Tech Support banner

Status
Not open for further replies.
1 - 6 of 6 Posts

·
Registered
Joined
·
12 Posts
Discussion Starter #1 (Edited)
This has been bothering me for over a month now. I keep on getting pop ups from onindserve or that server busy with retry, swict to , and that greyed out cancel, i just recently got rid of it again useing adaware but I know it will come back. so umm here my log:
(This is my first time useing Hijack this)

Logfile of HijackThis v1.99.1
Scan saved at 5:18:49 PM, on 11/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\??xplore.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\saud\dmte.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Donna\Desktop\castle\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...aults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36E6013F-98F7-9926-86FE-C169358D8CCF} - C:\WINDOWS\system32\fyscrkod.dll
O2 - BHO: (no name) - {4825010A-9C99-9A40-B1A5-C459A6F5A99F} - C:\WINDOWS\system32\cfn.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {EE7B7A99-B85E-EDD9-2BE7-B09EFA105C95} - C:\WINDOWS\system32\hnorrt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Ubes] C:\Program Files\otoc\irpe.exe
O4 - HKCU\..\Run: [Taae] C:\Program Files\emtr\sast.exe
O4 - HKCU\..\Run: [Oaaa] C:\Program Files\curs\tosr.exe
O4 - HKCU\..\Run: [Ggm] C:\WINDOWS\system32\n?lookup.exe
O4 - HKCU\..\Run: [Tmae] C:\Program Files\etrr\rpst.exe
O4 - HKCU\..\Run: [Myrtnjkq] C:\WINDOWS\system32\??xplore.exe
O4 - HKCU\..\Run: [Ugllk] C:\WINDOWS\system32\r?ndll32.exe
O4 - HKCU\..\Run: [Rapn] C:\Program Files\naoa\omom.exe
O4 - HKCU\..\Run: [Qch] C:\WINDOWS\system32\m?iexec.exe
O4 - HKCU\..\Run: [Ocua] C:\Program Files\atwc\tpuh.exe
O4 - HKCU\..\Run: [Nhsd] C:\Program Files\aaei\wiea.exe
O4 - HKCU\..\Run: [Pla] C:\WINDOWS\system32\m?dtc.exe
O4 - HKCU\..\Run: [Wcom] C:\Program Files\ptor\lrot.exe
O4 - HKCU\..\Run: [Ohgnshw] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [Wsom] C:\Program Files\shoo\dbou.exe
O4 - HKCU\..\Run: [Ptao] C:\Program Files\cccb\sede.exe
O4 - HKCU\..\Run: [Uial] C:\Program Files\orrt\mtrr.exe
O4 - HKCU\..\Run: [Cfgcv] C:\WINDOWS\system32\?hkntfs.exe
O4 - HKCU\..\Run: [Kolue] C:\WINDOWS\system32\?vchost.exe
O4 - HKCU\..\Run: [Ezbc] C:\WINDOWS\system32\l?***.exe
O4 - HKCU\..\Run: [Ster] C:\Program Files\rwwa\eoui.exe
O4 - HKCU\..\Run: [Patw] C:\Program Files\rlsn\eata.exe
O4 - HKCU\..\Run: [Pde] C:\WINDOWS\system32\??chost.exe
O4 - HKCU\..\Run: [Riid] "C:\Program Files\asam\usaa.exe" -vt tzt
O4 - HKCU\..\Run: [Weutsub] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [Onre] "C:\Program Files\slro\cart.exe" -vt tzt
O4 - HKCU\..\Run: [Bmeh] C:\WINDOWS\system32\w?auboot.exe
O4 - HKCU\..\Run: [Opae] "C:\Program Files\usra\asri.exe" -vt tzt
O4 - HKCU\..\Run: [Qmmxrk] C:\WINDOWS\system32\r?gsvr32.exe
O4 - HKCU\..\Run: [Eael] "C:\Program Files\artu\utup.exe" -vt tzt
O4 - HKCU\..\Run: [Ioou] "C:\Program Files\eiat\saar.exe" -vt tzt
O4 - HKCU\..\Run: [Revwr] C:\WINDOWS\system32\w?nword.exe
O4 - HKCU\..\Run: [Teaa] "C:\Program Files\saud\dmte.exe" -vt tzt
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Hi and Welcome
It may help to print out or copy this page as you will be working in Safe Mode.. Make sure to work through the fixes in the exact order its listed..


Download any of the required programs before attempting to start any of the fixes.




SHOW HIDDEN FILES AND FOLDERS.
To show hidden files instructions (WinXP)
Doubleclick My Computer | Tools | Folder Options | View tab
Select Show Hidden Files and Folders
Uncheck Hide extensions for known file types
Uncheck Hide protected operating system files (Recommended)
Select Apply to All Folders | Yes | Apply | OK
------------------------------------------------------------------

Files highlighted in BLACK will need to be removed from your hard drive.

Folders that have been highlighted RED will need to be uninstalled.

------------------------------------------------------------------


Download Killbox and unzip the file to your Desktop and have it ready to use.
----------------------------------------------------------------

Please download and install this Ewido Security Suite first....Please do the scan in safe mode. During reboot, tap the F8 key. Select Safe Mode


When installing, under 'Additional Options' uncheck: "Install background guard" and "Install scan via context menu"

To open the main screen double click the icon on the desktop.

You will get a warning 'Database could not be found!'.(only if no updated have first been installed) Click OK.

Update to the latest definition files.On the left of the main screen click Update.Then click on Start Update.Let it complete the updates.


Now Click on Scanner and Click on Complete System Scan and the scan will start.

During some scans it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.

If a file is detected you KNOW to be legitimate, select None as the action. Do NOT select 'Perform action on all infections'

If you are unsure of any entry found play safe and select None as the action.
Press the button marked Save Report

Save the report .txt file to your desktop or somewhere you can find it and reboot.Post it back with your next HJT log.



-----------------------------------------------------------------------

Please start by putting HJT in SAFE MODE. During reboot, tap the F8 key. Select Safe Mode and then run "Hijack This"
------------------------------------------------------------------





Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
O2 - BHO: (no name) - {36E6013F-98F7-9926-86FE-C169358D8CCF} - C:\WINDOWS\system32\fyscrkod.dll
O2 - BHO: (no name) - {4825010A-9C99-9A40-B1A5-C459A6F5A99F} - C:\WINDOWS\system32\cfn.dll
O2 - BHO: (no name) - {EE7B7A99-B85E-EDD9-2BE7-B09EFA105C95} - C:\WINDOWS\system32\hnorrt.dll
O4 - HKCU\..\Run: [Ubes] C:\Program Files\otoc\irpe.exe
O4 - HKCU\..\Run: [Taae] C:\Program Files\emtr\sast.exe
O4 - HKCU\..\Run: [Oaaa] C:\Program Files\curs\tosr.exe
O4 - HKCU\..\Run: [Ggm] C:\WINDOWS\system32\n?lookup.exe
O4 - HKCU\..\Run: [Tmae] C:\Program Files\etrr\rpst.exe
O4 - HKCU\..\Run: [Myrtnjkq] C:\WINDOWS\system32\??xplore.exe
O4 - HKCU\..\Run: [Ugllk] C:\WINDOWS\system32\r?ndll32.exe
O4 - HKCU\..\Run: [Rapn] C:\Program Files\naoa\omom.exe
O4 - HKCU\..\Run: [Qch] C:\WINDOWS\system32\m?iexec.exe
O4 - HKCU\..\Run: [Ocua] C:\Program Files\atwc\tpuh.exe
O4 - HKCU\..\Run: [Nhsd] C:\Program Files\aaei\wiea.exe
O4 - HKCU\..\Run: [Pla] C:\WINDOWS\system32\m?dtc.exe
O4 - HKCU\..\Run: [Wcom] C:\Program Files\ptor\lrot.exe
O4 - HKCU\..\Run: [Ohgnshw] C:\WINDOWS\system32\w?wexec.exe
O4 - HKCU\..\Run: [Wsom] C:\Program Files\shoo\dbou.exe
O4 - HKCU\..\Run: [Ptao] C:\Program Files\cccb\sede.exe
O4 - HKCU\..\Run: [Uial] C:\Program Files\orrt\mtrr.exe
O4 - HKCU\..\Run: [Cfgcv] C:\WINDOWS\system32\?hkntfs.exe
O4 - HKCU\..\Run: [Kolue] C:\WINDOWS\system32\?vchost.exe
O4 - HKCU\..\Run: [Ezbc] C:\WINDOWS\system32\l?***.exe
O4 - HKCU\..\Run: [Ster] C:\Program Files\rwwa\eoui.exe
O4 - HKCU\..\Run: [Patw] C:\Program Files\rlsn\eata.exe
O4 - HKCU\..\Run: [Pde] C:\WINDOWS\system32\??chost.exe
O4 - HKCU\..\Run: [Riid] "C:\Program Files\asam\usaa.exe" -vt tzt
O4 - HKCU\..\Run: [Weutsub] C:\WINDOWS\system32\??erinit.exe
O4 - HKCU\..\Run: [Onre] "C:\Program Files\slro\cart.exe" -vt tzt
O4 - HKCU\..\Run: [Bmeh] C:\WINDOWS\system32\w?auboot.exe
O4 - HKCU\..\Run: [Opae] "C:\Program Files\usra\asri.exe" -vt tzt
O4 - HKCU\..\Run: [Qmmxrk] C:\WINDOWS\system32\r?gsvr32.exe
O4 - HKCU\..\Run: [Eael] "C:\Program Files\artu\utup.exe" -vt tzt
O4 - HKCU\..\Run: [Ioou] "C:\Program Files\eiat\saar.exe" -vt tzt
O4 - HKCU\..\Run: [Revwr] C:\WINDOWS\system32\w?nword.exe
O4 - HKCU\..\Run: [Teaa] "C:\Program Files\saud\dmte.exe" -vt tzt



------------------------------------------------------------------
Now use KillBox...

Right click and drag your cursor over the below files to highlight them and then.use Control+C to copy them to the clipboard..Open KILLBOX and go to File and click on"Paste From Clipboard". All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there) . Then checkmark the "Delete on Reboot" box..and click the red X. You will get a message saying "File will be deleted on next reboot" , Process and Reboot now?" Click "Yes" and post a new log when you have rebooted.

C:\Program Files\otoc\irpe.exe
C:\Program Files\emtr\sast.exe
C:\Program Files\curs\tosr.exe
C:\WINDOWS\system32\n?lookup.exe
C:\Program Files\etrr\rpst.exe
C:\WINDOWS\system32\??xplore.exe
C:\WINDOWS\system32\r?ndll32.exe
C:\Program Files\naoa\omom.exe
C:\WINDOWS\system32\m?iexec.exe
C:\Program Files\atwc\tpuh.exe
C:\Program Files\aaei\wiea.exe
C:\WINDOWS\system32\m?dtc.exe
C:\Program Files\ptor\lrot.exe
C:\WINDOWS\system32\w?wexec.exe
C:\Program Files\shoo\dbou.exe
C:\Program Files\cccb\sede.exe
C:\Program Files\orrt\mtrr.exe
C:\WINDOWS\system32\?hkntfs.exe
C:\WINDOWS\system32\?vchost.exe
C:\WINDOWS\system32\l?***.exe
C:\Program Files\rwwa\eoui.exe
C:\Program Files\rlsn\eata.exe
C:\WINDOWS\system32\??chost.exe
C:\Program Files\asam\usaa.exe
C:\WINDOWS\system32\??erinit.exe
C:\Program Files\slro\cart.exe
C:\WINDOWS\system32\w?auboot.exe
C:\Program Files\usra\asri.exe
C:\WINDOWS\system32\r?gsvr32.exe
C:\Program Files\artu\utup.exe
C:\Program Files\eiat\saar.exe"
C:\WINDOWS\system32\w?nword.exe
C:\Program Files\saud\dmte.exe


Open Windows Explorer and delete the following red file/folder/s in Program Files if present

C:\Program Files\slro
C:\Program Files\usra
C:\Program Files\artu
C:\Program Files\eiat
C:\Program Files\saud
C:\Program Files\otoc
C:\Program Files\emtr
C:\Program Files\curs
C:\Program Files\etrr
C:\Program Files\naoa
C:\Program Files\atwc
C:\Program Files\aaei
C:\Program Files\ptor
C:\Program Files\shoo
C:\Program Files\cccb
C:\Program Files\orrt
C:\Program Files\rwwa
C:\Program Files\rlsn
C:\Program Files\asam

-------------------------------------------------------------------

Reboot when finished and please post a new log......
 

·
Registered
Joined
·
12 Posts
Discussion Starter #5
here my hjt log, need to go to safe mode and find my ewido log i'll do taht after school, thanks in advance:

Logfile of HijackThis v1.99.1
Scan saved at 6:21:34 AM, on 11/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\iore\owrb.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\AdSubtract\adsub.exe
C:\Documents and Settings\Donna\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=AdSubtract:4444
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Adbo] C:\Program Files\iore\owrb.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AdSubtract.lnk = C:\Program Files\AdSubtract\adsub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
 

·
Security Team (ret.)
Joined
·
7,403 Posts
Hi
So far you are doing very well.Just this last bit to do and then you will be all clean.

Run HJT and fix these item an delete the hightlighted file/folder if they are there...


R3 - URLSearchHook: (no name) - <default> - (no file)
O4 - HKCU\..\Run: [Adbo] C:\Program Files\iore\owrb.exe
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)


C:\Program Files\iore\owrb.exe <-- file
C:\Program Files\Accoona <--- folder
 
1 - 6 of 6 Posts
Status
Not open for further replies.
Top