Tech Support banner

Status
Not open for further replies.
1 - 2 of 2 Posts

·
Registered
Joined
·
55 Posts
Discussion Starter #1
hello hope someone here can help. several times i have found this file on my desktop. i don't know what it is or where it comes from. anyone know? it is really starting to worry me. i run windows xp and norton antivirus, which says i have 2 trogens in quarintine and 8 adware threats.


An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : EXCEPTION_ACCESS_VIOLATION (0xc0000005) occurred at PC=0x6BA23CF
Function=Java_sun_awt_windows_WColor_getDefaultColor+0x2E0D
Library=C:\Program Files\Java\j2re1.4.2\bin\awt.dll

Current Java thread:
at sun.awt.windows.WToolkit.eventLoop(Native Method)
at sun.awt.windows.WToolkit.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

Dynamic libraries:
0x00400000 - 0x00419000 C:\Program Files\Internet Explorer\iexplore.exe
0x7C900000 - 0x7C9B0000 C:\WINDOWS\system32\ntdll.dll
0x7C800000 - 0x7C8F4000 C:\WINDOWS\system32\kernel32.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77D40000 - 0x77DD0000 C:\WINDOWS\system32\USER32.dll
0x77F10000 - 0x77F56000 C:\WINDOWS\system32\GDI32.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F01000 C:\WINDOWS\system32\RPCRT4.dll
0x77760000 - 0x778CC000 C:\WINDOWS\system32\SHDOCVW.dll
0x77A80000 - 0x77B14000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x754D0000 - 0x75550000 C:\WINDOWS\system32\CRYPTUI.dll
0x76C30000 - 0x76C5E000 C:\WINDOWS\system32\WINTRUST.dll
0x76C90000 - 0x76CB8000 C:\WINDOWS\system32\IMAGEHLP.dll
0x77120000 - 0x771AC000 C:\WINDOWS\system32\OLEAUT32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x5B860000 - 0x5B8B4000 C:\WINDOWS\system32\NETAPI32.dll
0x771B0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x773D0000 - 0x774D2000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
0x7C9C0000 - 0x7D1D5000 C:\WINDOWS\system32\SHELL32.dll
0x5D090000 - 0x5D127000 C:\WINDOWS\system32\comctl32.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x67330000 - 0x6735F000 C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll
0x7C340000 - 0x7C396000 C:\WINDOWS\system32\MSVCR71.dll
0x75F80000 - 0x7607D000 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 - 0x20012000 C:\WINDOWS\system32\browselc.dll
0x77B40000 - 0x77B62000 C:\WINDOWS\system32\appHelp.dll
0x76FD0000 - 0x7704F000 C:\WINDOWS\system32\CLBCATQ.DLL
0x77050000 - 0x77115000 C:\WINDOWS\system32\COMRes.dll
0x77260000 - 0x772FF000 C:\WINDOWS\system32\urlmon.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x77A20000 - 0x77A74000 C:\WINDOWS\System32\cscui.dll
0x76600000 - 0x7661D000 C:\WINDOWS\System32\CSCDLL.dll
0x77920000 - 0x77A13000 C:\WINDOWS\system32\SETUPAPI.dll
0x01670000 - 0x016F8000 C:\WINDOWS\system32\shdoclc.dll
0x10000000 - 0x1000B000 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
0x01930000 - 0x01948000 C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
0x7C3A0000 - 0x7C41B000 C:\WINDOWS\system32\MSVCP71.dll
0x6AF30000 - 0x6AF6D000 C:\Program Files\Common Files\Symantec Shared\ccL30.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\WS2_32.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x01990000 - 0x019C5000 C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
0x7C120000 - 0x7C139000 C:\WINDOWS\system32\ATL71.DLL
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x019D0000 - 0x01C95000 C:\WINDOWS\system32\xpsp2res.dll
0x01900000 - 0x01906000 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\KeyboardHookDll.dll
0x7C000000 - 0x7C055000 C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMVCR70.dll
0x71D40000 - 0x71D5C000 C:\WINDOWS\system32\actxprxy.dll
0x75CF0000 - 0x75D81000 C:\WINDOWS\system32\mlang.dll
0x71A50000 - 0x71A8F000 C:\WINDOWS\system32\mswsock.dll
0x662B0000 - 0x66308000 C:\WINDOWS\system32\hnetcfg.dll
0x71A90000 - 0x71A98000 C:\WINDOWS\System32\wshtcpip.dll
0x76EE0000 - 0x76F1C000 C:\WINDOWS\system32\RASAPI32.DLL
0x76E90000 - 0x76EA2000 C:\WINDOWS\system32\rasman.dll
0x76EB0000 - 0x76EDF000 C:\WINDOWS\system32\TAPI32.dll
0x76E80000 - 0x76E8E000 C:\WINDOWS\system32\rtutils.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x77C70000 - 0x77C93000 C:\WINDOWS\system32\msv1_0.dll
0x76D60000 - 0x76D79000 C:\WINDOWS\system32\iphlpapi.dll
0x745E0000 - 0x748A6000 C:\WINDOWS\system32\msi.dll
0x75E90000 - 0x75F40000 C:\WINDOWS\system32\SXS.DLL
0x722B0000 - 0x722B5000 C:\WINDOWS\system32\sensapi.dll
0x769C0000 - 0x76A73000 C:\WINDOWS\system32\USERENV.dll
0x76F20000 - 0x76F47000 C:\WINDOWS\system32\DNSAPI.dll
0x76FC0000 - 0x76FC6000 C:\WINDOWS\system32\rasadhlp.dll
0x60300000 - 0x60307000 C:\Program Files\Yahoo!\Messenger\idle.dll
0x7D4A0000 - 0x7D787000 C:\WINDOWS\system32\mshtml.dll
0x02350000 - 0x02377000 C:\WINDOWS\system32\msls31.dll
0x028A0000 - 0x028CA000 C:\WINDOWS\system32\msimtf.dll
0x028D0000 - 0x0291B000 C:\WINDOWS\system32\MSCTF.dll
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.DLL
0x02940000 - 0x02954000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll
0x02960000 - 0x02973000 C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll
0x6B180000 - 0x6B192000 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
0x0FFD0000 - 0x0FFF8000 C:\WINDOWS\system32\rsaenh.dll
0x75C50000 - 0x75CBE000 c:\windows\system32\jscript.dll
0x76980000 - 0x76988000 C:\WINDOWS\system32\LINKINFO.dll
0x76990000 - 0x769B5000 C:\WINDOWS\system32\ntshrui.dll
0x76B20000 - 0x76B31000 C:\WINDOWS\system32\ATL.DLL
0x76200000 - 0x76271000 C:\WINDOWS\system32\mshtmled.dll
0x66E50000 - 0x66E90000 C:\WINDOWS\system32\iepeers.dll
0x73000000 - 0x73026000 C:\WINDOWS\system32\WINSPOOL.DRV
0x6D440000 - 0x6D450000 C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
0x5EDD0000 - 0x5EDE7000 C:\WINDOWS\system32\OLEPRO32.DLL
0x6D310000 - 0x6D327000 C:\Program Files\Java\j2re1.4.2\bin\jpiexp32.dll
0x76FB0000 - 0x76FB8000 C:\WINDOWS\System32\winrnr.dll
0x6D380000 - 0x6D397000 C:\Program Files\Java\j2re1.4.2\bin\jpishare.dll
0x08000000 - 0x08136000 C:\PROGRA~1\Java\J2RE14~1.2\bin\client\jvm.dll
0x032A0000 - 0x032A7000 C:\PROGRA~1\Java\J2RE14~1.2\bin\hpi.dll
0x032C0000 - 0x032CE000 C:\PROGRA~1\Java\J2RE14~1.2\bin\verify.dll
0x032D0000 - 0x032E8000 C:\PROGRA~1\Java\J2RE14~1.2\bin\java.dll
0x03F20000 - 0x03F2D000 C:\PROGRA~1\Java\J2RE14~1.2\bin\zip.dll
0x06B30000 - 0x06C3A000 C:\Program Files\Java\j2re1.4.2\bin\awt.dll
0x06C40000 - 0x06C90000 C:\Program Files\Java\j2re1.4.2\bin\fontmanager.dll
0x73760000 - 0x737A9000 C:\WINDOWS\system32\ddraw.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\system32\DCIMAN32.dll
0x73940000 - 0x73A10000 C:\WINDOWS\system32\D3DIM700.DLL
0x6D2F0000 - 0x6D304000 C:\Program Files\Java\j2re1.4.2\bin\jpicom32.dll
0x076A0000 - 0x076AF000 C:\Program Files\Java\j2re1.4.2\bin\net.dll
0x07DE0000 - 0x07DFE000 C:\Program Files\Java\j2re1.4.2\bin\jpeg.dll
0x08240000 - 0x083AC000 C:\WINDOWS\system32\quartz.dll
0x75F40000 - 0x75F51000 C:\WINDOWS\system32\devenum.dll
0x72D20000 - 0x72D29000 C:\WINDOWS\system32\wdmaud.drv
0x72D10000 - 0x72D18000 C:\WINDOWS\system32\msacm32.drv
0x77BE0000 - 0x77BF5000 C:\WINDOWS\system32\MSACM32.dll
0x77BD0000 - 0x77BD7000 C:\WINDOWS\system32\midimap.dll
0x1C000000 - 0x1C006000 C:\WINDOWS\HKNTDLL.dll
0x01800000 - 0x01822000 C:\Program Files\Java\j2re1.4.2\bin\dcpr.dll
0x59A60000 - 0x59B01000 C:\WINDOWS\system32\DBGHELP.dll
0x76BF0000 - 0x76BFB000 C:\WINDOWS\system32\PSAPI.DLL

Heap at VM Abort:
Heap
def new generation total 6848K, used 1963K [0x10010000, 0x10770000, 0x10770000)
eden space 6144K, 27% used [0x10010000, 0x101bc8a8, 0x10610000)
from space 704K, 35% used [0x106c0000, 0x106fe5f0, 0x10770000)
to space 704K, 0% used [0x10610000, 0x10610000, 0x106c0000)
tenured generation total 90752K, used 59788K [0x10770000, 0x16010000, 0x16010000)
the space 90752K, 65% used [0x10770000, 0x141d30b8, 0x141d3200, 0x16010000)
compacting perm gen total 7168K, used 7063K [0x16010000, 0x16710000, 0x1a010000)
the space 7168K, 98% used [0x16010000, 0x166f5d10, 0x166f5e00, 0x16710000)

Local Time = Sat Oct 29 14:59:44 2005
Elapsed Time = 2296
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2-b28 mixed mode)
#
:4-dontkno
i ask about this on another thread they said to run a hijackthis log and post it here

Logfile of HijackThis v1.99.1
Scan saved at 5:40:37 PM, on 10/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AIM\aim.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.gateway.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LXBTCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTserv.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 

·
TSF Security Team, Emeritus
Joined
·
6,962 Posts
Hi and Welcome to TSF

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Please go to at least two of these sites and run an online Virus Scan.
Be sure to have the AutoFix box(s) checked.

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=ie&venid=sym
http://www3.ca.com/virusinfo/virusscan.aspx

Go to My Computer->Tools->Folder Options->View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing/visible.
Please make sure system restore is enabled by right clicking on My Computer and go to Properties->System Restore and check the box for Turn OFF System Restore and make sure it’s NOT checked. We want system restore ON and monitoring your current hard drive. Once your clean we will turn this off and then back on to remove the infection from the restore folder and create a clean restore point.

Reboot into Safe Mode (hit F8 key until menu shows up). Make sure to close any open browsers. Open add/remove programs and remove WeatherBug

Check and fix the following in HijackThis if they still exist (make sure you do not miss an entry)

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)


C:\Program Files\AWS<--delete that folder

ShowWnd.exe<--locate and delete that file

Reboot back to normal windows...

Please run an online scan at http://www.pandasoftware.com/products/activescan.htm
Make sure you click the ”Free Online Virus Scan” in the upper right hand corner of the page under the Free use Activescan header. We do NOT want the default spyXposer scan.
Once it has finished save the activescan log. Then post that log in your next post along with another hijackthis log.
 
1 - 2 of 2 Posts
Status
Not open for further replies.
Top