Tech Support banner

Status
Not open for further replies.
1 - 4 of 4 Posts

·
Registered
Joined
·
2 Posts
Discussion Starter #1
Logfile of HijackThis v1.99.1
Scan saved at 22:42:57, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Yael\My Documents\oren\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.il/Default.asp
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113921511030
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129993905468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O20 - Winlogon Notify: WASHData - C:\WINDOWS\system32\enj4l11q1.dll
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hello oren_sh and welcome to TSF,

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! (Alternate Link if main link doesn't work) and install it. Do not run it yet.

Please download and install the trial version of Webroot SpySweeper (8.3MB) http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT02

When SpySweeper starts, please accept any prompts to update definitions. Do not run the program yet.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp! If you have a 64 bit Operating System do NOT run Cleanup and let me know as we will use another utility

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Standard CleanUp!"
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
-Scan local drives for temporary files
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

Open SpySweeper and Configure it as follows:
*From the left pane, click Options
*Select the Sweep Options tab & ensure the following are ticked:
-Sweep Memory
-Sweep Registry
-Sweep Cookies
-Sweep All Users accounts
*Do Not Sweep System Restore Folder
*Enable Direct Disk Sweeping
*Sweep For Rootkits
After that's done, select Sweep from the left pane & click on the Start button

Allow Spysweeper to reboot your machine to remove the infected files.
*After rebooting, launch SpySweeper & select Results from the left pane
*Click the 'Session Log' tab & choose Save to File to create a log.

Post that in your next reply along with a new HJT log.
 

·
Registered
Joined
·
2 Posts
Discussion Starter #3
spysweeper and HJT logs

first let me say TANKS :grin:
this is spysweeper

********
21:25: | Start of Session, יום*רביעי 02 נובמבר 2005 |
21:25: Spy Sweeper started
21:25: Sweep initiated using definitions version 564
21:25: Starting Memory Sweep
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:26: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:26: Found Adware: icannnews
21:26: Detected running threat: C:\WINDOWS\system32\gp8ql3l51.dll (ID = 83)
21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:27: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: Detected running threat: C:\WINDOWS\system32\gvtext.dll (ID = 83)
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:28: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: Memory Sweep Complete, Elapsed Time: 00:03:55
21:29: Starting Registry Sweep
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:29: Found Adware: azsearch toolbar
21:29: HKCR\azentretien.loader\ (5 subtraces) (ID = 103886)
21:29: HKLM\software\azentretienco\ (3 subtraces) (ID = 103905)
21:29: HKLM\software\classes\azentretien.loader\ (5 subtraces) (ID = 103910)
21:30: Registry Sweep Complete, Elapsed Time:00:00:59
21:30: Starting Cookie Sweep
21:30: Cookie Sweep Complete, Elapsed Time: 00:00:00
21:30: Starting File Sweep
21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:30: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:30: Found Adware: surf accuracy
21:30: a8ac929a-21d5-483d-a5a7-99dc8d (ID = 162775)
21:30: Found Adware: effective-i toolbar
21:30: db13e604-735a-4b44-b0e3-eb61d8 (ID = 106574)
21:31: 909a82b4-5893-4ef3-abab-1b0abd (ID = 162775)
21:31: 3207027b-c653-4118-b0ac-a41bd5 (ID = 50337)
21:31: 9c717585-6a2b-41cc-a618-ba6217 (ID = 50344)
21:31: azesearch.bmp (ID = 50322)
21:31: 40c317ce-de84-4ff1-9e18-f9c3f9 (ID = 50337)
21:31: Found Adware: isearch desktop search
21:31: 72750256-1560-47de-8e40-b64c51 (ID = 144946)
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:32: Found Adware: apropos
21:32: wingenerics.dll (ID = 50187)
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:33: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:33: e0a6602b-d5e5-4e53-abe1-96aefc (ID = 180158)
21:33: ca4fed63-7177-40aa-abb0-12db12 (ID = 180158)
21:34: atmtd.dll (ID = 166754)
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:34: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:35: atmtd.dll._ (ID = 166754)
21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:35: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:35: Found Adware: sp2ms
21:35: sp2update00.exe (ID = 148759)
21:35: Found Adware: ist yoursitebar
21:35: ysbinstall_1003585.exe (ID = 166206)
21:35: Found Adware: look2me
21:35: icont.exe (ID = 65722)
21:35: mte3ndi6odoxng.exe (ID = 178687)
21:35: drsmartload.exe (ID = 178567)
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: installer.exe (ID = 168558)
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:36: b14acdb1-16c7-4583-b248-0cdd25 (ID = 50329)
21:36: 8d886098-e279-4605-99e9-81b864 (ID = 50329)
21:36: a3dc46ed-3d30-442e-8e76-3aa0fa (ID = 59855)
21:36: 94333e60-88f0-4905-8518-a67d45 (ID = 59838)
21:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:37: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:37: Found System Monitor: potentially rootkit-masked files
21:37: terrator.exe (ID = 0)
21:37: cisscp32.exe (ID = 0)
21:37: dmoptdll.exe (ID = 0)
21:37: ace.dll (ID = 0)
21:37: data.bin (ID = 0)
21:37: riotbios.sys (ID = 0)
21:37: ai_02-11-2005.log (ID = 0)
21:37: ai_30-10-2005.log (ID = 0)
21:37: ai_31-10-2005.log (ID = 0)
21:37: ai_29-10-2005.log (ID = 0)
21:37: ai_01-11-2005.log (ID = 0)
21:37: ai_27-10-2005.log (ID = 0)
21:37: File Sweep Complete, Elapsed Time: 00:06:48
21:37: Full Sweep has completed. Elapsed time 00:11:51
21:37: Traces Found: 53
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:38: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:38: Removal process initiated
21:39: Quarantining All Traces: potentially rootkit-masked files
21:39: potentially rootkit-masked files is in use. It will be removed on reboot.
21:39: terrator.exe is in use. It will be removed on reboot.
21:39: cisscp32.exe is in use. It will be removed on reboot.
21:39: dmoptdll.exe is in use. It will be removed on reboot.
21:39: ace.dll is in use. It will be removed on reboot.
21:39: data.bin is in use. It will be removed on reboot.
21:39: riotbios.sys is in use. It will be removed on reboot.
21:39: ai_02-11-2005.log is in use. It will be removed on reboot.
21:39: ai_30-10-2005.log is in use. It will be removed on reboot.
21:39: ai_31-10-2005.log is in use. It will be removed on reboot.
21:39: ai_29-10-2005.log is in use. It will be removed on reboot.
21:39: ai_01-11-2005.log is in use. It will be removed on reboot.
21:39: ai_27-10-2005.log is in use. It will be removed on reboot.
21:39: Quarantining All Traces: look2me
21:39: Quarantining All Traces: apropos
21:39: apropos is in use. It will be removed on reboot.
21:39: wingenerics.dll is in use. It will be removed on reboot.
21:39: Quarantining All Traces: azsearch toolbar
21:39: Quarantining All Traces: effective-i toolbar
21:39: Quarantining All Traces: icannnews
21:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:39: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:39: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:39: icannnews is in use. It will be removed on reboot.
21:39: C:\WINDOWS\system32\gp8ql3l51.dll is in use. It will be removed on reboot.
21:39: C:\WINDOWS\system32\gvtext.dll is in use. It will be removed on reboot.
21:39: Quarantining All Traces: isearch desktop search
21:39: Quarantining All Traces: ist yoursitebar
21:39: Quarantining All Traces: sp2ms
21:39: Quarantining All Traces: surf accuracy
21:40: Preparing to restart your computer. Please wait...
21:40: Removal process completed. Elapsed time 00:02:04
********
21:19: | Start of Session, יום*רביעי 02 נובמבר 2005 |
21:19: Spy Sweeper started
21:20: Your spyware definitions have been updated.
21:21: Updating spyware definitions
21:21: Your definitions are up to date.
21:21: Updating spyware definitions
21:21: Your definitions are up to date.
21:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:25: The Spy Communication shield has blocked access to: www.ad-w-a-r-e.com
21:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:25: The Spy Communication shield has blocked access to: www.a-d-w-a-r-e.com
21:25: | End of Session, יום*רביעי 02 נובמבר 2005 |
*****************************************
*****************************************
the HJT log

Logfile of HijackThis v1.99.1
Scan saved at 21:46:38, on 02/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Babylon\Babylon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\ECI Telecoms\ECI USB ADSL\dslmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Yael\My Documents\oren\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.il/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.il/Default.asp
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Program Files\Babylon\Babylon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1113921511030
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129993905468
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E18924E2-0E36-4248-8234-2FFFD27FDF0A}: NameServer = 192.116.202.222 213.8.172.83
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

******************************************

please tel me it is over
 

·
TSF Security Manager, Emeritus
Joined
·
42,837 Posts
Hi oren_sh,

It's looking real good. :smile: Let's perform one more scan to see if anything is lurking.

Please run an online scan at http://www.pandasoftware.com/products/activescan.htm
Make sure you click the "Free Online Virus Scan" in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan.

  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply along with a new HijackThis log.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
 
1 - 4 of 4 Posts
Status
Not open for further replies.
Top