|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
06-07-2006, 04:28 AM
|
#1 (permalink) |
|
Manager Emeritus, I'm blond, James Blond
Join Date: Apr 2006
Location: Athens, Greece
Posts: 7,667
OS: Win XP Pro SP2
 |
huadio.tmp, pskill.k, gendel.a, spyware cookies
This pc had an issue with huadio.tmp invoking Windows Defender to ask permission to accept or not a service & drivers change. Apart from this, the only other issue was that it either unsolicitedly asked for a dial-up connection or it showed hang-up symptoms (combined with 100% cpu spikes) when it connected thru dial-up (not thru the lan gateway).
I ran the 5-step procedure, which also came up with some other threats found in that pc; namely: pskill.k, gendel.a, and spyware cookies. The 5-step procedure was thoroughly followed according to the instructions provided by Microbell (all online scanners used), and then CleanUp and Ewido were run at Safe Mode. Here is the resulting HJT log, waiting for your feedback: Logfile of HijackThis v1.99.1 Scan saved at 12:08:15 μμ, on 7/6/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe K:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe K:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\MGE\RunSC.exe C:\WINDOWS\system32\MGE\PCtl.exe C:\WINDOWS\system32\MGE\BIL.EXE C:\Program Files\VeriSign\NAVI\naviagent.exe C:\WINDOWS\system32\MGE\CILUSB.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe K:\Program Files\UPHClean\uphclean.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE K:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe K:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe K:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe K:\Program Files\ZoneAlarm\zlclient.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Icons\Seticon.exe K:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\PESTPA~1\PPMemCheck.exe C:\PROGRA~1\PESTPA~1\PPControl.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\PROGRA~1\PESTPA~1\CookiePatrol.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe K:\Program Files\Java\jre1.5.0_07\bin\jusched.exe C:\WINDOWS\System32\G-VGA.exe C:\WINDOWS\SOUNDMAN.EXE K:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe K:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\WINDOWS\system32\ctfmon.exe K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe K:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe C:\@HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webshots.com/r/internal/start/client/RAND R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0.7\ActiveX\AcroIEHelper.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O4 - HKLM\..\Run: [CaISSDT] "k:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" O4 - HKLM\..\Run: [CaAvTray] "k:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "k:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [Zone Labs Client] K:\Program Files\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [SetIcon] C:\Program Files\Icons\Seticon.exe O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RMClient\MplSetUp.exe O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RMClient\JobHisInit.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe O4 - HKLM\..\Run: [BootSkin Startup Jobs] "K:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] K:\Program Files\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] K:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] K:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background O4 - Startup: Check Windows Disk Protection.lnk = C:\Program Files\Microsoft Shared Computer Toolkit\CheckWDP.hta O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = K:\Program Files\Adobe\Acrobat 7.0.7\Reader\reader_sl.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://K:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - K:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra 'Tools' menuitem: i-Nav Help - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing) O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra 'Tools' menuitem: i-Nav Options - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx O16 - DPF: {131EB16C-BD58-443F-8151-6DFBB0DA1778} (Anark Client 3.0 ActiveX Control) - http://install.anark.com/client/vers...n/AMClient.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp.com/rdqna/downloads/sysinfo.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource...scbase7617.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1139410088578 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139479721531 O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} (DASWebDownload Class) - http://das.microsoft.com/activate/ca...ail/DASAct.cab O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqna/downloads/msxml4.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326 O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...74/mcfscan.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CAISafe - Computer Associates International, Inc. - K:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe O23 - Service: ewido security suite control - ewido networks - K:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe O23 - Service: VeriSign Updater (navi) - VeriSign, Inc. - C:\Program Files\VeriSign\NAVI\naviagent.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: SCTThresholdMonitor (SCTThresholdMon) - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups2.exe (file missing) O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - K:\Program Files\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WDPOperations - Unknown owner - C:\Program Files\Microsoft Shared Computer Toolkit\bin\SRVANY.EXE
__________________
 "Time is the wisest because it discovers everything" Thales of Miletus (ca.624BC-ca.546BC) "Everything flows, nothing stands still." Heraclitus of Ephesus (ca.535BC-475BC) "One thing I know, that I know nothing" Socrates of Athens (ca.470BC–399BC) |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-07-2006, 03:32 PM
|
#2 (permalink) |
|
Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic
|
Hi Zazula
I was a bit worried when I saw your name against a post here..........  The log is clean. Any particular problems? I guess Ewido cleaned out the odd items you found?
__________________
Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums.   PC Safety & Security::PC running a bit slow?::Donate::Photographers Corner |
|
|
|
|
06-08-2006, 12:29 AM
|
#3 (permalink) |
|
Manager Emeritus, I'm blond, James Blond
Join Date: Apr 2006
Location: Athens, Greece
Posts: 7,667
OS: Win XP Pro SP2
|
Hi Glaswegian
I'm really sorry if the appearance of my name in a thread raises worries... The point is that, when huadio.tmp was intercepted by Windows Defender, I was given the sound advice in the General Security part of TSF to run the 5-step procedure. I combined this with earlier sporadic signs that could be the result of hardly-detectable malware (despite the presence in that pc of a bunch of "standard" resident anti-malware tools), and I decided to follow the 5-step procedure. I'm really glad that I did so, because malware was indeed detected that I was unaware of, and now I feel (personally & pc-wise) in a much better state. Now, what I found inherent in the 5-step procedure, is that it has to be performed precisely and methodically. To my understanding, this means to do what you are asked to do - nothing more, nothing less. It's of paramount importance to stick to the instructions, and that's what I did. I had a look to the HJT log myself, seemed OK, but I didn't touch a thing. When you are told so and you do otherwise, you're heading for trouble in the most unrespectful (to all the hard work that founds TSF) way. Conclusively, this pc seems to be running and, according to the HJT log, is indeed running normally. Thanks for taking the time to check it out. I believe this thread can now be classified as resolved.
__________________
"Time is the wisest because it discovers everything" Thales of Miletus (ca.624BC-ca.546BC) "Everything flows, nothing stands still." Heraclitus of Ephesus (ca.535BC-475BC) "One thing I know, that I know nothing" Socrates of Athens (ca.470BC–399BC) |
|
|
|
| Thread Tools | |
|
|
