32.exe
D:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsqD7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54D63DA8-640F-21AB-3245-2203A6A6E873} - C:\WINDOWS\Ojthyqlx.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
O2 - BHO: (no name) - {97883A32-782C-4EE4-823F-C80D3C455FFF} - C:\Program Files\Online Services\hobe.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe -invisible
O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe
O4 - HKLM\..\Run: [dbcp32ro] C:\WINDOWS\System32\dbcp32ro.exe
O4 - HKLM\..\Run: [ZLF] C:\documents and settings\wendy\local settings\temp\ZLF.exe
O4 - HKLM\..\Run: [2snj37h] vsscirt.exe
O4 - HKLM\..\Run: [06FF08070204040] D0CAD2D1CCCEC.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [w4b1d7fa.dll] RUNDLL32.EXE w4b1d7fa.dll,I2 0009ece204b1d7fa
O4 - HKLM\..\Run: [hrsbdll] C:\WINDOWS\hrsbdll.EXE
O4 - HKLM\..\Run: [hrsbenc] C:\WINDOWS\hrsbenc.EXE
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Advanced Spyware Remover Pro] D:\Program Files\Advanced Spyware Remover\Asr.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Wendy\Application Data\DownloadPlus.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.over...com/WildApp.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\WWluLVlpbiBIYW4\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\odxxsvc.exe

Advertisements

Register to Remove

#2 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 11 June 2006 - 09:19 AM

Welcome to the forum :wavey:

Please download and run Spybot-Search&Destroy and Ad-Aware; they are the standard programs for finding and cleaning malware off your system. Here are links to both programs, and instructions for their use.

Get Spybot - Search & Destroy from Spybot Search and Destroy
(This is the NEW Version 1.4)
Get AdAware SE Personal from Lavasoft
(This is the NEW Build 1.6)

Download and install these programs if you don't already have them. If you do have them, make sure they are UPDATED AND CONFIGURED AS DESCRIBED here:

Configure Adaware

Configure Spybot

Reboot after running each program.

Please try this free online virus scan of your system:

Panda Activescan
Accept default settings.

When is finished, save the report and "copy/paste" it into this thread, along with a new HijackThis! log file.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 wbird22

New Member

New Member
6 posts

Posted 13 June 2006 - 09:53 PM

hey thanks for responding.

the panda activescan wont work because i use mozilla and i have no idea where my internet explorer disappeared to.

but i already have spybot and adaware but i upgraded them like you suggested and here is the new hijack logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:47:17 PM, on 6/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Icons\Seticon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\updatev01.exe
C:\WINDOWS\system32\D0CAD2D1CCCEC.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\bin\iPodService.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Online Services\.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54D63DA8-640F-21AB-3245-2203A6A6E873} - C:\WINDOWS\Ojthyqlx.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll
O2 - BHO: (no name) - {97883A32-782C-4EE4-823F-C80D3C455FFF} - C:\Program Files\Online Services\hobe.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe -invisible
O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe
O4 - HKLM\..\Run: [dbcp32ro] C:\WINDOWS\System32\dbcp32ro.exe
O4 - HKLM\..\Run: [ZLF] C:\documents and settings\wendy\local settings\temp\ZLF.exe
O4 - HKLM\..\Run: [2snj37h] vsscirt.exe
O4 - HKLM\..\Run: [06FF08070204040] D0CAD2D1CCCEC.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [w4b1d7fa.dll] RUNDLL32.EXE w4b1d7fa.dll,I2 0009ece204b1d7fa
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Advanced Spyware Remover Pro] D:\Program Files\Advanced Spyware Remover\Asr.exe
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Wendy\Application Data\DownloadPlus.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\odxxsvc.exe

#4 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 13 June 2006 - 10:09 PM

Please download ATF Cleaner by Atribune.
Download - ATF Cleaner»
This program is for XP and Windows 2000 only

Don't run it just yet.

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {54D63DA8-640F-21AB-3245-2203A6A6E873} - C:\WINDOWS\Ojthyqlx.dll

O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll

O4 - HKLM\..\Run: [dbcp32ro] C:\WINDOWS\System32\dbcp32ro.exe

O4 - HKLM\..\Run: [ZLF] C:\documents and settings\wendy\local settings\temp\ZLF.exe

O4 - HKLM\..\Run: [2snj37h] vsscirt.exe

O4 - HKLM\..\Run: [06FF08070204040] D0CAD2D1CCCEC.exe

O4 - HKLM\..\Run: [w4b1d7fa.dll] RUNDLL32.EXE w4b1d7fa.dll,I2 0009ece204b1d7fa

O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe

O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab

O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\odxxsvc.exe

Then click "Fix checked" and close Hijack This!.

Now, please go to:

Start --> Run

In the box type in services.msc then hit < Enter > (or click OK)

In the Name column look for:

Windows VisFx Components

< Double-click > it.

In the dialogue box that pops up, check in the Path to executable box.

It should say: C:\WINDOWS\odxxsvc.exe

That's how to be sure you have the right one.

Now, click Stop to stop that rogue process.

In the Startup type box, change it to Disabled.

Click Apply then OK

Close the services.msc window.

Reboot in "safe" mode.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

Close the program.

Delete all of the following noted (in red) file(s)/FOLDER(s) you can find:

c:\windows\odxxsvc.exe <--- file

c:\windows\ojthyqlx.dll <--- file

c:\windows\system32\d0cad2d1cccec.exe <--- file

c:\windows\system32\dbcp32ro.exe <--- file

c:\windows\system32\{8110581c-fea4-47ac-adbc-de958dd0f354}.dll <--- file

vsscirt.exe <--- file

w4b1d7fa.dll <--- file

Some malware files may be "hidden".
Be sure to show hidden files when looking for these file(s) and/or folder(s).

Reboot in normal mode and "copy/paste" a new HijackThis! log file into this thread.

#5 wbird22

New Member

New Member
6 posts

Posted 17 June 2006 - 12:47 PM

I wasnt able to find the following files:

c:\windows\odxxsvc.exe <--- file

c:\windows\system32\{8110581c-fea4-47ac-adbc-de958dd0f354}.dll <--- file

vsscirt.exe <--- file

w4b1d7fa.dll <--- file

is that alright?

but here is my new hijack log

Logfile of HijackThis v1.99.1
Scan saved at 11:47:21 AM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Icons\Seticon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\updatev01.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\bin\iPodService.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Windows\wWinUpdate.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

#6 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 17 June 2006 - 12:50 PM

It's OK. Could you repost with a complete HijackThis!, log, please? That one appears to be lacking.

#7 wbird22

New Member

New Member
6 posts

Posted 17 June 2006 - 05:38 PM

oh, sorry.

Logfile of HijackThis v1.99.1
Scan saved at 4:37:47 PM, on 6/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Icons\Seticon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\updatev01.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\bin\iPodService.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Windows\wWinUpdate.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\system32\wuauclt.exe
D:\PROGRA~1\AIM\aim.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {97883A32-782C-4EE4-823F-C80D3C455FFF} - C:\Program Files\Online Services\hobe.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe -invisible
O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Advanced Spyware Remover Pro] D:\Program Files\Advanced Spyware Remover\Asr.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Wendy\Application Data\DownloadPlus.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

#8 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 17 June 2006 - 06:01 PM

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

Do you intentionally have any malware items disabled via MSConfig?
:unsure:

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Do a systen scan only".
Then "check" the box to the left of these item(s):

O2 - BHO: (no name) - {97883A32-782C-4EE4-823F-C80D3C455FFF} - C:\Program Files\Online Services\hobe.dll

Then click "Fix checked" and close Hijack This!.

Reboot and "copy/paste" a new HijackThis! log file into this thread.

Also please do this:

Please download/unzip this:

Registry Search by Bobbi Flekman

<Double-click> on regsearch.exe, and search for this:

wwinupdate.exe

It may take a while to run, so be patient. When finished, the search results will appear in your text editor,

Paste the search results into your next post, along with your new HijackThis! log.

#9 wbird22

New Member

New Member
6 posts

Posted 30 June 2006 - 12:03 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:56:26 PM, on 6/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Sony\10Key Utility\va10key.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Sony\JOGDIA~1\JogServ2.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\Program Files\Icons\Seticon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\updatev01.exe
D:\itunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\Spyware Doctor\swdoctor.exe
D:\bin\iPodService.exe
C:\Program Files\epicenter\wsnuninst.exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [va10key] C:\Program Files\Sony\10Key Utility\va10key.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\bin\tgcmd.exe /server
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [wmplayer] C:\Program Files\Windows Media Player\wmplayer.exe -invisible
O4 - HKLM\..\Run: [updatev01] C:\WINDOWS\System32\updatev01.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Advanced Spyware Remover Pro] D:\Program Files\Advanced Spyware Remover\Asr.exe
O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Wendy\Application Data\DownloadPlus.exe
O4 - Startup: GreatMemo.lnk = C:\Program Files\GreatMemo\GreatMemo.exe
O4 - Startup: Weather.lnk = C:\Program Files\Weather\Weather.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerPanel.lnk = ?
O4 - Global Startup: Real-time Monitor.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRA~1\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\bin\iPodService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

and then...

REGEDIT4

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.1.0

; Results at 6/29/2006 10:59:54 PM for strings:
; 'wwinupdate.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_USERS\S-1-5-21-1715567821-1078145449-854245398-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\\Program Files\\Windows\\wWinUpdate.exe"="wWinUpdate"

; End Of The Log...

and to answer your first question, i dont think i intentionally have any malware items disabled via MSConfig...i'm not sure though. what does that mean?

#10 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 30 June 2006 - 05:05 AM

See if you can delete this file:

C:\Program Files\Windows\wWinUpdate.exe

Let me know.

We don't have to worry about MSConfig now...

It's not running.

#11 wbird22

New Member

New Member
6 posts

Posted 30 June 2006 - 10:31 PM

ok i deleted it.

#12 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 01 July 2006 - 06:08 AM

That should do it. :thumbup:

Thank you for choosing TomCoyote for your malware removal solutions.

M68

Post Infection Items To Ponder

#13 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 02 July 2006 - 04:32 PM

This topic is now closed.

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.

Body Background

skin color theme