|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
10-08-2006, 06:22 PM
|
#1 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 14
OS: windows xp
|
iesettingsupdate, when computer starts
Im having this comenly pop up in internet explorer when i start my computer... any ideas of how i can remove...
hijackthis log: Logfile of HijackThis v1.99.1 Scan saved at 8:25:12 PM, on 10/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\vssvc.exe C:\New Folder\HijackThis.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bsudugy.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158642714890 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe i would approciate the help. Last edited by albo : 10-08-2006 at 06:25 PM. |
|
     
|
|
10-09-2006, 02:35 AM
|
#2 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Hi albo
Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe and save to the desktop. 1. Double click on combo.exe & follow the prompts. 2. When finished, it will produce a logfile located at C:\ComboFix.txt. 3. Post the contents of that log in your next reply with a new hijackthis log. Notes: * Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang. * Do not proceed with the rest of the fix if you fail to run combofix * Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
__________________
An Australian Member of  Eddy |
|
|
|
|
10-09-2006, 08:02 PM
|
#3 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 14
OS: windows xp
|
here is the combofix log.. and below the hijackthis.. log
Family - 06-10-09 21:05:07.51 Service Pack 2 ComboFix 06.09.28 - Running from: "C:\New Folder" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\deskbar.exe C:\deskbar_e13.exe C:\Documents and Settings\Family\Application Data\Install.dat C:\WINDOWS\system32\adrot-uninst.exe C:\Program Files\Common Files\{D86ACC99-0BF3-1033-0404-060718200001} ((((((((((((((((((((((((((((((( Files Created from 2006-09-09 to 2006-10-09 )))))))))))))))))))))))))))))))))) 2006-09-27 20:21 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2006-09-27 20:21 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2006-09-25 20:14 32,768 --a------ C:\WINDOWS\1205.exe 2006-09-25 18:54 327 --a------ C:\WINDOWS\xidcb.dll 2006-09-25 18:54 28,672 --------- C:\WINDOWS\system32\pwnyj.exe 2006-09-25 18:29 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2006-09-25 18:29 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2006-09-25 18:28 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2006-09-25 18:14 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL 2006-09-25 18:14 169,984 --a------ C:\WINDOWS\system32\P2D.DLL 2006-09-25 18:14 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL 2006-09-20 23:06 38,229 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys 2006-09-20 22:57 78,488 --a------ C:\WINDOWS\system32\XMD5.dll 2006-09-20 22:57 101,888 --a------ C:\WINDOWS\system32\vb6stkit.dll 2006-09-20 22:44 88 -r-hs---- C:\WINDOWS\system32\1EE1EB69C6.sys 2006-09-20 20:49 4,184 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys 2006-09-19 18:19 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2006-09-19 18:19 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2006-09-19 00:21 23,040 --------- C:\WINDOWS\kb913800.exe 2006-09-19 00:12 18,200 --a------ C:\WINDOWS\system32\wups2.dll 2006-09-18 23:53 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2006-09-18 23:53 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys 2006-09-18 23:53 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2006-09-18 13:11 778,240 --a------ C:\WINDOWS\system32\divx_xx07.dll 2006-09-18 13:11 761,856 --a------ C:\WINDOWS\system32\divx_xx11.dll 2006-09-18 13:11 620,180 --a------ C:\WINDOWS\system32\DivX.dll 2006-09-14 10:35 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll 2006-09-14 10:35 306,688 --a------ C:\WINDOWS\IsUninst.exe 2006-09-14 10:35 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll 2006-09-14 10:33 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2006-09-14 10:25 149,504 --a------ C:\WINDOWS\UNWISE.EXE 2006-09-14 10:24 89,088 --a------ C:\WINDOWS\system32\atl71.dll 2006-09-14 10:24 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe 2006-09-14 10:24 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe 2006-09-14 10:23 712,704 --a------ C:\WINDOWS\system32\DellSystemRestore.dll 2006-09-14 10:23 10,344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys 2006-09-14 10:21 8,552 --a------ C:\WINDOWS\system32\drivers\asctrm.sys 2006-09-14 10:21 153,088 --a------ C:\WINDOWS\system32\jgdwmie.dll 2006-09-14 10:20 33,588 --a------ C:\WINDOWS\system32\drivers\wanatw4.sys 2006-09-14 10:20 225,280 --a------ C:\WINDOWS\system32\AOLDial.dll 2006-09-14 10:18 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys 2006-09-14 10:18 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys 2006-09-14 10:18 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys 2006-09-14 10:18 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys 2006-09-14 10:18 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys 2006-09-14 10:18 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys 2006-09-14 10:18 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys 2006-09-14 10:18 172,416 --a------ C:\WINDOWS\system32\drivers\kmixer.sys 2006-09-14 10:18 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys 2006-09-14 10:17 28,672 --------- C:\WINDOWS\system32\verclsid.exe 2006-09-14 10:07 135,168 --a------ C:\WINDOWS\system32\igfxres.dll 2006-09-14 10:04 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys 2006-09-14 10:04 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2006-09-14 10:04 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys 2006-09-14 10:04 4,096 --a------ C:\WINDOWS\system32\ksuser.dll 2006-09-14 10:04 16,128 --a------ C:\WINDOWS\system32\drivers\MODEMCSA.sys 2006-09-14 09:57 90,112 --a------ C:\WINDOWS\system32\mdmxsdk.dll 2006-09-14 09:57 680,704 --a------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys 2006-09-14 09:57 32,218 --a------ C:\WINDOWS\system32\HSFCI008.dll 2006-09-14 09:57 212,224 --a------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys 2006-09-14 09:57 200,704 --a------ C:\WINDOWS\system32\stacapi.dll 2006-09-14 09:57 155,648 --a------ C:\WINDOWS\system32\GWSEH.dll 2006-09-14 09:57 112,128 --a------ C:\WINDOWS\system32\staco.dll 2006-09-14 09:57 11,043 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys 2006-09-14 09:57 1,107,224 --a------ C:\WINDOWS\system32\drivers\sthda.sys 2006-09-14 09:57 1,042,432 --a------ C:\WINDOWS\system32\drivers\HSF_DP.sys 2006-09-14 09:56 94,208 --a------ C:\WINDOWS\system32\igfxtray.exe 2006-09-14 09:56 94,208 --a------ C:\WINDOWS\system32\igfxext.exe 2006-09-14 09:56 901,242 --a------ C:\WINDOWS\system32\ialmdd5.dll 2006-09-14 09:56 86,016 --a------ C:\WINDOWS\system32\igfxdo.dll 2006-09-14 09:56 77,824 --a------ C:\WINDOWS\system32\hkcmd.exe 2006-09-14 09:56 73,728 --a------ C:\WINDOWS\system32\hccutils.dll 2006-09-14 09:56 61,440 --a------ C:\WINDOWS\system32\iAlmCoIn_v4410.dll 2006-09-14 09:56 57,344 --a------ C:\WINDOWS\system32\igfxsrvc.dll 2006-09-14 09:56 524,288 --a------ C:\WINDOWS\system32\igldev32.dll 2006-09-14 09:56 49,152 --a------ C:\WINDOWS\system32\ialmrem.dll 2006-09-14 09:56 49,152 --a------ C:\WINDOWS\setpwrcg.exe 2006-09-14 09:56 446,464 --a------ C:\WINDOWS\system32\igfxcfg.exe 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\igfxexps.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuTRK.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuTHA.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuSVE.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuRUS.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuPTG.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuPTB.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuPLK.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuNOR.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuNLD.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuKOR.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuJPN.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuITA.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuHUN.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuHEB.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuFRC.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuFRA.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuFIN.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuESP.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuENG.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuELL.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuDEU.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuDAN.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuCSY.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuCHT.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuCHS.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuARB.dll 2006-09-14 09:56 40,960 --a------ C:\WINDOWS\system32\ialmuARA.dll 2006-09-14 09:56 36,990 --a------ C:\WINDOWS\system32\ialmrnt5.dll 2006-09-14 09:56 36,864 --a------ C:\WINDOWS\system32\e100bmsg.dll 2006-09-14 09:56 213,274 --a------ C:\WINDOWS\system32\ialmdev5.dll 2006-09-14 09:56 2,310,144 --a------ C:\WINDOWS\system32\iglicd32.dll 2006-09-14 09:56 19,456 --a------ C:\WINDOWS\system32\IntelNic.dll 2006-09-14 09:56 159,744 --a------ C:\WINDOWS\system32\igfxsrvc.exe 2006-09-14 09:56 147,456 --a------ C:\WINDOWS\system32\igfxpph.dll 2006-09-14 09:56 135,168 --a------ C:\WINDOWS\system32\igfxdev.dll 2006-09-14 09:56 126,976 --a------ C:\WINDOWS\system32\Prounstl.exe 2006-09-14 09:56 118,395 --a------ C:\WINDOWS\system32\ialmdnt5.dll 2006-09-14 09:56 114,688 --a------ C:\WINDOWS\system32\igfxzoom.exe 2006-09-14 09:56 114,688 --a------ C:\WINDOWS\system32\igfxpers.exe 2006-09-14 09:56 114,688 --a------ C:\WINDOWS\system32\ialmudlg.exe 2006-09-14 09:56 1,503,232 --a------ C:\WINDOWS\system32\igfxress.dll 2006-09-14 09:56 1,302,812 --a------ C:\WINDOWS\system32\drivers\ialmnt5.sys 2006-09-14 09:55 884,736 --a------ C:\WINDOWS\system32\msimsg.dll 2006-09-14 09:55 78,848 --a------ C:\WINDOWS\system32\msiexec.exe 2006-09-14 09:55 453,120 --a------ C:\WINDOWS\system32\drivers\mrxsmb.sys 2006-09-14 09:55 271,360 --a------ C:\WINDOWS\system32\msihnd.dll 2006-09-14 09:55 2,890,240 --a------ C:\WINDOWS\system32\msi.dll 2006-09-14 09:55 15,360 --a------ C:\WINDOWS\system32\msisip.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-09 21:05 -------- d-------- C:\Program Files\Common Files 2006-10-09 17:46 -------- d-------- C:\Program Files\Norton Internet Security 2006-10-08 21:49 -------- d-------- C:\Program Files\EA SPORTS 2006-10-08 19:38 -------- d-------- C:\Program Files\Common Files\Symantec Shared 2006-10-07 19:43 -------- d---s---- C:\Documents and Settings\Family\Application Data\Microsoft 2006-10-07 10:24 -------- d-------- C:\Documents and Settings\Family\Application Data\Adobe 2006-09-27 23:36 -------- d-------- C:\Program Files\Security Task Manager 2006-09-27 23:07 -------- d-------- C:\Program Files\RegistrySmart 2006-09-27 22:40 -------- d-------- C:\Program Files\Winamp 2006-09-27 22:24 -------- d-------- C:\Program Files\GemMaster 2006-09-27 20:44 -------- d-------- C:\Program Files\Symantec 2006-09-27 20:37 -------- d-------- C:\Documents and Settings\Family\Application Data\Symantec 2006-09-27 19:59 -------- d-------- C:\Program Files\Internet Explorer 2006-09-25 21:13 -------- d-------- C:\Documents and Settings\Family\Application Data\Lavasoft 2006-09-25 21:12 -------- d-------- C:\Program Files\Lavasoft 2006-09-25 20:04 -------- d-------- C:\Program Files\Norton Ghost 2006-09-25 18:53 -------- d-------- C:\Documents and Settings\Family\Application Data\McAfee.com Personal Firewall 2006-09-25 18:42 -------- d-------- C:\Program Files\WinRAR 2006-09-22 19:33 -------- d-------- C:\Documents and Settings\Family\Application Data\Sun 2006-09-21 00:08 -------- d-------- C:\Documents and Settings\Family\Application Data\Real 2006-09-21 00:02 -------- d-------- C:\Program Files\Common Files\xing shared 2006-09-21 00:02 -------- d-------- C:\Program Files\Common Files\Real 2006-09-20 23:49 -------- d-------- C:\Program Files\Cool2000 2006-09-20 23:49 -------- d-------- C:\Documents and Settings\Family\Application Data\Help 2006-09-20 23:36 -------- d-------- C:\Program Files\Acoustica MP3 Audio Mixer 2006-09-20 23:14 -------- d-------- C:\Program Files\iTunes 2006-09-20 23:14 -------- d-------- C:\Program Files\iPod 2006-09-20 23:13 -------- d-------- C:\Program Files\QuickTime 2006-09-20 23:13 -------- d-------- C:\Program Files\Apple Software Update 2006-09-20 23:07 -------- d-------- C:\Documents and Settings\Family\Application Data\Apple Computer 2006-09-20 22:51 -------- d-------- C:\Program Files\Corel 2006-09-20 22:45 -------- d-------- C:\Documents and Settings\Family\Application Data\Corel Photo Album 2006-09-20 22:41 -------- d-------- C:\Documents and Settings\Family\Application Data\Macromedia 2006-09-20 20:47 -------- d-------- C:\Program Files\Common Files\Corel 2006-09-20 20:47 -------- d-------- C:\Documents and Settings\Family\Application Data\Corel 2006-09-19 18:47 -------- d-------- C:\Program Files\SoundSpectrum 2006-09-19 18:33 -------- d-------- C:\Program Files\DivX 2006-09-19 18:28 -------- d-------- C:\Program Files\Yahoo! 2006-09-19 18:17 -------- d-------- C:\Program Files\WinZip 2006-09-19 00:35 -------- d-------- C:\Program Files\Google 2006-09-19 00:27 -------- d-------- C:\Program Files\Windows Media Player 2006-09-19 00:00 -------- d-------- C:\Program Files\Dell Support 2006-09-14 10:36 -------- d-------- C:\Program Files\Dell 2006-09-14 10:35 -------- d-------- C:\Program Files\Microsoft Visual Studio .NET 2003 2006-09-14 10:35 -------- d-------- C:\Program Files\Microsoft SQL Server 2006-09-14 10:35 -------- d-------- C:\Program Files\Microsoft Small Business 2006-09-14 10:35 -------- d-------- C:\Program Files\Common Files\Crystal Decisions 2006-09-14 10:33 -------- d-------- C:\Program Files\Common Files\Microsoft Shared 2006-09-14 10:32 -------- d-------- C:\Program Files\Microsoft Visual Studio 2006-09-14 10:32 -------- d-------- C:\Program Files\Microsoft Office 2006-09-14 10:32 -------- d-------- C:\Program Files\Microsoft ActiveSync 2006-09-14 10:32 -------- d-------- C:\Program Files\Common Files\System 2006-09-14 10:32 -------- d-------- C:\Program Files\Common Files\DESIGNER 2006-09-14 10:31 -------- d-------- C:\Program Files\Microsoft.NET 2006-09-14 10:31 -------- d-------- C:\Program Files\Microsoft Works 2006-09-14 10:31 -------- d-------- C:\Program Files\Common Files\Adobe 2006-09-14 10:31 -------- d-------- C:\Program Files\Adobe 2006-09-14 10:29 -------- d-------- C:\Program Files\BAE 2006-09-14 10:28 -------- d-------- C:\Program Files\McAfee 2006-09-14 10:26 -------- d-------- C:\Program Files\Corel Corporation 2006-09-14 10:24 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-09-14 10:24 -------- d-------- C:\Program Files\WildTangent 2006-09-14 10:24 -------- d-------- C:\Program Files\MUSICMATCH 2006-09-14 10:24 -------- d-------- C:\Program Files\Common Files\InstallShield 2006-09-14 10:22 -------- d-------- C:\Program Files\WebCyberCoach 2006-09-14 10:22 -------- d-------- C:\Documents and Settings\Family\Application Data\Gtek 2006-09-14 10:21 -------- d-------- C:\Program Files\Viewpoint 2006-09-14 10:21 -------- d-------- C:\Program Files\Real 2006-09-14 10:21 -------- d-------- C:\Program Files\Learn2.com 2006-09-14 10:21 -------- d-------- C:\Program Files\EarthLink Setup 2006-09-14 10:21 -------- d-------- C:\Program Files\Common Files\Nullsoft 2006-09-14 10:21 -------- d-------- C:\Program Files\Common Files\aolshare 2006-09-14 10:21 -------- d-------- C:\Program Files\Common Files\AOL 2006-09-14 10:21 -------- d-------- C:\Program Files\AOL Companion 2006-09-14 10:21 -------- d-------- C:\Program Files\America Online 9.0 2006-09-14 10:20 -------- d-------- C:\Program Files\NetZeroInstallers 2006-09-14 10:20 -------- d-------- C:\Program Files\Microsoft Plus! Photo Story 2 LE 2006-09-14 10:20 -------- d-------- C:\Program Files\Microsoft Plus! Digital Media Edition 2006-09-14 10:19 -------- d-------- C:\Program Files\NetWaiting 2006-09-14 10:19 -------- d-------- C:\Program Files\Modem Helper 2006-09-14 10:19 -------- d-------- C:\Program Files\InterActual 2006-09-14 10:19 -------- d-------- C:\Program Files\Digital Line Detect 2006-09-14 10:19 -------- d-------- C:\Program Files\Common Files\Sonic Shared 2006-09-14 10:19 -------- d-------- C:\Program Files\Common Files\Roxio Shared 2006-09-14 10:18 -------- d-------- C:\Program Files\Sigmatel 2006-09-14 10:17 -------- d-------- C:\Program Files\Outlook Express 2006-09-14 10:17 -------- d-------- C:\Program Files\Intel 2006-09-14 10:15 -------- d-------- C:\Program Files\Messenger 2006-09-14 10:14 -------- d-------- C:\Program Files\Java 2006-09-14 10:14 -------- d-------- C:\Program Files\Common Files\Java 2006-09-14 10:03 -------- d-------- C:\Program Files\CONEXANT 2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll 2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe 2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys 2006-08-11 12:35 520192 --a------ C:\WINDOWS\system32\DivXsm.exe 2006-08-11 12:35 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll 2006-08-11 12:35 200704 --a------ C:\WINDOWS\system32\ssldivx.dll 2006-08-11 12:35 1044480 --a------ C:\WINDOWS\system32\libdivx.dll 2006-08-11 12:31 73728 --a------ C:\WINDOWS\system32\dpl100.dll 2006-08-11 12:31 593920 --a------ C:\WINDOWS\system32\dpuGUI11.dll 2006-08-11 12:31 57344 --a------ C:\WINDOWS\system32\dpv11.dll 2006-08-11 12:31 53248 --a------ C:\WINDOWS\system32\dpuGUI10.dll 2006-08-11 12:31 344064 --a------ C:\WINDOWS\system32\dpus11.dll 2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu11.dll 2006-08-11 12:31 294912 --a------ C:\WINDOWS\system32\dpu10.dll 2006-08-11 12:31 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2006-08-11 12:31 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll 2006-08-11 12:31 118784 --a------ C:\WINDOWS\system32\DivXCodecUpdateChecker.exe 2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe" "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe" "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe" "DMXLauncher"="C:\\Program Files\\Dell\\Media Experience\\DMXLauncher.exe" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "Norton Ghost 10.0"="\"C:\\Program Files\\Norton Ghost\\Agent\\GhostTray.exe\"" "ISUSPM Startup"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\isuspm.exe\" -startup" "ISUSScheduler"="\"C:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe\" -start" "DellHelp"="C:\\Dell\\DellHelp\\DellHelp.exe /c" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" @="" "adstart"="\"iexplore.exe\" \"http://iesettingsupdate\"" "MSKDetectorExe"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="about:Home" "SubscribedURL"="about:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{827D3881-317C-442A-B4ED-F576CBA700BB}"="GW SEH Intercept" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - Family.job Completion time: Mon 10/09/2006 21  02.37 ComboFix.txt ****************** here is the hijack this log Logfile of HijackThis v1.99.1 Scan saved at 10:02:15 PM, on 10/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Messenger\msmsgs.exe C:\New Folder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bsudugy.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158642714890 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe thanks b4 hand.. once again for any help |
|
|
|
|
10-09-2006, 10:07 PM
|
#4 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
Remove this entry from the log,reboot and then post a new one please..
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bsudugy.exe Please check and delete this file if still there C:\WINDOWS\system32\bsudugy.exe
__________________
An Australian Member of Eddy |
|
|
|
|
10-10-2006, 08:18 PM
|
#5 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 14
OS: windows xp
|
here is the new log
Logfile of HijackThis v1.99.1 Scan saved at 10:17:02 PM, on 10/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\New Folder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [DellHelp] C:\Dell\DellHelp\DellHelp.exe /c O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate" O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1158642714890 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing) O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe once again.. thanks. for everything.... |
|
|
|
|
10-10-2006, 10:09 PM
|
#7 (permalink) |
|
Security Team (ret.)
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,405
OS: XP Pro SP3
|
...............but just as a last check,which I should have got you to run earlier,please do this....
download, update and run the A2 (A squared) anti-trojan. Let it fix whatever it wants to. Anti-virus Also, run this pc through the... Panda Online virus scanner or Trend Micro Housecall Online virus scanner Let it delete whatever it finds. If it cannot delete it, then post the log and we will delete it manually.
__________________
An Australian Member of Eddy |
|
|
|
|
10-11-2006, 09:09 PM
|
#8 (permalink) |
|
Registered User
Join Date: Oct 2006
Posts: 14
OS: windows xp
|
ok i did everything you said. ran the A2 (A squared) anti-trojan and then ran the panda online virus scan... but im still gettting that... http://iesettingsupdate pop up everytime i start my computer... any ideas here is the hijack this log.. Logfile of HijackThis v1.99.1 Scan saved at 11:05:26 PM, on 10/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Norton Ghost\Agent\GhostTray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\New Folder\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=0060914 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A789 |
