Hello.
I followed the 5 steps in the sticky, but when I run ad aware and spybot, I STILL pick up entries. I get random popups from IE, and from firefox when I am using it. It's very frustrating. Here's what I have for you:
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:53:47 AM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\avgamsvr.exe
C:\PROGRA~1\avgupsvc.exe
C:\PROGRA~1\avgemc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe
G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe
G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe
C:\PROGRA~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
G:\PowerDVD6\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
G:\steam\steam.exe
E:\Wlan\WLANPRO.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
E:\Wlan\Reg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MMTray] "G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe"
O4 - HKLM\..\Run: [mmtray2k] "G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe"
O4 - HKLM\..\Run: [mmtraylsi] "G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] G:\PowerDVD6\PDVDServ.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "g:\steam\steam.exe" -silent
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4866/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SI Tomcat (SITomcat) - Alexandria Software Consulting - C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
O23 - Service: SI Transbase (SITransbase) - TransAction Software, D 81737 Munich - C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
And, here's the reports from McAfee and Bitdefender. I don't think the McAfee one deleted anything...?
C:\Documents and Settings\...\Temp\iscueesg.dll Generic Spy
C:\Documents and Settings\...\Temp\ktbahupx.dll Generic Spy
C:\Documents and Settings\...\Temp\npfmlsvw.dll Generic Spy
C:\Documents and Settings\...\Temp\onltaouo.dll Generic Spy
C:\Documents and Settings\...\Temp\rsxdxaps.dll Generic Spy
C:\System Volume Information\...\A0031633.dll Vundo
C:\System Volume Information\...\A0031659.dll Adware-SearchColours
C:\System Volume Information\...\A0031778.dll Vundo
C:\WINDOWS\system32\eyubgyev.exe Adware-SearchColours
C:\WINDOWS\system32\jjrwmnva.dll Generic Spy
C:\WINDOWS\system32\vfcwqrbr.dll Generic Spy
C:\WINDOWS\system32\xmkwanqc.dll Generic Spy
I also have a bitdefender report I can post if necessary, but it's not in a convienent log file, so it can wait.
Thanks in advance for the help!!
Nathan
I followed the 5 steps in the sticky, but when I run ad aware and spybot, I STILL pick up entries. I get random popups from IE, and from firefox when I am using it. It's very frustrating. Here's what I have for you:
HJT Log:
Logfile of HijackThis v1.99.1
Scan saved at 2:53:47 AM, on 10/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\avgamsvr.exe
C:\PROGRA~1\avgupsvc.exe
C:\PROGRA~1\avgemc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\Program Files\GM SPO\eSI\Transbase\tbkern32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe
G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe
G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe
C:\PROGRA~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
G:\PowerDVD6\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Messenger\msmsgs.exe
G:\steam\steam.exe
E:\Wlan\WLANPRO.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
E:\Wlan\Reg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MMTray] "G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\MMTray.exe"
O4 - HKLM\..\Run: [mmtray2k] "G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtray2k.exe"
O4 - HKLM\..\Run: [mmtraylsi] "G:\ACE Mega CoDecS Pack\SystemS\Morgan Multimedia\mmtraylsi.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] G:\PowerDVD6\PDVDServ.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "g:\steam\steam.exe" -silent
O4 - Global Startup: 108Mbps Wireless LAN Adapter Configuration Utility.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Reg.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4866/mcfscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SI Tomcat (SITomcat) - Alexandria Software Consulting - C:\Program Files\GM SPO\eSI\Apache Group\Tomcat 4.1\bin\tomcat.exe
O23 - Service: SI Transbase (SITransbase) - TransAction Software, D 81737 Munich - C:\Program Files\GM SPO\eSI\Transbase\tbmux32.exe
And, here's the reports from McAfee and Bitdefender. I don't think the McAfee one deleted anything...?
C:\Documents and Settings\...\Temp\iscueesg.dll Generic Spy
C:\Documents and Settings\...\Temp\ktbahupx.dll Generic Spy
C:\Documents and Settings\...\Temp\npfmlsvw.dll Generic Spy
C:\Documents and Settings\...\Temp\onltaouo.dll Generic Spy
C:\Documents and Settings\...\Temp\rsxdxaps.dll Generic Spy
C:\System Volume Information\...\A0031633.dll Vundo
C:\System Volume Information\...\A0031659.dll Adware-SearchColours
C:\System Volume Information\...\A0031778.dll Vundo
C:\WINDOWS\system32\eyubgyev.exe Adware-SearchColours
C:\WINDOWS\system32\jjrwmnva.dll Generic Spy
C:\WINDOWS\system32\vfcwqrbr.dll Generic Spy
C:\WINDOWS\system32\xmkwanqc.dll Generic Spy
I also have a bitdefender report I can post if necessary, but it's not in a convienent log file, so it can wait.
Thanks in advance for the help!!
Nathan