Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Trojan horse downloader and many popups
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-17-2007, 03:02 PM   #1 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 6
OS: Win XP professional


Trojan horse downloader and many popups
I need help getting rid of all viruses, malware, spyware, and anything else that is hindering my computer's effeciency. I went through the five steps that are post on this site. I ran service pack SP1a from the download posted. In safe mode my computer starts up running sp1a, at least that what is stated across the top of the screen, but I have 14 SP(2) hot fixes that will not go away. I've tried to remove them, but my computer freezes and I have to do a system restore from start up. After recovery hot fixes are still present. XP recovery does not work anymore. Please help. Also, is it advisable to install XP professional. My highjackthis log is below.

Rolanda

Logfile of HijackThis v1.99.1
Scan saved at 4:09:09 PM, on 1/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files\Key Generator\isaddon.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Protection Bar - {0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F} - C:\Program Files\Key Generator\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [{20DDFB92-086E-1033-1127-030804030001}] "C:\Program Files\Common Files\{20DDFB92-086E-1033-1127-030804030001}\Update.exe" te-110-12-0000213
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\System32\Netverchk.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: BBYLP.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: carbinyl - {8d8c2387-7f80-4022-9be6-43630a969558} - C:\WINDOWS\System32\gwquvw.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000213 (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
rlboggs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-18-2007, 06:21 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Hi
First off.You need to keep the hot fixes.Leave them as they are....


. Download combofix from here.

**Save it directly to your desktop**

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

==============================

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.exe.Run the application.


Open the SmitfraudFix folder and double-click smitfraudfix.cmd


Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if your computer does not restart automatically please do it yourself manually.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Please post:
c:\rapport.txt
Combo.txt
A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2007, 06:19 PM   #3 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 6
OS: Win XP professional


combofix log
below is the combofix log that you requested.

"Owner" - 07-01-19 19:19:48 Service Pack 1
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\Owner\Application Data\Install.dat
C:\Program Files\INSTALL.LOG
C:\WINDOWS\system32\unsvchosts.lzma
C:\WINDOWS\system32\WinNB58.dll
C:\WINDOWS\whCC-GIANT.exe
C:\Program Files\Common Files\{20DDF~1
C:\Program Files\Common Files\{30DDF~1
C:\Program Files\Safety Bar
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\DOCUME~1
C:\qoobox\purity\DOCUME~1\Owner
C:\qoobox\purity\DOCUME~1\Owner\My Documents
C:\qoobox\purity\DOCUME~1\Owner\My Documents\from.txt
C:\qoobox\purity\DOCUME~1\Owner\My Documents\RACLE~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-19 to 2007-01-19 ))))))))))))))))))))))))))))))))))


2007-01-18 20:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Trymedia
2007-01-14 19:52 20,992 --a------ C:\WINDOWS\system32\gwquvw.dll
2007-01-14 19:52 <DIR> d-------- C:\Program Files\AntiVerminser
2007-01-11 01:14 <DIR> dr-h----- C:\$VAULT$.AVG
2007-01-10 22:06 <DIR> d-------- C:\WINDOWS\pss
2007-01-10 22:05 <DIR> d-------- C:\hijackthis
2007-01-10 21:49 816,672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-01-10 21:49 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-01-10 21:49 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-01-10 21:49 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-01-10 21:49 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-01-10 21:49 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-01-10 21:49 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\AVG7
2007-01-10 21:49 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Application Data\AVG7
2007-01-10 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Grisoft
2007-01-10 21:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\avg7
2007-01-10 21:24 <DIR> d-------- C:\WINDOWS\Prefetch
2007-01-10 21:19 921,475 --------- C:\WINDOWS\system32\ati3d2ag.dll
2007-01-10 21:19 844,675 --------- C:\WINDOWS\system32\ati3d1ag.dll
2007-01-10 21:19 63,663 --------- C:\WINDOWS\system32\drivers\atinrvxx.sys
2007-01-10 21:19 6,912 --------- C:\WINDOWS\system32\drivers\hidir.sys
2007-01-10 21:19 56,591 --------- C:\WINDOWS\system32\drivers\atinbtxx.sys
2007-01-10 21:19 450,176 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-01-10 21:19 377,984 --------- C:\WINDOWS\system32\ati2dvaa.dll
2007-01-10 21:19 37,888 --a------ C:\WINDOWS\system32\hhsetup.dll
2007-01-10 21:19 36,463 --------- C:\WINDOWS\system32\drivers\atintuxx.sys
2007-01-10 21:19 34,735 --------- C:\WINDOWS\system32\drivers\atinxsxx.sys
2007-01-10 21:19 327,040 --------- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2007-01-10 21:19 30,671 --------- C:\WINDOWS\system32\drivers\atinraxx.sys
2007-01-10 21:19 29,455 --------- C:\WINDOWS\system32\drivers\atinxbxx.sys
2007-01-10 21:19 26,367 --------- C:\WINDOWS\system32\drivers\atinsnxx.sys
2007-01-10 21:19 21,343 --------- C:\WINDOWS\system32\drivers\atinttxx.sys
2007-01-10 21:19 202,496 --------- C:\WINDOWS\system32\ati2dvag.dll
2007-01-10 21:19 18,944 --------- C:\WINDOWS\system32\faxpatch.exe
2007-01-10 21:19 143,872 --a------ C:\WINDOWS\system32\itircl.dll
2007-01-10 21:19 13,056 --------- C:\WINDOWS\system32\drivers\wacompen.sys
2007-01-10 21:19 122,368 --a------ C:\WINDOWS\system32\itss.dll
2007-01-10 21:19 12,047 --------- C:\WINDOWS\system32\drivers\atinpdxx.sys
2007-01-10 21:19 11,904 --------- C:\WINDOWS\system32\drivers\mutohpen.sys
2007-01-10 21:19 11,615 --------- C:\WINDOWS\system32\drivers\atinmdxx.sys
2007-01-10 21:19 10,752 --a------ C:\WINDOWS\hh.exe
2007-01-09 21:53 <DIR> d-------- C:\WINDOWS\system32\bak
2007-01-09 21:53 <DIR> d-------- C:\WINDOWS\system\bak
2007-01-06 11:38 <DIR> d-------- C:\Program Files\PuzzleDesktop
2007-01-03 20:28 417,792 --a------ C:\WINDOWS\system32\tcbldvqa.dll
2007-01-03 20:28 36,864 --a------ C:\WINDOWS\system32\slimoqde.exe
2007-01-03 20:28 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-01-03 20:28 139,264 --a------ C:\WINDOWS\mirar_distro_876088.exe
2007-01-03 20:23 8,413 --a------ C:\WINDOWS\system32\drivers\mcstrm.sys
2007-01-03 20:22 208,896 --a------ C:\WINDOWS\system32\wmpns.dll
2007-01-03 20:22 <DIR> d-------- C:\Program Files\Rhapsody
2007-01-02 00:02 <DIR> d-------- C:\DOCUME~1\Owner\Application Data\DriveCleaner Free
2007-01-01 23:52 <DIR> d-------- C:\Program Files\Common Files\DriveCleaner Free
2007-01-01 21:57 420,632 --a------ C:\WINDOWS\system32\wuapi.dll
2007-01-01 21:57 39,704 --a------ C:\WINDOWS\system32\wups.dll
2007-01-01 21:57 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-01-01 21:57 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-01-01 21:57 120,288 --a------ C:\WINDOWS\system32\wuweb.dll
2007-01-01 21:57 118,552 --a------ C:\WINDOWS\system32\wucltui.dll
2006-12-30 23:35 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-12-30 23:35 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-12-30 23:35 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-12-30 23:35 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-12-30 23:35 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-12-30 23:35 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-12-30 23:35 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-12-30 23:35 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-12-30 23:35 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-12-30 23:35 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-12-30 23:35 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-12-30 23:35 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-12-30 23:35 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-12-30 23:35 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-12-30 23:35 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-12-30 23:35 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-12-30 23:35 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-12-30 23:35 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-12-30 23:35 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-12-30 23:35 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-12-30 23:35 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-12-30 23:35 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-12-30 23:35 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-12-30 23:35 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-12-30 23:35 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-12-30 23:35 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-12-30 23:35 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-12-30 23:34 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2006-12-30 23:34 <DIR> d-------- C:\Program Files\DivX
2006-12-30 23:33 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2006-12-30 12:09 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2006-12-30 11:56 2 --a------ C:\WINDOWS\system32\wnstssv.exe
2006-12-29 00:50 56,832 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2006-12-29 00:50 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2006-12-29 00:50 50,048 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-12-29 00:50 28,160 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2006-12-29 00:50 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-12-29 00:50 2,816 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2006-12-29 00:50 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-12-29 00:49 7,556 --a------ C:\WINDOWS\system32\drivers\USRoslbA.sys
2006-12-29 00:49 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-12-29 00:49 57,856 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2006-12-29 00:49 55,680 --a------ C:\WINDOWS\system32\drivers\ohci1394.sys
2006-12-29 00:49 224,802 --a------ C:\WINDOWS\system32\drivers\USR1807A.sys
2006-12-29 00:49 134,272 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2006-12-29 00:49 113,762 --a------ C:\WINDOWS\system32\drivers\USRpdA.sys
2006-12-29 00:03 <DIR> dr-hsc--- C:\WINDOWS\system32\dllcache
2006-12-28 23:12 <DIR> d-------- C:\DOCUME~1\ADMINI~2.COM\WINDOWS
2006-12-28 23:12 <DIR> d-------- C:\DOCUME~1\ADMINI~2.COM\Application Data\Symantec
2006-12-28 23:12 <DIR> d-------- C:\DOCUME~1\ADMINI~2.COM\Application Data\Sun
2006-12-28 23:12 <DIR> d-------- C:\DOCUME~1\ADMINI~2.COM\Application Data\Sonic
2006-12-28 23:12 <DIR> d-------- C:\DOCUME~1\ADMINI~2.COM\Application Data\SampleView
2006-12-28 23:12 <DIR> d-------- C:\DOCUME~1\ADMINI~2.COM\Application Data\Real
2006-12-28 23:12 <DIR> d-------- C:\DOCUME~1\ADMINI~2.COM\Application Data\interMute
2006-12-28 23:00 182,880 --a------ C:\WINDOWS\system32\iuenginenew.dll
2006-12-28 23:00 <DIR> dr-hs---- C:\cmdcons
2006-12-28 22:59 <DIR> d-------- C:\WINDOWS\setupupd
2006-12-28 22:54 81,920 --a------ C:\WINDOWS\system32\mplaw7.dll
2006-12-28 22:54 81,920 --a------ C:\WINDOWS\system32\mplaa6.dll
2006-12-28 22:54 69,632 --a------ C:\WINDOWS\system32\mplapx.dll
2006-12-28 22:54 69,632 --a------ C:\WINDOWS\system32\mplam6.dll
2006-12-28 22:54 49,152 --a------ C:\WINDOWS\system32\cpuinf32.dll
2006-12-28 22:54 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-12-28 22:54 1,675,264 --a------ C:\WINDOWS\system32\mplva6.dll
2006-12-28 22:54 1,630,208 --a------ C:\WINDOWS\system32\mplvw7.dll
2006-12-28 22:54 1,581,056 --a------ C:\WINDOWS\system32\mplvm6.dll
2006-12-28 22:54 1,150,976 --a------ C:\WINDOWS\system32\mplvpx.dll
2006-12-28 22:52 51,072 --a------ C:\WINDOWS\system32\drivers\i8042prt.sys
2006-12-28 22:52 23,424 --a------ C:\WINDOWS\system32\drivers\kbdclass.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-18 20:01 -------- d-------- C:\Program Files\yahoo! games
2007-01-17 22:09 -------- d-------- C:\Program Files\msn messenger
2007-01-14 22:25 -------- d-------- C:\DOCUME~1\Owner\Application Data\adobeum
2007-01-12 22:21 -------- d-------- C:\Program Files\quicktime
2007-01-12 22:21 -------- d-------- C:\Program Files\itunes
2007-01-12 22:21 -------- d-------- C:\Program Files\aim
2007-01-12 22:19 37388 --a------ C:\WINDOWS\system32\ps2.exe
2007-01-12 22:19 37388 --a------ C:\WINDOWS\system32\hphmon05.exe
2007-01-12 22:19 37388 --a------ C:\WINDOWS\system32\hkcmd.exe
2007-01-10 22:01 -------- d-------- C:\Program Files\hijackthis
2007-01-10 21:49 -------- d-------- C:\Program Files\grisoft
2007-01-10 21:19 -------- d-------- C:\Program Files\messenger
2007-01-10 20:51 337 --a------ C:\DOCUME~1\Owner\Application Data\internaldb1942.dat
2007-01-10 16:45 -------- d-------- C:\Program Files\intermute
2007-01-10 16:00 49 --a------ C:\DOCUME~1\Owner\Application Data\internaldb6500.dat
2007-01-08 11:25 -------- d-------- C:\Program Files\partygaming
2007-01-08 11:08 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys
2007-01-06 11:37 9216 --a------ C:\DOCUME~1\Owner\Application Data\internaldb9169.dat
2007-01-06 11:37 0 --a------ C:\DOCUME~1\Owner\Application Data\internaldb5724.dat
2007-01-03 22:09 49 --a------ C:\DOCUME~1\Owner\Application Data\internaldb41.dat
2007-01-03 22:09 -------- d-------- C:\DOCUME~1\Owner\Application Data\intermute
2007-01-03 20:28 9216 --a------ C:\DOCUME~1\Owner\Application Data\internaldb8467.dat
2007-01-03 20:28 23 --a------ C:\DOCUME~1\Owner\Application Data\inifile41.ini
2007-01-03 20:28 20480 --a------ C:\DOCUME~1\Owner\Application Data\internaldb4827.dat
2007-01-03 20:28 0 --a------ C:\DOCUME~1\Owner\Application Data\internaldb6334.dat
2007-01-03 20:28 0 --a------ C:\DOCUME~1\Owner\Application Data\internaldb5436.dat
2007-01-01 21:57 -------- d--h----- C:\Program Files\windowsupdate
2006-12-30 23:33 -------- d--h----- C:\Program Files\installshield installation information
2006-12-30 23:33 -------- d-------- C:\Program Files\arcsoft
2006-12-29 00:19 -------- d-------- C:\Program Files\windows nt
2006-12-29 00:19 -------- d-------- C:\Program Files\movie maker
2006-12-28 23:42 -------- d-------- C:\Program Files\limewire
2006-12-28 23:01 -------- d-------- C:\Program Files\easy internet signup
2006-12-21 09:37 -------- d-------- C:\Program Files\Common Files\broderbund
2006-12-21 09:37 -------- d-------- C:\Program Files\broderbund
2006-12-21 09:20 -------- d-------- C:\Program Files\web publish
2006-12-17 03:39 -------- d-------- C:\Program Files\schoolhouse technologies
2006-12-17 03:38 -------- d-------- C:\Program Files\logitech
2006-12-17 03:38 -------- d-------- C:\Program Files\Common Files\roxio shared
2006-12-17 03:38 -------- d-------- C:\Program Files\Common Files\logitech
2006-12-17 03:38 -------- d-------- C:\Program Files\Common Files\adaptec shared
2006-12-17 03:38 -------- d-------- C:\DOCUME~1\Owner\Application Data\schoolhouse technologies
2006-12-16 23:37 -------- d-------- C:\Program Files\Common Files\aolshare
2006-12-16 23:37 -------- d-------- C:\Program Files\america online 9.0
2006-12-15 21:49 -------- d-------- C:\Program Files\apassistant
2006-12-15 13:15 22 --a------ C:\Program Files\hijackthis.zip
2006-12-08 17:32 -------- d-------- C:\Program Files\Common Files\aol
2006-12-08 16:55 699 --a------ C:\DOCUME~1\Owner\Application Data\adobedlm.log
2006-12-08 00:03 -------- d-------- C:\DOCUME~1\Owner\Application Data\snapfish
2006-12-05 16:07 -------- d-------- C:\DOCUME~1\Owner\Application Data\aim
2006-11-24 03:03 -------- d-------- C:\Program Files\windows live toolbar
2006-11-20 00:21 -------- d-------- C:\Program Files\wordsearch


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"RecordNow!"=""
"NVIEW"="rundll32.exe nview.dll,nViewLoadHook"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Chckup"="C:\\WINDOWS\\System32\\Netverchk.exe"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"CamMonitor"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"AutoTKit"="C:\\hp\\bin\\AUTOTKIT.EXE"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"USRpdA"="C:\\WINDOWS\\SYSTEM32\\USRmlnkA.exe RunServices \\Device\\3cpipe-USRpdA"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SDR6_Check"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcsdr.exe\""
"PAS_Check"="\"C:\\Program Files\\Common Files\\DriveCleaner Free\\udcpas.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"carbinyl"="{8d8c2387-7f80-4022-9be6-43630a969558}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"MySpaceIM"="C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"none"="C:\\Program Files\\Key Generator\\pmsngr.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job

Completion time: 07-01-19 19:45:39
rlboggs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2007, 06:50 PM   #4 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 6
OS: Win XP professional


Rapport.txt
Here is the smitfraudfix log.

SmitFraudFix v2.132

Scan done at 20:42:13.79, Fri 01/19/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8d8c2387-7f80-4022-9be6-43630a969558}"="carbinyl"

[HKEY_CLASSES_ROOT\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\System32\gwquvw.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8d8c2387-7f80-4022-9be6-43630a969558}\InProcServer32]
@="C:\WINDOWS\System32\gwquvw.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\gwquvw.dll -> Hoax.Win32.Renos.gen.i
C:\WINDOWS\System32\gwquvw.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\Owner\FAVORI~1\Online Security Test.url Deleted
C:\Program Files\Security Toolbar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
rlboggs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2007, 06:51 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 6
OS: Win XP professional


New Highjackthis log
Here is the Highjackthis log


Logfile of HijackThis v1.99.1
Scan saved at 8:47:57 PM, on 1/19/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\System32\Netverchk.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: BBYLP.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
rlboggs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-19-2007, 07:30 PM   #6 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Just these last bits to fix...

Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"


Open Windows Explorer and delete the following highlighted file/s
Also delete the following red folder/s

C:\WINDOWS\System32\Netverchk.exe
C:\Program Files\Common Files\ DriveCleaner Free

Post a new log when done....
__________________
Eddy
Last edited by Pancake; 01-19-2007 at 07:31 PM.
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 08:42 PM   #7 (permalink)
Registered User
 
Join Date: Oct 2006
Posts: 6
OS: Win XP professional


New Highjackthis log
I followed your instructions except I could not find
C:\\Windows\System 32\Netverchk.exe
I delete the the folder for DriveCleaner Free but it was not hightlighted in red.

Here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 10:37:16 PM, on 1/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\WINDOWS\SYSTEM32\USRshutA.exe
C:\WINDOWS\SYSTEM32\USRmlnkA.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [USRpdA] C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Chckup] C:\WINDOWS\System32\Netverchk.exe
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Startup: BBYLP.EXE
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.02.0000.1007\en-us\bin\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
rlboggs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-21-2007, 09:26 PM   #8 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


It all looks fine there now....
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 04:05 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85