Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91599 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

I need help fixing "buffer overrun detected"


  • This topic is locked This topic is locked
95 replies to this topic

#1 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 23 February 2007 - 04:48 PM

I can't figure out for the life of me how to get rid of this "buffer overrun detected" popup.

I've uninstalled and reinstalled much of my software. I've tried Regfix, regcure, regdoctor, errorfix, windows defender, system mechanic, Ad-aware, registry mechanic, and registry booster. None of these have worked. I've tried System Restore. Won't restore. I finally read a posting that helped get system restore to work.

I just need help ridding myself of the Microsoft C++ Runtime Library error.

Please help!

Here is my Hijackthis logfile.

Logfile of HijackThis v1.99.1
Scan saved at 5:05:18 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Multimedia\main\ATIMMC.exe
C:\Program Files\Analyzer.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Documents and Settings\Byron\Desktop\byron\PRESARIO ©\Desktop\RegistryBooster.exe /S
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {01C6ACBE-85E8-4F51-1E52-50AE31F8BAC9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05495DE3-9451-64B3-BD73-58E87781935F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06170979-4EE4-7F7F-977D-4BA7217225CC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06F847D6-2AE2-1011-47B9-604F01D9574A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0AC3E69A-7FEE-507A-42C8-7D4E0874A596} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B226311-294D-0887-DBAA-0B3C07D8788F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E99F3C2-8F0E-30AD-7F9A-19097303670B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F1746E6-1394-60D8-CA16-53FA1013C8BF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F5C78A2-B171-19B4-05C5-54DD60A286BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {125CBE25-C5F4-0603-B7A2-4EC40C793CF2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {12984656-65E9-1DF8-0FAA-3A465FA323D4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1417DEA1-77E0-6027-9C29-581835051785} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {14A6C04F-1FA4-27CC-AC12-54AD5891FE51} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19366F5E-B978-437A-F18B-7E8F1D3FAF92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19D10BEA-9D52-2FA4-BF45-7DC1225AC12B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1DEA0F8E-0F50-6B1C-6329-6F9D3814745A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F0A77C6-7353-3171-D51A-004D43168698} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {20529E12-6E58-7496-7F71-0C6849DDBA23} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24275FB7-54A5-741B-7647-0C4877B9FBE8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26300E7F-67C0-11D2-A437-3A4214A6A239} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27784EF3-BB6D-4D01-C18A-416936D7BEDC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27C03186-FAAB-3710-F39A-0DD219764BA7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {282B2BA7-658D-6484-945F-63383FC12D6E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B4BF3C5-10FC-7671-57FF-480A350A96A3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34117E7D-D6EE-152D-C47D-50192CBD983F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {38358994-49AF-1367-F11D-5DB03744319B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3D3B8B27-D65A-366F-00BB-3CBB6226771A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {401E4EEC-DE40-3BDE-FFC7-4CBC36132711} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {41F7F494-556A-26FC-2F36-7A183B1187F2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {442D2E5F-AF3E-7196-7FDB-2C94439BF3E5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {460BF001-41AE-765A-A59B-036D24C18B52} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {47CAEC69-DF1F-44B2-E73D-35CF5B52A3A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DC33E14-F02F-1DC6-539E-6EA73C6B8F76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {508096DF-BB75-48DD-9135-436D729371AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5136410F-00D4-59F8-C35E-2B601A36F38F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {53F31714-3333-5693-6407-638B627B3D93} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5876DE71-B789-0385-DE5C-1C0841F19D01} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AD5423C-2A42-0765-6212-432F78B36FE3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5B35C7E5-5358-5C42-D7B1-239B4C979653} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C03CC0C-9394-3B1C-2C6F-23A208CA2610} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C1B8635-5A61-614B-B818-64BA626739A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C39C101-1835-4A33-7AA6-5BC923A5C6AA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5DCC2D7B-D670-7CDE-DC70-6FA1610968AC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EAF09CB-9496-67FD-A299-42AB38E84702} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6050A679-638E-3A62-385A-4BB9359610AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65E38762-3B10-13AA-4998-69AF4015FCB1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {68039F33-DD5F-14DB-6FD1-2926043885FE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {699DC4D8-2ECD-426E-C206-30E12584402A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6B770DB8-16DA-1CAB-B8CE-12D5170886C4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DFBC284-F54D-6D68-8AA5-5A22405CE4C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F3F5D3A-A281-68BC-62FB-071902AEC784} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F64921E-A2B2-1515-3407-61460C03B84F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {73018773-062B-3E15-6E3E-0D592F39E59B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {747EAF72-6AF0-77F0-6733-3091457EC0EF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {76E39110-D55D-4378-26E0-298A56AABA82} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {788ED2C1-C30D-4C0A-908B-2F9758DA6766} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7AD29D72-FF65-7279-EF70-54B810A1B0E7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7C3A6634-57F3-6F63-447A-08DB268F7614} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E361FF2-39B5-4DA1-6F7E-5C8933822956} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F87BC76-89A0-0FF7-3961-29442CFF1F1F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Any and all help would be appreciated!

Edited by Perk, 23 February 2007 - 05:15 PM.

    Advertisements

Register to Remove


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 23 February 2007 - 05:24 PM

Hello and welcome to the forum

You have a nasty redirect infection.

Follow the instructions here and let me know how it went. Be sure to post a new HijackThis log back here.
http://forums.tomcoy...showtopic=73142

Please use the Posted Image Button below to post the new HJT log and report.txt back here.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#3 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 23 February 2007 - 09:08 PM

Hi LDTate.

Thanks for helping me with this. Here's my HijackThis log and report.txt.

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"errorkiller"="\"C:\\Program Files\\errorkiller\\errorkiller.exe\" -boot"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"System Mechanic Popup Blocker"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\PopupBlocker.exe\""
"Uniblue Registry Booster"="C:\\Documents and Settings\\Byron\\Desktop\\byron\\PRESARIO ©\\Desktop\\RegistryBooster.exe /S"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Edited by Perk, 23 February 2007 - 09:10 PM.


#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 23 February 2007 - 09:10 PM

post the new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#5 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 23 February 2007 - 09:24 PM

Hi LDTate.

Thanks for helping me with this. Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:18 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Multimedia\main\ATIMMC.exe
C:\Program Files\Analyzer.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Documents and Settings\Byron\Desktop\byron\PRESARIO ©\Desktop\RegistryBooster.exe /S
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {01C6ACBE-85E8-4F51-1E52-50AE31F8BAC9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05495DE3-9451-64B3-BD73-58E87781935F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06170979-4EE4-7F7F-977D-4BA7217225CC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06F847D6-2AE2-1011-47B9-604F01D9574A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0AC3E69A-7FEE-507A-42C8-7D4E0874A596} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B226311-294D-0887-DBAA-0B3C07D8788F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E99F3C2-8F0E-30AD-7F9A-19097303670B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F1746E6-1394-60D8-CA16-53FA1013C8BF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F5C78A2-B171-19B4-05C5-54DD60A286BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {125CBE25-C5F4-0603-B7A2-4EC40C793CF2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {12984656-65E9-1DF8-0FAA-3A465FA323D4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1417DEA1-77E0-6027-9C29-581835051785} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {14A6C04F-1FA4-27CC-AC12-54AD5891FE51} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19366F5E-B978-437A-F18B-7E8F1D3FAF92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19D10BEA-9D52-2FA4-BF45-7DC1225AC12B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1DEA0F8E-0F50-6B1C-6329-6F9D3814745A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F0A77C6-7353-3171-D51A-004D43168698} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {20529E12-6E58-7496-7F71-0C6849DDBA23} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24275FB7-54A5-741B-7647-0C4877B9FBE8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26300E7F-67C0-11D2-A437-3A4214A6A239} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27784EF3-BB6D-4D01-C18A-416936D7BEDC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27C03186-FAAB-3710-F39A-0DD219764BA7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {282B2BA7-658D-6484-945F-63383FC12D6E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B4BF3C5-10FC-7671-57FF-480A350A96A3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34117E7D-D6EE-152D-C47D-50192CBD983F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {38358994-49AF-1367-F11D-5DB03744319B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3D3B8B27-D65A-366F-00BB-3CBB6226771A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {401E4EEC-DE40-3BDE-FFC7-4CBC36132711} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {41F7F494-556A-26FC-2F36-7A183B1187F2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {442D2E5F-AF3E-7196-7FDB-2C94439BF3E5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {460BF001-41AE-765A-A59B-036D24C18B52} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {47CAEC69-DF1F-44B2-E73D-35CF5B52A3A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DC33E14-F02F-1DC6-539E-6EA73C6B8F76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {508096DF-BB75-48DD-9135-436D729371AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5136410F-00D4-59F8-C35E-2B601A36F38F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {53F31714-3333-5693-6407-638B627B3D93} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5876DE71-B789-0385-DE5C-1C0841F19D01} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AD5423C-2A42-0765-6212-432F78B36FE3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5B35C7E5-5358-5C42-D7B1-239B4C979653} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C03CC0C-9394-3B1C-2C6F-23A208CA2610} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C1B8635-5A61-614B-B818-64BA626739A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C39C101-1835-4A33-7AA6-5BC923A5C6AA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5DCC2D7B-D670-7CDE-DC70-6FA1610968AC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EAF09CB-9496-67FD-A299-42AB38E84702} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6050A679-638E-3A62-385A-4BB9359610AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65E38762-3B10-13AA-4998-69AF4015FCB1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {68039F33-DD5F-14DB-6FD1-2926043885FE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {699DC4D8-2ECD-426E-C206-30E12584402A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6B770DB8-16DA-1CAB-B8CE-12D5170886C4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DFBC284-F54D-6D68-8AA5-5A22405CE4C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F3F5D3A-A281-68BC-62FB-071902AEC784} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F64921E-A2B2-1515-3407-61460C03B84F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {73018773-062B-3E15-6E3E-0D592F39E59B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {747EAF72-6AF0-77F0-6733-3091457EC0EF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {76E39110-D55D-4378-26E0-298A56AABA82} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {788ED2C1-C30D-4C0A-908B-2F9758DA6766} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7AD29D72-FF65-7279-EF70-54B810A1B0E7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7C3A6634-57F3-6F63-447A-08DB268F7614} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E361FF2-39B5-4DA1-6F7E-5C8933822956} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F87BC76-89A0-0FF7-3961-29442CFF1F1F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

And here is my report.txt:

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"errorkiller"="\"C:\\Program Files\\errorkiller\\errorkiller.exe\" -boot"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"System Mechanic Popup Blocker"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\PopupBlocker.exe\""
"Uniblue Registry Booster"="C:\\Documents and Settings\\Byron\\Desktop\\byron\\PRESARIO ©\\Desktop\\RegistryBooster.exe /S"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

Edited by Perk, 23 February 2007 - 09:29 PM.


#6 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 23 February 2007 - 09:26 PM

I need the new HijackThis log.

Open HijackThis and select: Do a system scan and save a log file.

When the scan is finished, Click Edit> Select All> Edit> Copy> and paste its contents here [Add Reply].

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#7 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 23 February 2007 - 09:39 PM

Hi LDTate.

Thanks for helping me with this. Here's my HijackThis log.

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"errorkiller"="\"C:\\Program Files\\errorkiller\\errorkiller.exe\" -boot"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"System Mechanic Popup Blocker"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\PopupBlocker.exe\""
"Uniblue Registry Booster"="C:\\Documents and Settings\\Byron\\Desktop\\byron\\PRESARIO ©\\Desktop\\RegistryBooster.exe /S"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

#8 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 23 February 2007 - 09:43 PM

Here it is.

Logfile of HijackThis v1.99.1
Scan saved at 10:40:31 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Multimedia\main\ATIMMC.exe
C:\Program Files\Analyzer.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Documents and Settings\Byron\Desktop\byron\PRESARIO ©\Desktop\RegistryBooster.exe /S
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {01C6ACBE-85E8-4F51-1E52-50AE31F8BAC9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05495DE3-9451-64B3-BD73-58E87781935F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06170979-4EE4-7F7F-977D-4BA7217225CC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06F847D6-2AE2-1011-47B9-604F01D9574A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0AC3E69A-7FEE-507A-42C8-7D4E0874A596} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B226311-294D-0887-DBAA-0B3C07D8788F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E99F3C2-8F0E-30AD-7F9A-19097303670B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F1746E6-1394-60D8-CA16-53FA1013C8BF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F5C78A2-B171-19B4-05C5-54DD60A286BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {125CBE25-C5F4-0603-B7A2-4EC40C793CF2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {12984656-65E9-1DF8-0FAA-3A465FA323D4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1417DEA1-77E0-6027-9C29-581835051785} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {14A6C04F-1FA4-27CC-AC12-54AD5891FE51} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19366F5E-B978-437A-F18B-7E8F1D3FAF92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19D10BEA-9D52-2FA4-BF45-7DC1225AC12B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1DEA0F8E-0F50-6B1C-6329-6F9D3814745A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F0A77C6-7353-3171-D51A-004D43168698} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {20529E12-6E58-7496-7F71-0C6849DDBA23} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24275FB7-54A5-741B-7647-0C4877B9FBE8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26300E7F-67C0-11D2-A437-3A4214A6A239} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27784EF3-BB6D-4D01-C18A-416936D7BEDC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27C03186-FAAB-3710-F39A-0DD219764BA7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {282B2BA7-658D-6484-945F-63383FC12D6E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B4BF3C5-10FC-7671-57FF-480A350A96A3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34117E7D-D6EE-152D-C47D-50192CBD983F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} - http://www.symantec....rl/SymAData.cab
O16 - DPF: {38358994-49AF-1367-F11D-5DB03744319B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3D3B8B27-D65A-366F-00BB-3CBB6226771A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {401E4EEC-DE40-3BDE-FFC7-4CBC36132711} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {41F7F494-556A-26FC-2F36-7A183B1187F2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {442D2E5F-AF3E-7196-7FDB-2C94439BF3E5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {460BF001-41AE-765A-A59B-036D24C18B52} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {47CAEC69-DF1F-44B2-E73D-35CF5B52A3A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DC33E14-F02F-1DC6-539E-6EA73C6B8F76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {508096DF-BB75-48DD-9135-436D729371AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5136410F-00D4-59F8-C35E-2B601A36F38F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {53F31714-3333-5693-6407-638B627B3D93} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5876DE71-B789-0385-DE5C-1C0841F19D01} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AD5423C-2A42-0765-6212-432F78B36FE3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5B35C7E5-5358-5C42-D7B1-239B4C979653} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C03CC0C-9394-3B1C-2C6F-23A208CA2610} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C1B8635-5A61-614B-B818-64BA626739A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C39C101-1835-4A33-7AA6-5BC923A5C6AA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5DCC2D7B-D670-7CDE-DC70-6FA1610968AC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EAF09CB-9496-67FD-A299-42AB38E84702} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6050A679-638E-3A62-385A-4BB9359610AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65E38762-3B10-13AA-4998-69AF4015FCB1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {68039F33-DD5F-14DB-6FD1-2926043885FE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {699DC4D8-2ECD-426E-C206-30E12584402A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6B770DB8-16DA-1CAB-B8CE-12D5170886C4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DFBC284-F54D-6D68-8AA5-5A22405CE4C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F3F5D3A-A281-68BC-62FB-071902AEC784} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F64921E-A2B2-1515-3407-61460C03B84F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {73018773-062B-3E15-6E3E-0D592F39E59B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {747EAF72-6AF0-77F0-6733-3091457EC0EF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {76E39110-D55D-4378-26E0-298A56AABA82} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {788ED2C1-C30D-4C0A-908B-2F9758DA6766} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7AD29D72-FF65-7279-EF70-54B810A1B0E7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7C3A6634-57F3-6F63-447A-08DB268F7614} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E361FF2-39B5-4DA1-6F7E-5C8933822956} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F87BC76-89A0-0FF7-3961-29442CFF1F1F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

#9 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 23 February 2007 - 09:49 PM

I suggest you do this:

Please do not delete anything unless instructed to.



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O3 - Toolbar: (no name) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - (no file)
O4 - HKLM\..\RunServices: [DRam prosessor] plscd.exe
O16 - DPF: {01C6ACBE-85E8-4F51-1E52-50AE31F8BAC9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {05495DE3-9451-64B3-BD73-58E87781935F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06170979-4EE4-7F7F-977D-4BA7217225CC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {06F847D6-2AE2-1011-47B9-604F01D9574A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0AC3E69A-7FEE-507A-42C8-7D4E0874A596} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0B226311-294D-0887-DBAA-0B3C07D8788F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0E99F3C2-8F0E-30AD-7F9A-19097303670B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F1746E6-1394-60D8-CA16-53FA1013C8BF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {0F5C78A2-B171-19B4-05C5-54DD60A286BE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {125CBE25-C5F4-0603-B7A2-4EC40C793CF2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {12984656-65E9-1DF8-0FAA-3A465FA323D4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1417DEA1-77E0-6027-9C29-581835051785} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {14A6C04F-1FA4-27CC-AC12-54AD5891FE51} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19366F5E-B978-437A-F18B-7E8F1D3FAF92} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {19D10BEA-9D52-2FA4-BF45-7DC1225AC12B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1DEA0F8E-0F50-6B1C-6329-6F9D3814745A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {1F0A77C6-7353-3171-D51A-004D43168698} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {20529E12-6E58-7496-7F71-0C6849DDBA23} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {24275FB7-54A5-741B-7647-0C4877B9FBE8} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {26300E7F-67C0-11D2-A437-3A4214A6A239} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27784EF3-BB6D-4D01-C18A-416936D7BEDC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {27C03186-FAAB-3710-F39A-0DD219764BA7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {282B2BA7-658D-6484-945F-63383FC12D6E} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {2B4BF3C5-10FC-7671-57FF-480A350A96A3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {34117E7D-D6EE-152D-C47D-50192CBD983F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {38358994-49AF-1367-F11D-5DB03744319B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {3D3B8B27-D65A-366F-00BB-3CBB6226771A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {401E4EEC-DE40-3BDE-FFC7-4CBC36132711} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {41F7F494-556A-26FC-2F36-7A183B1187F2} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {442D2E5F-AF3E-7196-7FDB-2C94439BF3E5} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {460BF001-41AE-765A-A59B-036D24C18B52} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {47CAEC69-DF1F-44B2-E73D-35CF5B52A3A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {4DC33E14-F02F-1DC6-539E-6EA73C6B8F76} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {508096DF-BB75-48DD-9135-436D729371AE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5136410F-00D4-59F8-C35E-2B601A36F38F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {53F31714-3333-5693-6407-638B627B3D93} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5876DE71-B789-0385-DE5C-1C0841F19D01} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5AD5423C-2A42-0765-6212-432F78B36FE3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5B35C7E5-5358-5C42-D7B1-239B4C979653} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C03CC0C-9394-3B1C-2C6F-23A208CA2610} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C1B8635-5A61-614B-B818-64BA626739A9} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5C39C101-1835-4A33-7AA6-5BC923A5C6AA} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5DCC2D7B-D670-7CDE-DC70-6FA1610968AC} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {5EAF09CB-9496-67FD-A299-42AB38E84702} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6050A679-638E-3A62-385A-4BB9359610AF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {65E38762-3B10-13AA-4998-69AF4015FCB1} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {68039F33-DD5F-14DB-6FD1-2926043885FE} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {699DC4D8-2ECD-426E-C206-30E12584402A} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6B770DB8-16DA-1CAB-B8CE-12D5170886C4} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6DFBC284-F54D-6D68-8AA5-5A22405CE4C3} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F3F5D3A-A281-68BC-62FB-071902AEC784} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {6F64921E-A2B2-1515-3407-61460C03B84F} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {73018773-062B-3E15-6E3E-0D592F39E59B} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {747EAF72-6AF0-77F0-6733-3091457EC0EF} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {76E39110-D55D-4378-26E0-298A56AABA82} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {788ED2C1-C30D-4C0A-908B-2F9758DA6766} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7AD29D72-FF65-7279-EF70-54B810A1B0E7} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7C3A6634-57F3-6F63-447A-08DB268F7614} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7E361FF2-39B5-4DA1-6F7E-5C8933822956} - http://85.255.113.214/1/gdnUS2218.exe
O16 - DPF: {7F87BC76-89A0-0FF7-3961-29442CFF1F1F} - http://85.255.113.214/1/gdnUS2218.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete this File if listed:
plscd.exe



No need to download again but please run it. Sometimes it takes 4-5 times running Fixwareout and the flushdns to remove the bad 017's

Double Click Fixwareout.exe and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads a text that will open (report.txt) Please save this file, you'll need to post it with a new HijackThis log.

Next:
Click Start> Run> type in CMD tap enter key
Copy/Paste: ipconfig /flushdns
If you are typing this in, note the space between the g /f
It needs to be there.


Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Note: Do this for all Network Connections
Press OK twice to get out of the properties screen and reboot if it asks



Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#10 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 23 February 2007 - 10:47 PM

Okay LDTate,

Here is my new HijackThis log file and report.txt:

Logfile of HijackThis v1.99.1
Scan saved at 11:45:43 PM, on 2/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Analyzer.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [System Mechanic Popup Blocker] "C:\Program Files\iolo\System Mechanic Professional 7\PopupBlocker.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Documents and Settings\Byron\Desktop\byron\PRESARIO ©\Desktop\RegistryBooster.exe /S
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O4 - Global Startup: LNSS Status Monitor.lnk = C:\Program Files\GFI\LANguard Network Security Scanner 8.0\statusmonitor.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE

Here is the report.txt:

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eBayToolbar"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
"errorkiller"="\"C:\\Program Files\\errorkiller\\errorkiller.exe\" -boot"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"System Mechanic Popup Blocker"="\"C:\\Program Files\\iolo\\System Mechanic Professional 7\\PopupBlocker.exe\""
"Uniblue Registry Booster"="C:\\Documents and Settings\\Byron\\Desktop\\byron\\PRESARIO ©\\Desktop\\RegistryBooster.exe /S"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

    Advertisements

Register to Remove


#11 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 24 February 2007 - 07:49 AM

I notice that you have System Mechanic 7 installed. SM7 uses a kernel mode driver and when that driver is loaded it it hooks all other applications as they start up. I would suggest that you uninstall it and see if things improve.

1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
System Mechanic


After uninstalling, run HijackThis again and fix these if still listed
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe


then follow these instructions.

Start > Run > type: services.msc right click on ioloDMV > set the startup type to manual or disable and then Reboot.

"copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#12 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 24 February 2007 - 11:05 AM

I really appreciate your help. Here's the latest HijackThis logfile. I did everything to the letter so far and still the popup.


Logfile of HijackThis v1.99.1
Scan saved at 12:04:05 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Analyzer.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Documents and Settings\Byron\Desktop\byron\PRESARIO ©\Desktop\RegistryBooster.exe /S
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#13 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 24 February 2007 - 11:17 AM

Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)

Close ALL windows and browsers except HijackThis and click "Fix checked"




Please go to http://virusscan.jotti.org , click on Browse, and upload the following file for analysis:

C:\WINDOWS\system32\HDDSvc.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.


If Jotti is too busy you can try these.

http://www.kaspersky...anforvirus.html

http://www.virustota.../en/indexf.html



Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 


#14 Perk

Perk

    Authentic Member

  • Authentic Member
  • PipPip
  • 104 posts

Posted 24 February 2007 - 01:30 PM

I can't find system32hddvc file. It's not in WINDOWS. here
s the log file.

Logfile of HijackThis v1.99.1
Scan saved at 2:29:11 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Wireless Device\Wireless Keyboard\osd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Analyzer.exe\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue Registry Booster] C:\Documents and Settings\Byron\Desktop\byron\PRESARIO ©\Desktop\RegistryBooster.exe /S
O4 - Global Startup: Enable Wireless Keyboard Driver.lnk = C:\Program Files\Wireless Device\Wireless Keyboard\Magickey.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1....loadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - (no file)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

#15 LDTate

LDTate

    Forum God

  • Root Admin
  • 57,170 posts

Posted 24 February 2007 - 01:33 PM

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find HDD Information Service (HDDSvc)
Right click and choose "Properties". On the "General" tab under "Service
Status" click the "Stop" button to stop the service. Beside "Startup Type"
in the dropdown menu select "Disabled". Click Apply then OK. Exit the
Services utility.



Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe

Close ALL windows and browsers except HijackThis and click "Fix checked"


Delete this file if listed
C:\WINDOWS\system32\HDDSvc.exe



Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users