Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HijackThis log file for checking please

Started by Chris Tomley , Mar 01 2007 04:26 PM

  • This topic is locked This topic is locked
12 replies to this topic

#1 Chris Tomley

Chris Tomley

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 01 March 2007 - 04:26 PM

I have had a problem that after searching on Google and finding the correct site, when I click on that, some other search engine redirects me to their search list. If I go back and repeat clicking on the Google entry, another, different search engine redirects me to their list of suggested sites!

Sometimes I have to do it 3 to 5 times before it goes to the original Google result site. This is very annoying and wastes so much time!

Please can someone check my logfile and advise on any required action? Many thanks.

Chris Tomley.

Log below:-
Logfile of HijackThis v1.99.1
Scan saved at 21:58:59, on 01/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
c:\program files\fwbs\oms\oms2k.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
P:\Chris\WG&T\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = WGTFS01:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MBoxUtil Clean] C:\Program Files\KONICA MINOLTA\BOX Utility\BoxUtil.exe /clean
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DC6cw] "C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe" -c
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\C200 Camera\Registration\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Copy to Builder - C:\WINDOWS\web\blcopy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap...in/myCioAgt.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbc.ops.pl...quicksilver.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = wgt.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

    Advertisements

Register to Remove

#2 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 01 March 2007 - 05:41 PM

Hello and welcome to the forum

Follow the instructions here and let me know how it went. Be sure to post a new HijackThis log back here.
http://forums.tomcoy...showtopic=73142

Please use the Posted Image Button below to post the new HJT log and report.txt

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#3 Chris Tomley

Chris Tomley

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 02 March 2007 - 04:07 AM

Hi and thank you very much for your quick response to my problem. I have run through all the steps you outlined and it seems that the redirects have gone! Excellent news and thanks for your expertise in sorting it so quickly.
My log file is below - is there anything else I need to do please?

Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdbnp.exe"

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other
C:\WINDOWS\Temp\kdbnp.ren 63466 04/08/2004



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"WinVNC"="\"C:\\Program Files\\ORL\\VNC\\WinVNC.exe\" -servicehelper"
"PspContr"="PspContr.Exe"
"IW ControlCenter"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe"
"VOBID"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantDrive\\InstantDrive.exe /remount"
"Lexmark X83 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X83.exe"
"Lexmark X83 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X83.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"MBoxUtil Clean"="C:\\Program Files\\KONICA MINOLTA\\BOX Utility\\BoxUtil.exe /clean"
"McAfee Managed Services Tray"="\"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myagttry.exe\""
"MVS Splash"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\Splash.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"DC6cw"="\"C:\\Program Files\\Common Files\\DriveCleaner 2006\\DC6cw.exe\" -c"
"Matrox Powerdesk"="C:\\WINDOWS\\system32\\PDesk\\PDesk.exe /Autolaunch"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

#4 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 02 March 2007 - 06:40 AM

You're not clean yet. Post a new HJT log

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#5 Chris Tomley

Chris Tomley

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 04 March 2007 - 09:39 AM

Hi,

Sorry I had not read through the previous log before sending it - more haste, less speed!

Now submitted the files to the first checker and reply below:-

Complete scanning result of "igfxtray.exe", processed in VirusTotal at 03/04/2007 16:08:40 (CET).

[ file data ]
* name: igfxtray.exe
* size: 155648
* md5.: 095b56d71d4c6af017712b0e59c66166
* sha1: ee9cede083589bab440051083b91a4aa3bad6059

[ scan result ]
AntiVir 7.3.1.38/20070304 found nothing
Authentium 4.93.8/20070304 found nothing
Avast 4.7.936.0/20070303 found nothing
AVG 386/20070304 found nothing
BitDefender 7.2/20070304 found nothing
CAT-QuickHeal 9.00/20070302 found nothing
ClamAV devel-20060426/20070304 found nothing
DrWeb 4.33/20070304 found nothing
eSafe 7.0.14.0/20070304 found nothing
eTrust-Vet 30.6.3449/20070303 found nothing
Ewido 4.0/20070304 found nothing
F-Prot 4.3.1.45/20070304 found nothing
F-Secure 6.70.13030.0/20070303 found nothing
FileAdvisor 1/20070304 found [No threat detected]
Fortinet 2.85.0.0/20070304 found nothing
Ikarus T3.1.1.3/20070304 found nothing
Kaspersky 4.0.2.24/20070304 found nothing
McAfee 4975/20070302 found nothing
Microsoft 1.2204/20070304 found nothing
NOD32v2 2093/20070303 found nothing
Norman 5.80.02/20070302 found nothing
Panda 9.0.0.4/20070304 found nothing
Prevx1 V2/20070304 found nothing
Sophos 4.14.0/20070303 found nothing
Sunbelt 2.2.907.0/20070301 found nothing
Symantec 10/20070304 found nothing
TheHacker 6.1.6.067/20070301 found nothing
UNA 1.83/20070302 found nothing
VBA32 3.11.2/20070303 found nothing
VirusBuster 4.3.19:9/20070303 found nothing

[ notes ]
Bit9 info: http://fileadvisor.b...7712b0e59c66166

__________________________________________________
VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Do not reply to this message. It has been generated by an automatic address that will not handle any reply. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.


It seems to me that only the first file has been scanned? If so, should I re-send each file one at a time?

Many thanks,

Chris

#6 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 04 March 2007 - 10:04 AM

Can you post a new HijackThis log please?

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#7 Chris Tomley

Chris Tomley

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 06 March 2007 - 12:47 PM

New HijackThis log below:-

Logfile of HijackThis v1.99.1
Scan saved at 18:46:56, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\program files\fwbs\oms\oms2k.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
P:\Chris\WG&T\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = WGTFS01:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MBoxUtil Clean] C:\Program Files\KONICA MINOLTA\BOX Utility\BoxUtil.exe /clean
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [DC6cw] "C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe" -c
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\C200 Camera\Registration\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Copy to Builder - C:\WINDOWS\web\blcopy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap...in/myCioAgt.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbc.ops.pl...quicksilver.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = wgt.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

I await your advice please.

Many thanks,

Chris.

#8 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 06 March 2007 - 04:30 PM

Please do not delete anything unless instructed to.


1.Click Start > Settings > Control Panel.
2.Next, open Add/Remove Programs and remove if listed:
DriveCleaner


Run hijackthis. Hit None of the above, Click Do a System Scan Only. Put a Check in the box on the left side on these:

O4 - HKLM\..\Run: [DC6cw] "C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe" -c
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.67 85.255.112.71

Close ALL windows and browsers except HijackThis and click "Fix checked"


No need to download again but please run it. Sometimes it takes 4-5 times running Fixwareout and the flushdns to remove the bad 017's

Double Click Fixwareout.exe and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.

Once the desktop loads a text that will open (report.txt) Please save this file, you'll need to post it with a new HijackThis log.

Next:
Click Start> Run> type in CMD tap enter key
Copy/Paste or type in: ipconfig /flushdns
If you are typing this in, note the space between the g /f
It needs to be there.


Now lets check some settings on your system.
Enter your Control Panel and double-click on Network Connections

Then right click on your Default Connection
Usually Local Area Connection for Cable and DSL
Left click on Properties
Double-Click on the Internet Protocol (TCP/IP) item
Select the radio dial that says Obtain DNS Servers Automatically
Note: Do this for all Network Connections
Press OK twice to get out of the properties screen and reboot if it asks


Reboot and "copy/paste" a new HijackThis log file into this thread.

Also please describe how your computer behaves at the moment.

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#9 Chris Tomley

Chris Tomley

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 07 March 2007 - 03:18 AM

Thank you very much for those last instructions. I have just carried them out and the HijackThis log is set out below and then theFixware report. Hope this helps.

Chris.

Logfile of HijackThis v1.99.1
Scan saved at 08:56:44, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PspContr.Exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
P:\Chris\WG&T\hijackthis\HijackThis.exe
c:\program files\fwbs\oms\oms2k.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = WGTFS01:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [PspContr] PspContr.Exe
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [MBoxUtil Clean] C:\Program Files\KONICA MINOLTA\BOX Utility\BoxUtil.exe /clean
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"
O4 - HKLM\..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Microsoft Outlook.lnk = ?
O4 - Startup: Reminder-hpc40415.lnk = C:\Program Files\HP PhotoSmart\C200 Camera\Registration\Remind32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Copy to Builder - C:\WINDOWS\web\blcopy.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://virusscanasap...in/myCioAgt.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbc.ops.pl...quicksilver.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\Software\..\Telephony: DomainName = wgt.co.uk
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wgt.co.uk
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = wgt.co.uk
O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\MyRmProt4.0.0.358.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: McAfee Total Protection Agent Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SonicWALL Agent Service (SWAGENT) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

Fixware report follows:-



Fixwareout Last edited 2/11/2007
Post this report in the forums please
...
»»»»»Prerun check

»»»»» System restarted

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....

Search five digit cs, dm, kd, jb, other, files.
The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection.



Click browse, find the file then click submit.
http://www.virustota...h/index_en.html
Or http://virusscan.jotti.org/

»»»»» Other



»»»»» Current runs
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"WinVNC"="\"C:\\Program Files\\ORL\\VNC\\WinVNC.exe\" -servicehelper"
"PspContr"="PspContr.Exe"
"IW ControlCenter"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe"
"VOBID"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantDrive\\InstantDrive.exe /remount"
"Lexmark X83 Button Monitor"="C:\\PROGRA~1\\LEXMAR~1\\ACMonitor_X83.exe"
"Lexmark X83 Button Manager"="C:\\PROGRA~1\\LEXMAR~1\\AcBtnMgr_X83.exe"
"PrinTray"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe"
"PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"MBoxUtil Clean"="C:\\Program Files\\KONICA MINOLTA\\BOX Utility\\BoxUtil.exe /clean"
"McAfee Managed Services Tray"="\"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myagttry.exe\""
"MVS Splash"="C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\Splash.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"Matrox Powerdesk"="C:\\WINDOWS\\system32\\PDesk\\PDesk.exe /Autolaunch"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»

When I was looking through the Program files on the C drive I found a folder for "Drivecleaner Free" still there so I deleted that and it went to the Recycle bin so I went in there and deleted it from there as well.

Very many thanks again,

Chris.

#10 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 March 2007 - 06:44 AM

You can remove any programs I had you install.

Log looks good :D


You need to create a new Clean restore point.

Note: This will remove all previous Restore Points

Turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn it back on.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Remove the Check Turn off System Restore.
Click Apply, and then click OK.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Check "Hide file extensions for known file types."
Under the "Hidden files" folder, Uncheck "Show hidden files and folders."
Check "Hide protected operating system files."
Click Apply, and then click OK.



If you dont have any programs like these, I would recommend that you get them.
Spywareblaster,
Spywareguard.
IE Spyads
They will add 1000's of sites to your resticted zone and block some hijacks from happening.

Also get a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on. Both are available below.

Safe Surfing. :D

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#11 Chris Tomley

Chris Tomley

    New Member

  • New Member
  • Pip
  • 6 posts

Posted 07 March 2007 - 08:54 AM

:D I can't say thank you enough! I have now carried out your last set of instructions and installed Spyware Guard and will run both programs each week. I am also reading How did I get infected and will follow that advice. If you have time to look at www.marches4x4.com you will see what we do in our spare time when not in the office doing legal work! Very best wishes from Wales to you all. :wavey: Chris.

#12 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 March 2007 - 05:49 PM

Very cool website. Looks like a lot of fun :thumbup: Great job :thumbup: You're more then welcome. Glad we were able to help Peace be with you :wavey:

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

#13 LDTate

LDTate

    Grand Poobah

  • Root Admin
  • 57,211 posts

Posted 07 March 2007 - 05:49 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

The forum is run by volunteers who donate their time and expertise.

Want to help others? Join the ClassRoom and learn how.

Logs will be closed if you haven't replied within 3 days

 

If you would like to paypal.gif for the help you received.
 

Proud graduate of TC/WTT Classroom

 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·