Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91734 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] TROJAN HORSE, MALWARE PROBS! heres my activescan and


  • This topic is locked This topic is locked
3 replies to this topic

#1 lukeinzaghi

lukeinzaghi

    New Member

  • New Member
  • Pip
  • 1 posts

Posted 17 April 2008 - 07:26 AM

hello i hope someone has time to look at this and help me out!

here's my ACTIVESCAN AND HJT LOGS.

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-17 19:32:48
PROTECTIONS: 1
MALWARE: 41
SUSPECTS: 1
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
==============================================
AVG 7.5.524 7.5.524 Yes Yes
;===============================================================================
==================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install
00034463 adware/wupd Adware No 0 Yes No hkey_classes_root\install.install.1
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\lydgyrpx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\ltzmapof.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kyubpsti.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\mmzvjotx.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\noagpora.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\rjxagsok.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\kpnsmitt.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\2 noun.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dart five.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\defaultgrid.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Dumb Drv.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\grim sect.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\NEWSETUP.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\program link.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\supportsign.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\transthe.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\All Users\Application Data\basedashuploadprogram\Vga Team.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\bootryvr.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\daxarwdp.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dkjgkwrh.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\dzltkxst.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\hxecrnyn.exe
00047746 Adware/Lop Adware No 0 Yes No C:\Documents and Settings\m\Application Data\download play remote\jpgqghcv.exe
00048936 Exploit/ByteVerify HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-645f4c2c-75266df4.class
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\sp2ctr
00063168 spyware/dluca Spyware No 1 Yes No hkey_current_user\software\program info
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.casalemedia.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@atdmt[1].txt
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00145745 Cookie/OfferOptimizer TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.offeroptimizer.com/]
00149116 Cookie/Ccbill TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.ccbill.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.belnk.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.com.com/]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@com[2].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.yadro.ru/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xiti.com/]
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.toplist.cz/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statcounter[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ad.yieldmanager[2].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@bs.serving-sys[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adtech[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@advertising[1].txt
00170087 Cookie/Hbmediapro TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.adopt.hbmediapro.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@ads.pointroll[1].txt
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.xmts.net/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\m\Cookies\m@adrevolver[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\m\Application Data\Mozilla\Firefox\Profiles\wslxcb1a.default\cookies.txt[.go.com/]
00200583 adware/block-checker Adware No 1 Yes No c:\windows\system32\ustart.exe
00213191 dialer.dgi Dialers No 0 Yes No hkey_local_machine\software\mpb
00213191 dialer.dgi Dialers No 0 Yes No hkey_current_user\software\mpb
00217978 application/errorguard HackTools No 0 Yes No hkey_classes_root\clsid\{205ff73b-ca67-11d5-99dd-444553540006}
00217978 application/errorguard HackTools No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{205ff73b-ca67-11d5-99dd-444553540006}
00268735 Adware/Webdir Adware No 0 No No C:\Documents and Settings\m\Desktop\AVIMoviePlayer50.exe[IECodecPlg.dll]
00268735 Adware/Webdir Adware No 0 Yes No C:\WINDOWS\IECodecPlg.dll
00596566 Adware/ActiveSearch Adware No 0 No No C:\Program Files\Morpheus\morpheustoolbar.exe[morpheustoolbar.dll]
00895808 Generic Trojan Virus/Trojan No 0 Yes Yes C:\WINDOWS\Downloaded Program Files\Install.dll
01346783 Adware/VideoAccess Adware No 1 Yes No C:\Program Files\VideoAccessCodec\Uninstall.exe
01346783 Adware/VideoAccess Adware No 1 Yes No C:\QooBox\Quarantine\C\Program Files\VideoAccessCodec\Uninstall.exe.vir
01941633 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delmod.dll]
01942368 Exploit/Gimsh.A HackTools No 0 Yes No C:\Documents and Settings\m\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-220fecef-3ac26b3a.zip[BaaaaBaa.class]
02183986 Trj/Banker.FWD Virus/Trojan No 1 No No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331259.exe[AviPlayer.exe]
02384441 Application/Morpheus Spyware No 0 Yes No C:\Program Files\Morpheus\morpheustoolbar.exe
02510759 Application/SpyBouncer HackTools No 0 No No C:\WINDOWS\Downloaded Installations\{33242EA1-7ED8-4C4F-A3CE-B9E8EC606EF1}\SpyBouncer.msi[unk_0084][delQueue.exe]
02899550 Application/SpywareSecure HackTools No 0 Yes No C:\Documents and Settings\m\Local Settings\Temp\4o6y1ihk.exe
02911205 Adware/AntiSpywareDeluxe Adware No 0 Yes No C:\System Volume Information\_restore{237EC1CF-1EE2-466A-BD3B-9D742C615F47}\RP307\A0331264.exe
;===============================================================================
============================================
SUSPECTS
Sent Location ^
;===============================================================================
===========================================
No C:\WINDOWS\SYSTEM32\YOBKSF.EXE ^
;===============================================================================
===========================================
VULNERABILITIES
Id Severity Description ^
;===============================================================================
=========================================== ^
184379 MEDIUM MS08-001 ^
182048 HIGH MS07-069 ^
182046 HIGH MS07-067 ^
182043 HIGH MS07-064 ^
179553 HIGH MS07-061 ^
176382 HIGH MS07-057 ^
176383 HIGH MS07-058 ^
170911 HIGH MS07-050 ^
170907 HIGH MS07-046 ^
170906 HIGH MS07-045 ^
170904 HIGH MS07-043 ^
164915 HIGH MS07-035 ^
164913 HIGH MS07-033 ^
164911 HIGH MS07-031 ^
160623 HIGH MS07-027 ^
157262 HIGH MS07-022 ^
157261 HIGH MS07-021 ^
157260 HIGH MS07-020 ^
157259 HIGH MS07-019 ^
156477 HIGH MS07-017 ^
150253 HIGH MS07-016 ^
150249 HIGH MS07-013 ^
150248 HIGH MS07-012 ^
150247 HIGH MS07-011 ^
150243 HIGH MS07-008 ^
150242 HIGH MS07-007 ^
150241 MEDIUM MS07-006 ^
141034 HIGH MS06-076 ^
141033 MEDIUM MS06-075 ^
141030 HIGH MS06-072 ^
137571 HIGH MS06-070 ^
137568 HIGH MS06-067 ^
133387 MEDIUM MS06-065 ^
133386 MEDIUM MS06-064 ^
133385 MEDIUM MS06-063 ^
133379 HIGH MS06-057 ^
131654 HIGH MS06-055 ^
129977 MEDIUM MS06-053 ^
129976 MEDIUM MS06-052 ^
126093 HIGH MS06-051 ^
126092 MEDIUM MS06-050 ^
126087 HIGH MS06-046 ^
126086 MEDIUM MS06-045 ^
126083 HIGH MS06-042 ^
126082 HIGH MS06-041 ^
126081 HIGH MS06-040 ^
123421 HIGH MS06-036 ^
123420 HIGH MS06-035 ^
120825 MEDIUM MS06-032 ^
120823 MEDIUM MS06-030 ^
120818 HIGH MS06-025 ^
120815 HIGH MS06-022 ^
120814 HIGH MS06-021 ^
117384 MEDIUM MS06-018 ^
114666 HIGH MS06-015 ^
114664 HIGH MS06-013 ^
108744 MEDIUM MS06-008 ^
108743 MEDIUM MS06-007 ^
108742 MEDIUM MS06-006 ^
104567 HIGH MS06-002 ^
104237 HIGH MS06-001 ^
96574 HIGH MS05-053 ^
93395 HIGH MS05-051 ^
93394 HIGH MS05-050 ^
93454 MEDIUM MS05-049 ^
;===============================================================================
===================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:13, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\DOCUME~1\m\LOCALS~1\Temp\update.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F3 - REG:win.ini: load=C:\WINDOWS\system32\exfitnxcik\winlogon.exe
O1 - Hosts: 1.1.1.1 f-secure.com
O1 - Hosts: 1.1.1.1 www.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.f-secure.com
O1 - Hosts: 1.1.1.1 ftp.sophos.com
O1 - Hosts: 1.1.1.1 liveupdate.symantec.com
O1 - Hosts: 1.1.1.1 customer.symantec.com
O1 - Hosts: 1.1.1.1 dispatch.mcafee.com
O1 - Hosts: 1.1.1.1 download.mcafee.com
O1 - Hosts: 1.1.1.1 rads.mcafee.com
O1 - Hosts: 1.1.1.1 mast.mcafee.com
O1 - Hosts: 1.1.1.1 my-etrust.com
O1 - Hosts: 1.1.1.1 www.my-etrust.com
O1 - Hosts: 1.1.1.1 nai.com
O1 - Hosts: 1.1.1.1 www.nai.com
O1 - Hosts: 1.1.1.1 networkassociates.com
O1 - Hosts: 1.1.1.1 secure.nai.com
O1 - Hosts: 1.1.1.1 securityresponse.symantec.com
O1 - Hosts: 1.1.1.1 service1.symantec.com
O1 - Hosts: 1.1.1.1 sophos.com
O1 - Hosts: 1.1.1.1 www.sophos.com
O1 - Hosts: 1.1.1.1 support.microsoft.com
O1 - Hosts: 1.1.1.1 symantec.com
O1 - Hosts: 1.1.1.1 www.symantec.com
O1 - Hosts: 1.1.1.1 update.symantec.com
O1 - Hosts: 1.1.1.1 updates.symantec.com
O1 - Hosts: 1.1.1.1 us.mcafee.com
O1 - Hosts: 1.1.1.1 vil.nai.com
O1 - Hosts: 1.1.1.1 viruslist.com
O1 - Hosts: 1.1.1.1 www.viruslist.com
O1 - Hosts: 1.1.1.1 grisoft.com
O1 - Hosts: 1.1.1.1 www.grisoft.com
O1 - Hosts: 1.1.1.1 free.grisoft.com
O1 - Hosts: 1.1.1.1 trendmicro.com
O1 - Hosts: 1.1.1.1 housecall.trendmicro.com
O1 - Hosts: 1.1.1.1 www.trendmicro.com
O1 - Hosts: 1.1.1.1 pandasoftware.com
O1 - Hosts: 1.1.1.1 www.pandasoftware.com
O1 - Hosts: 1.1.1.1 usa.kaspersky.com
O1 - Hosts: 1.1.1.1 ewido.net
O1 - Hosts: 1.1.1.1 www.ewido.net
O1 - Hosts: 1.1.1.1 zonelabs.com
O1 - Hosts: 1.1.1.1 www.zonelabs.com
O1 - Hosts: 1.1.1.1 bitdefender.com
O1 - Hosts: 1.1.1.1 www.bitdefender.com
O1 - Hosts: 1.1.1.1 download.bitdefender.com
O1 - Hosts: 1.1.1.1 upgrade.bitdefender.com
O1 - Hosts: 1.1.1.1 spywareinfo.com
O1 - Hosts: 1.1.1.1 www.spywareinfo.com
O1 - Hosts: 1.1.1.1 merijn.org
O1 - Hosts: 1.1.1.1 www.merijn.org
O1 - Hosts: 1.1.1.1 sysinternals.com
O1 - Hosts: 1.1.1.1 www.sysinternals.com
O1 - Hosts: 1.1.1.1 onguardonline.gov
O1 - Hosts: 1.1.1.1 www.onguardonline.gov
O1 - Hosts: 1.1.1.1 avast.com
O1 - Hosts: 1.1.1.1 www.avast.com
O1 - Hosts: 1.1.1.1 safety.live.com
O1 - Hosts: 1.1.1.1 www.paretologic.com
O1 - Hosts: 1.1.1.1 paretologic.com
O1 - Hosts: 1.1.1.1 virusscan.jotti.org
O1 - Hosts: 1.1.1.1 services.google.com
O1 - Hosts: 1.1.1.1 www.webroot.com
O1 - Hosts: 1.1.1.1 webroot.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1081FC63-E698-C755-D3A4-7344C3B8B186} - C:\DOCUME~1\m\APPLIC~1\GREYTR~1\face bend.exe (file missing)
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: CIEObjectObj Object - {CA13D72F-2DAC-4D99-B08D-C5EA1C920E89} - C:\WINDOWS\IECodecPlg.dll
O2 - BHO: XBTBPos00 - {E552EEFC-DE97-45D4-BA1A-F534A1B4A579} - C:\PROGRA~1\MORPHE~1\tbu11A\MORPHE~1.DLL (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O2 - BHO: MSVPS System - {F4CF814F-970F-405D-A42C-0CE06EB97373} - C:\WINDOWS\mxduo.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_SA2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P35 "EPSON Stylus DX3800 Series (Copy 1)" /O5 "LPT1:" /M "Stylus DX3800"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 2)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S451.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 1) (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S453.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series (Copy 3)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "C:\WINDOWS\TEMP\E_S455.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Microsoft] sxe7E.tmp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ProxyFirewall] D:\Program Files\ProxyFirewall\ProxyFirewall.exe
O4 - HKCU\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /M "Stylus DX3800" /EF "HKCU"
O4 - HKCU\..\Run: [Update] "C:\DOCUME~1\m\LOCALS~1\Temp\update.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: winlogon.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\Office\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2426D1E5-371F-464E-A73E-8F5585CAE33C}: NameServer = 212.139.132.56 212.139.132.57
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: PSPShuffleIndexer - Unknown owner - c:\documents and settings\all users\desktop\psp shuffle\pspshuffleindexer.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O24 - Desktop Component 0: (no name) - http://www.desktoppi...P...w=233&h=175

--
End of file - 10646 bytes

    Advertisements

Register to Remove


#2 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 21 April 2008 - 09:00 PM

Hello and Welcome to the forums!

Sorry about the delay in responding :( The forums have been very busy

My name is Gringo and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.


If you still need help, Scan again with HijackThis, and copy/paste" a new log file into this thread.

Also please make an uninstall list and post that as well

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in your next reply.


Gringo


#3 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 24 April 2008 - 08:42 PM

Hello

: three day bump :


It has been three days since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

#4 gringo_pr

gringo_pr

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 423 posts

Posted 27 April 2008 - 07:14 PM

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users