Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Kindly urge helping me with this malware log file!!
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 01-18-2007, 02:43 AM   #1 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


Kindly urge helping me with this malware log file!!
Hi all,

Can any one have a look on this hijackthis log file please, i am using win2000 and it is about an application called urdvxc.exe which keeps appearing each time i reboot even after deleting it with hijackthis
Kindly i need your urgent help before losing anything, can i have a back up of my documents at least on a dvd or shall move the worm there too ?
Thank you very much for your support.
Logfile of HijackThis v1.99.1
Scan saved at 11:34:58, on 18.01.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT

Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\IoctlSvc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Program Files\A-DATA\USB Flash Disk

Utility\PLBkMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\QuickZip4\QuickZip.exe
C:\Program Files\Hewlett-Packard\HP

Share-to-Web\hpgs2wnf.exe
C:\HJT2\HijackThis2.exe

R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start

Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local

Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local

Page =
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyServer = 127.0.0.1:81
R1 -

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner -

{55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and

Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Yahoo! IE Services Button -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class -

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -

C:\Program Files\MSN

Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper -

{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO -

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\MSN

Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class -

{BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio -

{8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN -

{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program

Files\MSN Apps\MSN Toolbar\MSN

Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program

Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google -

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PLFFAP]

C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program

Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common

Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common

Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program

Files\Common Files\Symantec Shared\Security

Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program

Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program

Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe

/logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN

Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office OneNote 2003 Quick

Launch.lnk = C:\Program Files\Microsoft

Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search -

res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -

res://c:\program

files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search -

file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links -

res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -

res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel

- res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download

Manager... - file://C:\Program Files\J River\Media

Center\DMDownload.htm
O8 - Extra context menu item: Similar Pages -

res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English

- res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary -

file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps -

file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS -

file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker -

{0D555BC6-E331-48b3-A60E-AAC0DF79438A} -

C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker -

{0D555BC6-E331-48b3-A60E-AAC0DF79438A} -

C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services -

{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes -

{9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program

Files\Common Files\Microsoft Shared\Encarta

Researcher\EROPROJ.DLL
O9 - Extra button: (no name) -

{B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program

Files\Common Files\Microsoft Shared\Encarta Search

Bar\ENCSBAR.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1}

(ewidoOnlineScan Control) -

http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}

(YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D

ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}

(BDSCANONLINE Control) -

http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/Ms...gerSetupDownlo

ader.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{3E80B14B-2876-4F98-A90

B-E6DD1D9EE006}: NameServer = 194.102.255.2,194.102.255.3
O17 -

HKLM\System\CCS\Services\Tcpip\..\{AA50C4EF-F4C2-4010-97A

2-44BD6331D67C}: NameServer = 193.231.100.2,193.231.100.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware

Development a.s. - C:\Program Files\Grisoft\AVG

Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) -

Anti-Malware Development a.s. - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) -

Anti-Malware Development a.s. - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner -

C:\Program Files\IVT

Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -

Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service

(ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) -

Symantec Corporation - C:\Program Files\Norton Internet

Security\ccPxySvc.exe
O23 - Service: Visual Studio Debugger Proxy Service

(DbgProxy) - Creative Technology Ltd. - (no file)
O23 - Service: Logical Disk Manager Administrative

Service (dmadmin) - VERITAS Software Corp. -

C:\WINNT\System32\dmadmin.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft

- C:\Program Files\Palick Soft\HDD

Temperature\HDDTsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Windows Service (MSWindows) -

Unknown owner - C:\WINNT\system32\urdvxc.exe" /service

(file missing)
O23 - Service: Norton AntiVirus Auto Protect Service

(navapsvc) - Symantec Corporation - C:\Program

Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager

(NISUM) - Symantec Corporation - C:\Program Files\Norton

Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) -

NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific

Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner -

C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) -

Symantec Corporation -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Windows NT Session Manager (SMSS) - SMC -

(no file)
O23 - Service: Symantec Network Drivers Service (SNDSrvc)

- Symantec Corporation - C:\Program Files\Common

Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\Security Center\SymWSC.exe
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 01-20-2007, 10:07 AM   #2 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,707
OS: 2000 Pro; XP Pro; XP Home


Hello, and welcome to TSF.

Please turn off (uncheck) the Wordwrap feature in Notepad, by going to Format in the menu bar. It creates the double space effect in the HJT log, and is difficult to read.

Repost a new HJT log after doing that, please.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-20-2007, 10:12 AM   #3 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


And here is my new log thank you !!!

Logfile of HijackThis v1.99.1
Scan saved at 19:07:47, on 20.01.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\IoctlSvc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ntvdm.exe
C:\WINNT\explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\notepad.exe
C:\HJT2\HijackThis2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [00ERSRRRNKY] ;
O4 - HKLM\..\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [DeviceDiscovery] ; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] ; "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] ; "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] ; C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] ;
O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] ; C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] ; D:\Setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ChristmasTree] ; C:\Documents and Settings\Administrator\Desktop\Christmas.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] ; "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [InternetCalls] ; "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] ;
O4 - HKCU\..\Run: [ProxyWay] ; C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [SweetIM] ;
O4 - HKCU\..\Run: [TimeCalendar] ; "C:\Program Files\TimeCalendar\TC.exe" auto
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E80B14B-2876-4F98-A90B-E6DD1D9EE006}: NameServer = 194.102.255.2,194.102.255.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA50C4EF-F4C2-4010-97A2-44BD6331D67C}: NameServer = 193.231.100.2,193.231.100.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Anti-Malware Development a.s. - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Anti-Malware Development a.s. - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Visual Studio Debugger Proxy Service (DbgProxy) - Creative Technology Ltd. - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-20-2007, 08:52 PM   #4 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,707
OS: 2000 Pro; XP Pro; XP Home


Hello, hankach -

Have you run any other tools to try to assist you with this?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-23-2007, 03:19 AM   #5 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


Yes i did with SDFIX and here is my log report :

SDFix: Version 1.60

V 19.01.2007 - 17:58:26,14

Microsoft Windows 2000 [Version 5.00.2195]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
MSWindows

Path:
File Path - "C:\WINNT\system32\urdvxc.exe" /service

MSWindows Deleted
SMSS Deleted

Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Files Found..




Alternate Streams Check:

C:\WINNT\system32
No streams found.

Final Check:

Remaining Services:
------------------


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\NTDETECT.COM
C:\arcldr.exe
C:\arcsetup.exe
C:\CONFIG.SYS
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Documents and Settings\Administrator\My Documents\Desktop shortcuts\Jan 2006\Mon P- Proiect\~WRL3042.tmp
C:\Documents and Settings\Administrator\My Documents\Desktop shortcuts\Mon P- Proiect\~WRL3042.tmp
C:\Documents and Settings\Administrator\My Documents\Employees special\Mon P- Proiect\~WRL3042.tmp

Finished

Also i have run combofix and seems it found a booting worm which was deleted and my antivirus prevx didnt catch any malware afterwards? does that mean i got rid of it ?

Thank you very much .
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-23-2007, 08:36 AM   #6 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,707
OS: 2000 Pro; XP Pro; XP Home


Have you used SREng as well?

Your last HJT log showed other infections. If you want help from us, please just do as asked. I appreciate you're trying to get fixed up as soon as you can, but this makes our assistance more difficult, as we don't know the current state of your machine, or what tools you've run on your own.

Post the log from combofix.exe - C:\ComboFix.txt -(if you ran it more than once, there will be other logs, C:\ComboFix2.txt and C:\ComboFix3.txt, post them as well)

Also post a new HJT log.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-23-2007, 09:11 AM   #7 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


I tried to use Sreng but it seems didnt work well cause after started to scan it blocked several times after several trials, so i gave up .

Here is my Combofix log :

"Administrator" - S 20.01.2007 15:29:44 Service Pack 4
ComboFix 07-01-18 - Running from: "C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Spyware remove"

((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))


2007-01-19 17:46 <DIR> d-------- C:\SDFix
2007-01-18 16:26 <DIR> d-------- C:\Program Files\a-squared Free
2007-01-18 16:09 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\TEMP
2007-01-18 11:19 <DIR> d-------- C:\HJT2
2007-01-17 21:41 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2007-01-16 20:46 27,632 --a------ C:\WINNT\system\CTL3DV2.DLL
2007-01-16 20:46 <DIR> d-------- C:\CLNSYS
2007-01-16 20:40 9,216 --a------ C:\WINNT\system32\drivers\pxscinst.dll
2007-01-16 20:40 7,424 --a------ C:\WINNT\system32\drivers\pxcom.sys
2007-01-16 20:40 6,656 --a------ C:\WINNT\system32\drivers\pxinst.dll
2007-01-16 20:40 274,560 --a------ C:\WINNT\system32\drivers\pxfsf.sys
2007-01-16 20:40 18,432 --a------ C:\WINNT\system32\drivers\pxtdi.sys
2007-01-16 20:40 13,952 --a------ C:\WINNT\system32\drivers\pxrd.sys
2007-01-16 20:40 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys
2007-01-16 20:40 101,376 --a------ C:\WINNT\system32\drivers\PxEmu.sys
2007-01-16 20:40 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Prevx
2007-01-16 20:39 <DIR> d-------- C:\Program Files\Prevx1
2007-01-16 20:39 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Prevx
2007-01-16 20:16 <DIR> d-------- C:\Program Files\WhatsRunning
2007-01-16 15:39 <DIR> d-------- C:\Program Files\iTunes
2007-01-16 15:39 <DIR> d-------- C:\Program Files\iPod
2007-01-16 15:39 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\Apple Computer
2007-01-16 15:36 <DIR> d-------- C:\Program Files\QuickTime
2007-01-16 15:32 <DIR> d-------- C:\Program Files\Apple Software Update
2007-01-16 15:26 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\Application Data\Apple Computer
2007-01-14 22:33 <DIR> d-------- C:\Program Files\ImageForge3
2007-01-14 22:33 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\CursorArts
2007-01-13 13:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\System
2007-01-13 13:48 <DIR> d-------- C:\DOCUME~1\ADMINI~1\Application Data\SmartDraw
2007-01-13 13:37 <DIR> d-------- C:\Program Files\SmartDraw 2007
2007-01-13 13:27 <DIR> d-------- C:\Poster7
2007-01-13 12:54 <DIR> d-------- C:\Program Files\HDCleaner


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-20 13:14 4537 --a------ C:\DOCUME~1\ADMINI~1\Application Data\quickzip45.ini
2007-01-20 13:13 -------- d-------- C:\Program Files\insc
2007-01-19 18:11 -------- d-------- C:\Program Files\Common Files\symantec shared
2007-01-18 12:18 -------- d-------- C:\Program Files\yahoo! status manager
2007-01-18 12:18 -------- d-------- C:\Program Files\uninstallability
2007-01-18 12:17 -------- d-------- C:\Program Files\sure delete
2007-01-18 12:12 -------- d-------- C:\Program Files\regcleaner
2007-01-18 12:10 -------- d-------- C:\Program Files\norton internet security
2007-01-17 21:41 -------- d-------- C:\Program Files\grisoft
2007-01-16 19:53 -------- d-------- C:\Program Files\taskmaster
2007-01-16 19:52 -------- d-------- C:\Program Files\swizztool
2007-01-16 19:50 -------- d-------- C:\Program Files\free sticky notes
2007-01-14 22:37 -------- d-------- C:\Program Files\pc image editor
2007-01-13 19:59 -------- d-------- C:\Program Files\quickzip4
2007-01-12 11:38 -------- d-------- C:\Program Files\mozilla.org
2007-01-12 11:35 -------- d-------- C:\Program Files\mozilla firefox
2007-01-09 20:52 -------- d-------- C:\Program Files\ac3filter
2006-12-12 12:28 -------- d--h----- C:\DOCUME~1\ADMINI~1\Application Data\yahoo!
2006-12-07 20:36 -------- d-------- C:\Program Files\uninstall password generator
2006-12-07 20:36 -------- d-------- C:\Program Files\password generator
2006-12-07 15:28 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\adobeum
2006-11-30 19:00 -------- d-------- C:\DOCUME~1\ADMINI~1\Application Data\internetcalls
2006-11-30 18:58 -------- d-------- C:\Program Files\internetcalls.com
2006-11-17 19:52 274228 --a------ C:\WINNT\pc image editor uninstaller.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="ctfmon.exe"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"ChristmasTree"="; C:\\Documents and Settings\\Administrator\\Desktop\\Christmas.exe"
"IE Privacy Keeper"="; \"C:\\Program Files\\UnH Solutions\\IE Privacy Keeper\\IEPrivacyKeeper.exe\" -startup"
"InternetCalls"="; \"C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe\" -nosplash -minimized"
"MyWebSearch Email Plugin"="; "
"ProxyWay"="; C:\\Program Files\\ProxyWay\\proxyway.exe"
"SweetIM"="; "
"TimeCalendar"="; \"C:\\Program Files\\TimeCalendar\\TC.exe\" auto"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet"
"PCTVOICE"="pctspk.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PLFFAP"="C:\\WINNT\\system32\\HotfixQ0306270.exe"
"ADATA_PLUtil"="C:\\Program Files\\A-DATA\\USB Flash Disk Utility\\PLBkMon.exe"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\Quickset.exe"
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
"Synchronization Manager"="mobsync.exe /logon"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"00ERSRRRNKY"="; "
"DataLayer"="; C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe"
"DeviceDiscovery"="; C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpotdd01.exe"
"HP Component Manager"="; \"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="; \"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd.exe\""
"HPDJ Taskbar Utility"="; C:\\WINNT\\system32\\spool\\drivers\\w32x86\\3\\hpztsb09.exe"
"iTunesHelper"="; \"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Nokia Tray Application"="; "
"PCSuiteTrayApplication"="; C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray"
"QuickTime Task"="; \"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Share-to-Web Namespace Daemon"="; C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
"SunJavaUpdateSched"="; C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"zzzHPSETUP"="; D:\\Setup.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Disabled]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"UninstallAbility"="\"C:\\Program Files\\UninstallAbility\\uability.exe\" /AUTO"
"TimeCalendar"="\"C:\\Program Files\\TimeCalendar\\TC.exe\" auto"
"Yahoo! Pager"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"CorelDRAW Graphics Suite 11b"="C:\\Program Files\\Corel\\Corel Graphics 12\\Languages\\EN\\Programs\\Registration.exe /title=\"CorelDRAW Graphics Suite 12\" /date=052005 serial=dr12wex-1504397-kty lang=EN"
"SwizzTool"="C:\\Program Files\\SwizzTool\\SwizzTool.exe"
"Synchronization Manager"="mobsync.exe /logon"
"RemoteControl"="C:\\Program Files\\Roxio\\Roxio DVDMax Player\\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^AbsoluteShield Internet Eraser.lnk]
"location"="Startup"
"item"="AbsoluteShield Internet Eraser"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MRU-Blaster Scheduler.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\MRU-BL~1\\SCHEDU~1.EXE "
"item"="MRU-Blaster Scheduler"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MRU-Blaster Silent Clean.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\MRU-BL~1\\MRUBLA~1.EXE -silent"
"item"="MRU-Blaster Silent Clean"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"location"="Startup"
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Screen Saver Control.lnk]
"location"="Startup"
"command"="C:\\WINNT\\FSScrCtl.exe "
"item"="Screen Saver Control"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Shortcut to Free Sticky Notes.LNK.disabled]
"location"="Startup"
"item"="Shortcut to Free Sticky Notes.LNK"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Webshots.lnk]
"location"="Startup"
"command"="C:\\PROGRA~1\\Webshots\\Launcher.exe /t"
"item"="Webshots"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\IVTCOR~1\\BLUESO~1\\BLUESO~1.EXE "
"item"="BlueSoleil"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"location"="Common Startup"
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PGPtray.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\NETWOR~1\\PGPNT\\PGPTray.exe "
"item"="PGPtray"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~4\\SonyTray.exe "
"item"="Picture Package Menu"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\SONYCO~1\\PICTUR~1\\PICTUR~1\\RESIDE~1.EXE -h"
"item"="Picture Package VCD Maker"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MI6841~1\\80\\Tools\\Binn\\sqlmangr.exe /n"
"item"="Service Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=dword:00000000
"Btn_Search"=dword:00000000
"NoBandCustomize"=dword:00000000
"NoToolbarCustomize"=dword:00000000
"NoLowDiskSpaceChecks"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ http://liftoff.msfc.nasa.gov/RealTim...k/Desktop.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
rpcss REG_MULTI_SZ RpcSs\0\0
wugroup REG_MULTI_SZ wuauserv\0\0
BITSgroup REG_MULTI_SZ BITS\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
WmdmPmSN
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_FSBL


Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\AppleSoftwareUpdate.job
C:\WINNT\tasks\Norton AntiVirus - Scan my computer.job
C:\WINNT\tasks\SDMsgUpdate (TE).job
C:\WINNT\tasks\Symantec NetDetect.job
C:\WINNT\tasks\{93A14959-5459-4E08-A450-FA6433BF308D}_USEE_Administrator.job

Completion time: Sat 2007-01-20 15:57:28
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-23-2007, 09:14 AM   #8 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


And here is a new hijack log


Logfile of HijackThis v1.99.1
Scan saved at 15:46:12, on 23.01.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\IoctlSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Outlook Express\msimn.exe
C:\HJT2\HijackThis2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [00ERSRRRNKY] ;
O4 - HKLM\..\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [DeviceDiscovery] ; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] ; "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] ; "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] ; C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Nokia Tray Application] ;
O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] ; C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] ; D:\Setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ChristmasTree] ; C:\Documents and Settings\Administrator\Desktop\Christmas.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] ; "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [InternetCalls] ; "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] ;
O4 - HKCU\..\Run: [ProxyWay] ; C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [SweetIM] ;
O4 - HKCU\..\Run: [TimeCalendar] ; "C:\Program Files\TimeCalendar\TC.exe" auto
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E80B14B-2876-4F98-A90B-E6DD1D9EE006}: NameServer = 194.102.255.2,194.102.255.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA50C4EF-F4C2-4010-97A2-44BD6331D67C}: NameServer = 193.231.100.2,193.231.100.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Anti-Malware Development a.s. - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Anti-Malware Development a.s. - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Visual Studio Debugger Proxy Service (DbgProxy) - Creative Technology Ltd. - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-23-2007, 09:22 AM   #9 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,707
OS: 2000 Pro; XP Pro; XP Home


Thanks for the info. Let's perform a through cleaning, to make sure all is well.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Before begining the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

I see you have AVG Anti-Spyware already. Please update it's definitions, and run a scan where I have placed it in this fix.

Run AVG Anti-Spyware
  • From the main screen, click on update, then click the Start
    update     button.
  • After the update finishes (the status bar at the bottom will display "Update
    successful")
  • select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"
  • Exit AVG Anti-Spyware. DO NOT scan yet.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only We'll use this shortly.

-----------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O4 - HKLM\..\Run: [00ERSRRRNKY] ;
O4 - HKLM\..\Run: [Nokia Tray Application] ;
O4 - HKCU\..\Run: [ChristmasTree] ; C:\Documents and Settings\Administrator\Desktop\Christmas.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] ;
O4 - HKCU\..\Run: [SweetIM] ;


Close HijackThis now.

---------------------------------------------------------------------------------------------

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.


Delete the following if they exist:

C:\Documents and Settings\Administrator\Desktop\Christmas.exe

---------------------------------------------------------------------------------------------

  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

Restart in normal mode.

---------------------------------------------------------------------------------------------

Establish an internet connection & perform an online scan using Internet Explorer at http://www.kaspersky.com/service?chapter=161739400

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save Report As button.
  • Select txt file from the dropdown menu, to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

AVG Anti-Spyware
Kaspersky online scan
HJT

How is your system behaving now, please?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-24-2007, 02:22 AM   #10 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


Dear Tetonbob,

I followed your instructions and here are the results :

My AVG report:---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 22:58:53 23.01.2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\HTASSstp -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ATLAssLib -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-1292428093-1708537768-1343024091-500\Software\KMiNT21 -> Adware.DesktopSpyAgent : Cleaned with backup (quarantined).
HKU\S-1-5-21-1292428093-1708537768-1343024091-500\Software\KMiNT21\PersonalInspector -> Adware.DesktopSpyAgent : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\block-checker(msn).exe/1 -> Adware.IMAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\block-checker(msn)2.exe/1 -> Adware.IMAd : Cleaned with backup (quarantined).
C:\Program Files\Jufsoft\BadCopy\Recovered\File237.EXE/1 -> Adware.IMAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Media\MsgPlus-254.exe/sponsor.exe -> Downloader.Swizzor.ag : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\wink\WINKJAP1126.0XE -> Downloader.VB.oc : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\wink\cat wink file.zip/winkjap1126.exe -> Downloader.VB.oc : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\SmileyCentralSetup2.0.4.0.exe -> Dropper.Small : Cleaned with backup (quarantined).


::Report end




My Kaspersky online scan report :

KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 24, 2007 1145 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/01/2007
Kaspersky Anti-Virus database records: 261223


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\

Scan Statistics
Total number of scanned objects 85595
Number of viruses found 33
Number of infected objects 195 / 0
Number of suspicious objects 0
Duration of the scan process 03:18:16

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\Prevx\proc.cat Object is locked skipped

C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007012320070124\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrator\My Documents\Cd copy of Marycor\My Documents\ericsson melodies\nokia msn manager\HLXBLLKV.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Documents and Settings\Administrator\My Documents\Employees special\Interview questions and tips\MSN Careers - Interview Tricks Are No Treat_files\SRLHVJEW.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Spyware remove\dietk_3_0_8 kazaa spywares removal.exe/Stream/data0046 Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Spyware remove\dietk_3_0_8 kazaa spywares removal.exe/Stream Infected: not-a-virus:AdWare.Win32.Cydoor skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Spyware remove\dietk_3_0_8 kazaa spywares removal.exe Inno: infected - 2 skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.180Solutions skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0006/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0006/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0006/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe/stream Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe NSIS: infected - 10 skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.180Solutions skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0002/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0002/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0002/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0002/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0002/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0002/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe/stream Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe NSIS: infected - 10 skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe/ss20030521.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe/ss20030521.exe/v2.0.3.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe/ss20030521.exe/v2.0.3.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe/ss20030521.exe/v2.0.3.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe/ss20030521.exe/v2.0.3.cab Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe/ss20030521.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe Gentee: infected - 6 skipped

C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Prevx\Local.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Internet Security\Log\Confdntl.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Internet Security\Log\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Internet Security\Log\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Internet Security\Log\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Internet Security\Log\Spam.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Norton Internet Security\Log\WebHist.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\BBEJETEE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\QRNRBRTR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\VSJWSCEN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\NQTKCZRN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\VHNBTTXK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\HXXNEBZS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\VWETTHEW.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\frame\CNBWHJES.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\EHETTHTE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\QHSWWVWK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\Jufsoft\BadCopy\Recovered\File147.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

C:\Program Files\Jufsoft\BadCopy\Recovered\File168.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.af skipped

C:\Program Files\Jufsoft\BadCopy\Recovered\File194.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.f skipped

C:\Program Files\Jufsoft\BadCopy\Recovered\File359.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.ad skipped

C:\Program Files\Jufsoft\BadCopy\Recovered\File67.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.z skipped

C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton AntiVirus\Quarantine\0A6966A1.0 Infected: Trojan-Downloader.Win32.Agent.aox skipped

C:\Program Files\Norton AntiVirus\Quarantine\0E151679.0 Infected: Email-Worm.Win32.Bagle.gen skipped

C:\Program Files\Norton AntiVirus\Quarantine\13204BCE.0 Infected: Email-Worm.Win32.Bagle.gen skipped

C:\Program Files\Norton AntiVirus\Quarantine\1C5A603C.0 Infected: Trojan-Downloader.Win32.Small.dkt skipped

C:\Program Files\Norton AntiVirus\Quarantine\232D7864.0 Infected: Email-Worm.Win32.Bagle.gen skipped

C:\Program Files\Norton AntiVirus\Quarantine\443975C2.0XE Infected: Trojan-Downloader.Win32.Tibs.hh skipped

C:\Program Files\Norton AntiVirus\Quarantine\49037818.0 Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program Files\Norton AntiVirus\Quarantine\4AE53C6B.0 Infected: Trojan-Downloader.Win32.Obfuscated.n skipped

C:\Program Files\Norton AntiVirus\Quarantine\4B5B23E9.0 Infected: Trojan-Downloader.Win32.Agent.aly skipped

C:\Program Files\Norton AntiVirus\Quarantine\4B684BDB.0 Infected: Trojan-Downloader.Win32.Small.dht skipped

C:\Program Files\Norton AntiVirus\Quarantine\4B6B75D7.0 Infected: Trojan-Downloader.Win32.Small.dht skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D101E08.0 Infected: Trojan-Downloader.Win32.Obfuscated.n skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D4B11C7.0 Infected: Trojan-Downloader.Win32.Agent.hy skipped

C:\Program Files\Norton AntiVirus\Quarantine\4D685024.0XE Infected: Trojan-PSW.Win32.Sinowal.al skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DAA535F/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DAA535F/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DAA535F/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DAA535F ZIP: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DAA535F CryptFF: infected - 3 skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DBD4F49.0 Infected: Trojan-PSW.Win32.Sinowal.al skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DF26F10.0 Infected: Trojan-Downloader.Win32.Ani.c skipped

C:\Program Files\Norton AntiVirus\Quarantine\4DF5190C.0 Infected: Trojan-Downloader.Win32.Tibs.hh skipped

C:\Program Files\Norton AntiVirus\Quarantine\4E0240FE.0 Infected: Exploit.Win32.IMG-WMF.v skipped

C:\Program Files\Norton AntiVirus\Quarantine\4E2364DA.0 Infected: Trojan-Downloader.Win32.Agent.acd skipped

C:\Program Files\Norton AntiVirus\Quarantine\55F912CF.0 Infected: Email-Worm.Win32.Bagle.gen skipped

C:\Program Files\Norton AntiVirus\Quarantine\66B62616.0 Infected: Trojan-Downloader.Win32.Small.cyb skipped

C:\Program Files\Norton AntiVirus\Quarantine\6A642BC2.0/EXE-file Infected: Trojan-Spy.Win32.Agent.nl skipped

C:\Program Files\Norton AntiVirus\Quarantine\6A642BC2.0 Embedded EXE: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\6A642BC2.0 UPX: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\6A642BC2.0 CryptFF: infected - 1 skipped

C:\Program Files\Norton AntiVirus\Quarantine\6D423C0B.0 Infected: Email-Worm.Win32.Bagle.gen skipped

C:\Program Files\Norton AntiVirus\Quarantine\6D600516.0 Infected: Email-Worm.Win32.Bagle.gh skipped

C:\Program Files\Norton AntiVirus\Quarantine\714C60BD.0 Infected: Email-Worm.Win32.Bagle.gen skipped

C:\Program Files\Norton AntiVirus\Quarantine\743C56F6.0 Infected: Trojan-Downloader.Win32.VB.oc skipped

C:\Program Files\Norton AntiVirus\Quarantine\74422AEE.0 Infected: Trojan-Downloader.Win32.VB.oc skipped

C:\Program Files\Norton AntiVirus\Quarantine\7F3019D0.0 Infected: Trojan.Win32.Agent.rw skipped

C:\Program Files\Norton AntiVirus\Quarantine\7F980C35.0XE Infected: Trojan-PSW.Win32.Sinowal.al skipped

C:\Program Files\Norton Internet Security\nisum.dat Object is locked skipped

C:\Program Files\Prevx1\lclbrk.cache Object is locked skipped

C:\Program Files\Prevx1\log\px-log.txt Object is locked skipped

C:\Program Files\Prevx1\paws.cache Object is locked skipped

C:\Program Files\Prevx1\prevx.cache Object is locked skipped

C:\Program Files\SmartDraw 2007\Tooltips\BEJKNHJT.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BHKSWNNV.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BKSRTTEK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BNXWCZRJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BSQJHWJS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BTLSSSBJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BVVCETWV.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BXKZLLQR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\BXTSCTXB.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\CCJJLBXL.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\CJVSSSKW.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\CKXKKHWN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\EBJLRERJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\EBSQRWZK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ELLBKBTL.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ENHLHXRS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\EQLWVEBB.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ETTVTNER.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\HCCJLWHE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\HHKKLLBZ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\HKHEBJBZ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\HLKRCVJB.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\HLLNHVVT.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\HRESLJSE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\HRHRHXNX.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\JBBKXQWS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\JLEHSKBR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\JSLXSWTV.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\JSRHTRVE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\JTJTBJEH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\JTNKSECS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\JVQWJELE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KCRBBKTK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KHJBTWHH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KJBQTLTZ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KKQRWZSB.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KKTSSJLR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KNREBBZZ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KRKKLSKL.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KRRKNJTS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KSSCTKNR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\KWCNRRSH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LBCKXNTT.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LHXBQQHC.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LKQJEHTZ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LNSKZBSE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LNWNRRLH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LQBSWXNZ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LRJKBSRN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LSBLQLHL.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LSEZCCHH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\LWSHBQWQ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NBEKBJSH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NBXTHNTS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NJRNHXRK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NLHTBCWL.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NSNTCNLN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NSXSJTRC.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NTLZBTTH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\NXLTBLTR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\QHEVRLSJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\QJQJJQNL.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RCKCKJLR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RHLRZSQQ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RHNNHCSX.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RKJXJRKH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RKSEZTJS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RLJEBBZX.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RLNSKHRX.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RNKJKBBK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RRENWLQN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\RTJXHNEK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SKJNKLKW.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SKRHXBKT.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SKZNZWJX.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SLTSNQRE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SLVWHSLS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SSKLJEEB.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SSNCNHET.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SSVEBBSV.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SSZTKHBK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SVLHJJKE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\SWHTRBBJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\TENRBQXN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\TLTRVRSQ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\TRTHKLHJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\TSBQHEBL.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\TVTRJNRE.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\VECLHSNJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\VHJCQJRS.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\VJVTBLXC.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\VJWEHNVT.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\VTNKRNHJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\WBLSRZHN.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\WKELHZLH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\WKQESBHT.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\WSSWNHQR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\XLJKKLJC.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\XNBJQQXJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\XNLHSRSH.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\XQLBHHTJ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ZHRRNLSQ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ZJZHRETT.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ZKQJLWLV.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ZNVERELZ.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ZWKCQWQK.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ZWSWXSLR.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\Program Files\SmartDraw 2007\Tooltips\ZXRVRQXB.0XE Infected: Net-Worm.Win32.Allaple.b skipped

C:\WINNT\CSC\00000001 Object is locked skipped

C:\WINNT\Debug\ipsecpa.log Object is locked skipped

C:\WINNT\Debug\oakley.log Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\SchedLgU.Txt Object is locked skipped

C:\WINNT\Sti_Trace.log Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\default Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\software Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\system Object is locked skipped

C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

C:\WINNT\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped

Scan process completed.


And finally my New Hijack report:
Logfile of HijackThis v1.99.1
Scan saved at 11:11:23, on 24.01.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\IoctlSvc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\HJT2\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [DeviceDiscovery] ; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] ; "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] ; "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] ; C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] ; C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zzzHPSETUP] ; D:\Setup.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IE Privacy Keeper] ; "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [InternetCalls] ; "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ProxyWay] ; C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [TimeCalendar] ; "C:\Program Files\TimeCalendar\TC.exe" auto
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E80B14B-2876-4F98-A90B-E6DD1D9EE006}: NameServer = 194.102.255.2,194.102.255.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA50C4EF-F4C2-4010-97A2-44BD6331D67C}: NameServer = 193.231.100.2,193.231.100.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Anti-Malware Development a.s. - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Anti-Malware Development a.s. - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Visual Studio Debugger Proxy Service (DbgProxy) - Creative Technology Ltd. - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Awaiting your reply , many thanks .
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-24-2007, 08:38 AM   #11 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,707
OS: 2000 Pro; XP Pro; XP Home


Please use Symantec's guide to remove the Norton Quarantine files.

Or simply delete the contents of this folder:

C:\Program Files\Norton AntiVirus\Quarantine

---------------------------------------------------

A couple of your applications seem to be infected with worms, and suspect. If you did not install these programs from the original CD, or creator's website download, you should consider uninstalling them completely.

C:\Program Files\SmartDraw 2007\Tooltips
C:\Program Files\InterActual\InterActual Player
C:\Program Files\Jufsoft

Download Pocket Killbox and unzip the exe file to your desktop.

Launch KillBox.exe & select the following options:
  • Delete on Reboot
  • End Explorer Shell While Killing File
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy
  • C:\Documents and Settings\Administrator\My Documents\Cd copy of Marycor\My Documents\ericsson melodies\nokia msn manager\HLXBLLKV.0XE
    C:\Documents and Settings\Administrator\My Documents\Employees special\Interview questions and tips\MSN Careers - Interview Tricks Are No Treat_files\SRLHVJEW.0XE
    C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Spyware remove\dietk_3_0_8 kazaa spywares removal.exe
    C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Animated-Emoticons.exe
    C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\Install-Mood-Pictures(msn display pictures).exe
    C:\Documents and Settings\Administrator\My Documents\My Received Files\Soft\Windows related\WaveInstscreensaver.exe
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\BBEJETEE.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\QRNRBRTR.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x\win\frame\VSJWSCEN.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\NQTKCZRN.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000008\t2x2\VHNBTTXK.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\HXXNEBZS.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\VWETTHEW.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x\win\frame\CNBWHJES.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\EHETTHTE.0XE
    C:\Program Files\InterActual\InterActual Player\Patches\artisan\10000017000024000010\t2x2\QHSWWVWK.0XE
    C:\Program Files\Jufsoft\BadCopy\Recovered\File147.EXE
    C:\Program Files\Jufsoft\BadCopy\Recovered\File168.EXE
    C:\Program Files\Jufsoft\BadCopy\Recovered\File194.EXE
    C:\Program Files\Jufsoft\BadCopy\Recovered\File359.EXE
    C:\Program Files\Jufsoft\BadCopy\Recovered\File67.EXE
    C:\Program Files\SmartDraw 2007\Tooltips\BEJKNHJT.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BHKSWNNV.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BKSRTTEK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BNXWCZRJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BSQJHWJS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BTLSSSBJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BVVCETWV.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BXKZLLQR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\BXTSCTXB.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\CCJJLBXL.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\CJVSSSKW.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\CKXKKHWN.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\EBJLRERJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\EBSQRWZK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ELLBKBTL.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ENHLHXRS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\EQLWVEBB.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ETTVTNER.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\HCCJLWHE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\HHKKLLBZ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\HKHEBJBZ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\HLKRCVJB.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\HLLNHVVT.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\HRESLJSE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\HRHRHXNX.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\JBBKXQWS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\JLEHSKBR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\JSLXSWTV.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\JSRHTRVE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\JTJTBJEH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\JTNKSECS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\JVQWJELE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KCRBBKTK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KHJBTWHH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KJBQTLTZ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KKQRWZSB.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KKTSSJLR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KNREBBZZ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KRKKLSKL.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KRRKNJTS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KSSCTKNR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\KWCNRRSH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LBCKXNTT.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LHXBQQHC.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LKQJEHTZ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LNSKZBSE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LNWNRRLH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LQBSWXNZ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LRJKBSRN.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LSBLQLHL.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LSEZCCHH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\LWSHBQWQ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NBEKBJSH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NBXTHNTS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NJRNHXRK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NLHTBCWL.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NSNTCNLN.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NSXSJTRC.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NTLZBTTH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\NXLTBLTR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\QHEVRLSJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\QJQJJQNL.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RCKCKJLR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RHLRZSQQ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RHNNHCSX.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RKJXJRKH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RKSEZTJS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RLJEBBZX.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RLNSKHRX.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RNKJKBBK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RRENWLQN.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\RTJXHNEK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SKJNKLKW.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SKRHXBKT.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SKZNZWJX.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SLTSNQRE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SLVWHSLS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SSKLJEEB.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SSNCNHET.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SSVEBBSV.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SSZTKHBK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SVLHJJKE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\SWHTRBBJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\TENRBQXN.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\TLTRVRSQ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\TRTHKLHJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\TSBQHEBL.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\TVTRJNRE.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\VECLHSNJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\VHJCQJRS.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\VJVTBLXC.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\VJWEHNVT.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\VTNKRNHJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\WBLSRZHN.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\WKELHZLH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\WKQESBHT.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\WSSWNHQR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\XLJKKLJC.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\XNBJQQXJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\XNLHSRSH.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\XQLBHHTJ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ZHRRNLSQ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ZJZHRETT.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ZKQJLWLV.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ZNVERELZ.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ZWKCQWQK.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ZWSWXSLR.0XE
    C:\Program Files\SmartDraw 2007\Tooltips\ZXRVRQXB.0XE
    C:\WINNT\system32\f3PSSavr.scr
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* KillBox will alert you the files will be deleted on next reboot, click Yes
* When asked to Reboot, select Yes

Click OK at any PendingFileRenameOperations prompt, and let us know if you receive this message.

Also, if the computer does not restart automatically, please restart it manually.


---------------------------------------------------------------------------------------------

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

Download Blockrem from HERE
  • Unzip it to its own folder on your desktop.
  • Boot your computer to safe mode by rebooting and tapping the F8 button repeatedly until it brings up a boot menu.
    From that menu, select Safe Mode by using the arrow keys to highlight it then pressing enter.
  • Once in safe mode open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.
  • Once it is running please follow the onscreen instructions.
  • Reboot and post a HijackThis log.

---------------------------------------------------------------------------------------------

How is your system behaving now, please?
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-24-2007, 12:30 PM   #12 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


While proceeding with programs downloads i 've received this alert fm NAV

(java.sun.com (72.5.124.55) http(80)
C:\program files\java\jre 1.6.0\bin\jusched.exe

was trying to connect to the internet , is it a threat or something dangerous or is it the new java that i've downloaded ??

Thank you , once i finish all instructions i'll post back .
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-24-2007, 01:55 PM   #13 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,707
OS: 2000 Pro; XP Pro; XP Home


Quote:
(java.sun.com (72.5.124.55) http(80)
C:\program files\java\jre 1.6.0\bin\jusched.exe
That's the new java, trying to access the internet.

http://www.liutilities.com/products/...brary/jusched/

Description:
jusched.exe is a process installed alongside Sun Microsystem's Java suite and checks for Java updates which involves usage of the Internet. This program is important for the stable and secure running of your computer's Internet browsing and Java usage and should not be terminated.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-25-2007, 02:52 AM   #14 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


Please help!

After finishing the scan i clicked an item and the next icon , then move incurable and when i looked down i found out that two programs which are not viruses but (probably trojan ) were moved , i tried to run those programs but shortcut was missing ? then i went to quarantine and pasted them back to their path!
Last edited by hankach; 01-25-2007 at 03:20 AM.
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-25-2007, 05:03 AM   #15 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


Following to your instructions here are my logs:

Hijackthis report

Logfile of HijackThis v1.99.1
Scan saved at 13:57:05, on 25.01.2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\IoctlSvc.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\pctspk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\HotfixQ0306270.exe
C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\VFSWRA~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\HJT2\HijackThis2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PLFFAP] C:\WINNT\system32\HotfixQ0306270.exe
O4 - HKLM\..\Run: [ADATA_PLUtil] C:\Program Files\A-DATA\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [DeviceDiscovery] ; C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] ; "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] ; "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] ; C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] ; C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [zzzHPSETUP] ; D:\Setup.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [IE Privacy Keeper] ; "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [InternetCalls] ; "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized
O4 - HKCU\..\Run: [ProxyWay] ; C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [TimeCalendar] ; "C:\Program Files\TimeCalendar\TC.exe" auto
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E80B14B-2876-4F98-A90B-E6DD1D9EE006}: NameServer = 194.102.255.2,194.102.255.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA50C4EF-F4C2-4010-97A2-44BD6331D67C}: NameServer = 193.231.100.2,193.231.100.3
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Anti-Malware Development a.s. - (no file)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - Anti-Malware Development a.s. - (no file)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Visual Studio Debugger Proxy Service (DbgProxy) - Creative Technology Ltd. - (no file)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\Palick Soft\HDD Temperature\HDDTsvc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINNT\system32\IoctlSvc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Dr web report

BEJKNHJT.0XE C:\!KillBox Trojan.Starman Deleted.
BHKSWNNV.0XE C:\!KillBox Trojan.Starman Deleted.
BKSRTTEK.0XE C:\!KillBox Trojan.Starman Deleted.
BNXWCZRJ.0XE C:\!KillBox Trojan.Starman Deleted.
BSQJHWJS.0XE C:\!KillBox Trojan.Starman Deleted.
BTLSSSBJ.0XE C:\!KillBox Trojan.Starman Deleted.
BVVCETWV.0XE C:\!KillBox Trojan.Starman Deleted.
BXKZLLQR.0XE C:\!KillBox Trojan.Starman Deleted.
BXTSCTXB.0XE C:\!KillBox Trojan.Starman Deleted.
CCJJLBXL.0XE C:\!KillBox Trojan.Starman Deleted.
CJVSSSKW.0XE C:\!KillBox Trojan.Starman Deleted.
CKXKKHWN.0XE C:\!KillBox Trojan.Starman Deleted.
EBJLRERJ.0XE C:\!KillBox Trojan.Starman Deleted.
EBSQRWZK.0XE C:\!KillBox Trojan.Starman Deleted.
ELLBKBTL.0XE C:\!KillBox Trojan.Starman Deleted.
ENHLHXRS.0XE C:\!KillBox Trojan.Starman Deleted.
EQLWVEBB.0XE C:\!KillBox Trojan.Starman Deleted.
ETTVTNER.0XE C:\!KillBox Trojan.Starman Deleted.
f3PSSavr.scr C:\!KillBox Adware.Msearch Incurable.Moved.
f3PSSavr.scr( 1) C:\!KillBox Adware.Msearch Incurable.Moved.
File147.EXE C:\!KillBox Adware.Msearch Incurable.Moved.
File168.EXE C:\!KillBox Trojan.Isbar.438 Deleted.
HCCJLWHE.0XE C:\!KillBox Trojan.Starman Deleted.
HHKKLLBZ.0XE C:\!KillBox Trojan.Starman Deleted.
HKHEBJBZ.0XE C:\!KillBox Trojan.Starman Deleted.
HLKRCVJB.0XE C:\!KillBox Trojan.Starman Deleted.
HLLNHVVT.0XE C:\!KillBox Trojan.Starman Deleted.
HLXBLLKV.0XE C:\!KillBox Trojan.Starman Deleted.
HRESLJSE.0XE C:\!KillBox Trojan.Starman Deleted.
HRHRHXNX.0XE C:\!KillBox Trojan.Starman Deleted.
JBBKXQWS.0XE C:\!KillBox Trojan.Starman Deleted.
JLEHSKBR.0XE C:\!KillBox Trojan.Starman Deleted.
JSLXSWTV.0XE C:\!KillBox Trojan.Starman Deleted.
JSRHTRVE.0XE C:\!KillBox Trojan.Starman Deleted.
JTJTBJEH.0XE C:\!KillBox Trojan.Starman Deleted.
JTNKSECS.0XE C:\!KillBox Trojan.Starman Deleted.
JVQWJELE.0XE C:\!KillBox Trojan.Starman Deleted.
KCRBBKTK.0XE C:\!KillBox Trojan.Starman Deleted.
KHJBTWHH.0XE C:\!KillBox Trojan.Starman Deleted.
KJBQTLTZ.0XE C:\!KillBox Trojan.Starman Deleted.
KKQRWZSB.0XE C:\!KillBox Trojan.Starman Deleted.
KKTSSJLR.0XE C:\!KillBox Trojan.Starman Deleted.
KNREBBZZ.0XE C:\!KillBox Trojan.Starman Deleted.
KRKKLSKL.0XE C:\!KillBox Trojan.Starman Deleted.
KRRKNJTS.0XE C:\!KillBox Trojan.Starman Deleted.
KSSCTKNR.0XE C:\!KillBox Trojan.Starman Deleted.
KWCNRRSH.0XE C:\!KillBox Trojan.Starman Deleted.
LBCKXNTT.0XE C:\!KillBox Trojan.Starman Deleted.
LHXBQQHC.0XE C:\!KillBox Trojan.Starman Deleted.
LKQJEHTZ.0XE C:\!KillBox Trojan.Starman Deleted.
LNSKZBSE.0XE C:\!KillBox Trojan.Starman Deleted.
LNWNRRLH.0XE C:\!KillBox Trojan.Starman Deleted.
LQBSWXNZ.0XE C:\!KillBox Trojan.Starman Deleted.
LRJKBSRN.0XE C:\!KillBox Trojan.Starman Deleted.
LSBLQLHL.0XE C:\!KillBox Trojan.Starman Deleted.
LSEZCCHH.0XE C:\!KillBox Trojan.Starman Deleted.
LWSHBQWQ.0XE C:\!KillBox Trojan.Starman Deleted.
NBEKBJSH.0XE C:\!KillBox Trojan.Starman Deleted.
NBXTHNTS.0XE C:\!KillBox Trojan.Starman Deleted.
NJRNHXRK.0XE C:\!KillBox Trojan.Starman Deleted.
NLHTBCWL.0XE C:\!KillBox Trojan.Starman Deleted.
NSNTCNLN.0XE C:\!KillBox Trojan.Starman Deleted.
NSXSJTRC.0XE C:\!KillBox Trojan.Starman Deleted.
NTLZBTTH.0XE C:\!KillBox Trojan.Starman Deleted.
NXLTBLTR.0XE C:\!KillBox Trojan.Starman Deleted.
QHEVRLSJ.0XE C:\!KillBox Trojan.Starman Deleted.
QJQJJQNL.0XE C:\!KillBox Trojan.Starman Deleted.
RCKCKJLR.0XE C:\!KillBox Trojan.Starman Deleted.
RHLRZSQQ.0XE C:\!KillBox Trojan.Starman Deleted.
RHNNHCSX.0XE C:\!KillBox Trojan.Starman Deleted.
RKJXJRKH.0XE C:\!KillBox Trojan.Starman Deleted.
RKSEZTJS.0XE C:\!KillBox Trojan.Starman Deleted.
RLJEBBZX.0XE C:\!KillBox Trojan.Starman Deleted.
RLNSKHRX.0XE C:\!KillBox Trojan.Starman Deleted.
RNKJKBBK.0XE C:\!KillBox Trojan.Starman Deleted.
RRENWLQN.0XE C:\!KillBox Trojan.Starman Deleted.
RTJXHNEK.0XE C:\!KillBox Trojan.Starman Deleted.
SKJNKLKW.0XE C:\!KillBox Trojan.Starman Deleted.
SKRHXBKT.0XE C:\!KillBox Trojan.Starman Deleted.
SKZNZWJX.0XE C:\!KillBox Trojan.Starman Deleted.
SLTSNQRE.0XE C:\!KillBox Trojan.Starman Deleted.
SLVWHSLS.0XE C:\!KillBox Trojan.Starman Deleted.
SLVWHSLS.0XE( 33) C:\!KillBox Trojan.Starman Deleted.
SRLHVJEW.0XE C:\!KillBox Trojan.Starman Deleted.
SSKLJEEB.0XE C:\!KillBox Trojan.Starman Deleted.
SSKLJEEB.0XE( 32) C:\!KillBox Trojan.Starman Deleted.
SSNCNHET.0XE C:\!KillBox Trojan.Starman Deleted.
SSNCNHET.0XE( 31) C:\!KillBox Trojan.Starman Deleted.
SSVEBBSV.0XE C:\!KillBox Trojan.Starman Deleted.
SSVEBBSV.0XE( 30) C:\!KillBox Trojan.Starman Deleted.
SSZTKHBK.0XE C:\!KillBox Trojan.Starman Deleted.
SSZTKHBK.0XE( 29) C:\!KillBox Trojan.Starman Deleted.
SVLHJJKE.0XE C:\!KillBox Trojan.Starman Deleted.
SVLHJJKE.0XE( 28) C:\!KillBox Trojan.Starman Deleted.
SWHTRBBJ.0XE C:\!KillBox Trojan.Starman Deleted.
SWHTRBBJ.0XE( 27) C:\!KillBox Trojan.Starman Deleted.
TENRBQXN.0XE C:\!KillBox Trojan.Starman Deleted.
TENRBQXN.0XE( 26) C:\!KillBox Trojan.Starman Deleted.
TLTRVRSQ.0XE C:\!KillBox Trojan.Starman Deleted.
TLTRVRSQ.0XE( 25) C:\!KillBox Trojan.Starman Deleted.
TRTHKLHJ.0XE C:\!KillBox Trojan.Starman Deleted.
TRTHKLHJ.0XE( 24) C:\!KillBox Trojan.Starman Deleted.
TSBQHEBL.0XE C:\!KillBox Trojan.Starman Deleted.
TSBQHEBL.0XE( 23) C:\!KillBox Trojan.Starman Deleted.
TVTRJNRE.0XE C:\!KillBox Trojan.Starman Deleted.
TVTRJNRE.0XE( 22) C:\!KillBox Trojan.Starman Deleted.
VECLHSNJ.0XE C:\!KillBox Trojan.Starman Deleted.
VECLHSNJ.0XE( 21) C:\!KillBox Trojan.Starman Deleted.
VHJCQJRS.0XE C:\!KillBox Trojan.Starman Deleted.
VHJCQJRS.0XE( 20) C:\!KillBox Trojan.Starman Deleted.
VJVTBLXC.0XE C:\!KillBox Trojan.Starman Deleted.
VJVTBLXC.0XE( 19) C:\!KillBox Trojan.Starman Deleted.
VJWEHNVT.0XE C:\!KillBox Trojan.Starman Deleted.
VJWEHNVT.0XE( 18) C:\!KillBox Trojan.Starman Deleted.
VTNKRNHJ.0XE C:\!KillBox Trojan.Starman Deleted.
VTNKRNHJ.0XE( 17) C:\!KillBox Trojan.Starman Deleted.
WBLSRZHN.0XE C:\!KillBox Trojan.Starman Deleted.
WBLSRZHN.0XE( 16) C:\!KillBox Trojan.Starman Deleted.
WKELHZLH.0XE C:\!KillBox Trojan.Starman Deleted.
WKELHZLH.0XE( 15) C:\!KillBox Trojan.Starman Deleted.
WKQESBHT.0XE C:\!KillBox Trojan.Starman Deleted.
WKQESBHT.0XE( 14) C:\!KillBox Trojan.Starman Deleted.
WSSWNHQR.0XE C:\!KillBox Trojan.Starman Deleted.
WSSWNHQR.0XE( 13) C:\!KillBox Trojan.Starman Deleted.
XLJKKLJC.0XE C:\!KillBox Trojan.Starman Deleted.
XLJKKLJC.0XE( 12) C:\!KillBox Trojan.Starman Deleted.
XNBJQQXJ.0XE C:\!KillBox Trojan.Starman Deleted.
XNBJQQXJ.0XE( 11) C:\!KillBox Trojan.Starman Deleted.
XNLHSRSH.0XE C:\!KillBox Trojan.Starman Deleted.
XNLHSRSH.0XE( 10) C:\!KillBox Trojan.Starman Deleted.
XQLBHHTJ.0XE C:\!KillBox Trojan.Starman Deleted.
XQLBHHTJ.0XE( 9) C:\!KillBox Trojan.Starman Deleted.
ZHRRNLSQ.0XE C:\!KillBox Trojan.Starman Deleted.
ZHRRNLSQ.0XE( 8) C:\!KillBox Trojan.Starman Deleted.
ZJZHRETT.0XE C:\!KillBox Trojan.Starman Deleted.
ZJZHRETT.0XE( 7) C:\!KillBox Trojan.Starman Deleted.
ZKQJLWLV.0XE C:\!KillBox Trojan.Starman Deleted.
ZKQJLWLV.0XE( 6) C:\!KillBox Trojan.Starman Deleted.
ZNVERELZ.0XE C:\!KillBox Trojan.Starman Deleted.
ZNVERELZ.0XE( 5) C:\!KillBox Trojan.Starman Deleted.
ZWKCQWQK.0XE C:\!KillBox Trojan.Starman Deleted.
ZWKCQWQK.0XE( 4) C:\!KillBox Trojan.Starman Deleted.
ZWSWXSLR.0XE C:\!KillBox Trojan.Starman Deleted.
ZWSWXSLR.0XE( 3) C:\!KillBox Trojan.Starman Deleted.
ZXRVRQXB.0XE C:\!KillBox Trojan.Starman Deleted.
ZXRVRQXB.0XE( 2) C:\!KillBox Trojan.Starman Deleted.
inecr.exe C:\Program Files\Insc Probably BACKDOOR.Trojan Incurable.Moved.
Process.exe C:\SDFix\apps Tool.Prockill Incurable.Moved.
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-25-2007, 08:51 AM   #16 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 35,707
OS: 2000 Pro; XP Pro; XP Home


Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm.
  • Click OK.

Enable Windows Auto Update
  • Go to Start>Run - type wuaucpl.cpl
  • tick on the checkbox - "Keep my computer up to date"
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • SPYBOT - SEARCH & DESTROY
    Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  • AD-AWARE
    Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  • IE-SPYAD
    IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here
  • MVPS HOST FILE[/color]
    The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
    • Download Host.zip to your desktop.
    • From your Desktop right-click (hosts.zip) and select:
      Extract All from the menu.
    • Click Next, click Next, select the option:
      "Show Extracted files", click Finish
    • This will open the newly created hosts folder on your Desktop.
    • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  • ANTIVIRUS SOFTWARE
    It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online antivirus scanners:

    Anti-Spyware Tutorial

    Here are two very good free Antivirus products which are available:
  • Avast!
  • AVG

    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Winpatrol - Download and install the free version of Winpatrol.
    A tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software

If you do not have a firewall, here are 4 free ones available for personal use:


In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles
If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006

Microsoft MVP - Consumer Security 2009
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 01-26-2007, 11:00 AM   #17 (permalink)
Registered User
 
hankach's Avatar
 
Join Date: Nov 2004
Posts: 32
OS: win xp


Billion Thanks to you !!!
hankach is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 03:54 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85