Joined
·
7 Posts
My system is infected with some virus which i am not able to get rid off. Please help me get rid of these virus.
Symptoms and observations:
- system hangs in 5-15 minutes. Acts as if it has its own brain.
- task manager shows 100% cpu usage in no time
- system makes beeping sound
- at start up i get "Error loading: C:/documents and settings/..../local settings/application data/hrcopul.dll" The specified module couldn't be found.
- Downloader.Agent.uj shows up no matter how many times i delete it in Anti spyware programs. Downloader.Agent.uj shows up in AVG Anti-spyware 7.x (latest version)
- at the system startup it directly starts without giving me an option to select 'Start using windows 2000 professional'. I am not sure if i am supposed to be concerned about this. However if i use F8 at system start up i get those options which would ask you if i need to start in safe mode, etc..
Threats that show up in AVG Anti-spyware program:
- Downloader.Agent.uj
- Downloader.small.buy
- Downloader.Tibs.jy
I also noticed Trojon, and some other worms before. I am not able to run my AVG Anti-spyware program long enough to get these worms show again.
HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:59:41 AM, on 1/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\ccsrvc.exe
C:\Program Files\myCompanyName VPN Client\cvpnd.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\technesis\enterprise\service\tnSvcNT.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\atiptaxx.exe
C:\Altiris\AClient\AClntUsr.EXE
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\aexruncontrol.exe
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXInvSoln.exe
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\aexauditpls.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINNT\system32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {15651C7C-E812-44a2-A9AC-B467A2233E7D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ptbjdsg.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - C:\WINNT\system32\nweipeg.dll (file missing)
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINNT\system32\BHOManager.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\kernels1118.exe
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINNT\system32\rundll32.exe "C:\Documents and Settings\neelaps\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [ntdll.dll] C:\Windows\xpupdate.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: myCompanyName VPN Client.lnk = C:\Program Files\myCompanyName VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165665269086
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = myCompanyName.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{102240BD-2E4C-40AF-8F9C-6F40B2A8A34D}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{34B23320-7ECC-4B92-BC29-E83DF4DCE302}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{53D5B2E0-24B5-4F65-8102-CC7A91348871}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{C64E0CB7-AC74-4554-9606-35EB651BC984}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = myCompanyName.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = myCompanyName.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{102240BD-2E4C-40AF-8F9C-6F40B2A8A34D}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = myCompanyName.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = myCompanyName.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O17 - HKLM\System\CS2\Services\Tcpip\..\{102240BD-2E4C-40AF-8F9C-6F40B2A8A34D}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = myCompanyName.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - (no file)
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Hkjbmmmd.dll (file missing)
O21 - SSODL: wvLxmaatL - {50C836A0-FA62-9C0A-766A-0F4071FA1E22} - C:\WINNT\system32\cdab.dll (file missing)
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINNT\system32\ccsrvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINNT\system32\svchosts.exe" -e te-110-12-0000273 (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\myCompanyName VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXlm Service 1 - Globetrotter Software Inc - C:\Program Files\ESRI\License\Lmgrd.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
O23 - Service: Technesis Services - Technesis - C:\WINNT\technesis\enterprise\service\tnSvcNT.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\atuvkvm.exe (file missing)
O23 - Service: SMS Remote Control Agent (Wuser32) - Unknown owner - C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe (file missing)
Anti-virus software programs that i have on my system
- AVG Anti-spyware 7.x version
- HijackThis
- Spybot
- CCleaner
- CwShredder
- Ad-Adware SE Personal
- Hoster
- KillBox (i haven't used this yet)
- Norton Anti-virus
AVG Anti-spyware program never runs completely without hanging up inbetween especially when i run a 'Complete system scan'.
I followed the scanning steps that were outlined at :http://www.techsupportforum.com/sec...lease-read-before-posting-hijackthis-log.html
Thanks in advance
Symptoms and observations:
- system hangs in 5-15 minutes. Acts as if it has its own brain.
- task manager shows 100% cpu usage in no time
- system makes beeping sound
- at start up i get "Error loading: C:/documents and settings/..../local settings/application data/hrcopul.dll" The specified module couldn't be found.
- Downloader.Agent.uj shows up no matter how many times i delete it in Anti spyware programs. Downloader.Agent.uj shows up in AVG Anti-spyware 7.x (latest version)
- at the system startup it directly starts without giving me an option to select 'Start using windows 2000 professional'. I am not sure if i am supposed to be concerned about this. However if i use F8 at system start up i get those options which would ask you if i need to start in safe mode, etc..
Threats that show up in AVG Anti-spyware program:
- Downloader.Agent.uj
- Downloader.small.buy
- Downloader.Tibs.jy
I also noticed Trojon, and some other worms before. I am not able to run my AVG Anti-spyware program long enough to get these worms show again.
HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 8:59:41 AM, on 1/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\ccsrvc.exe
C:\Program Files\myCompanyName VPN Client\cvpnd.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\NavNT\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\NavNT\rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\technesis\enterprise\service\tnSvcNT.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\atiptaxx.exe
C:\Altiris\AClient\AClntUsr.EXE
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINNT\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\aexruncontrol.exe
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\AeXInvSoln.exe
C:\Program Files\Altiris\Altiris Agent\Software Delivery\{01B54EB5-3679-4C73-9E10-E169D5A5EC59}\cache\aexauditpls.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINNT\system32\svchost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {15651C7C-E812-44a2-A9AC-B467A2233E7D} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,ptbjdsg.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {371EE1EF-F177-1390-7807-08525DC0E55C} - C:\WINNT\system32\nweipeg.dll (file missing)
O2 - BHO: BHOManager Class - {474264BC-9571-47C1-85B9-780F756DC9CE} - C:\WINNT\system32\BHOManager.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [AClntUsr] C:\Altiris\AClient\AClntUsr.EXE
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_09\bin\jusched.exe
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\system32\kernels1118.exe
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINNT\system32\rundll32.exe "C:\Documents and Settings\neelaps\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [ntdll.dll] C:\Windows\xpupdate.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: myCompanyName VPN Client.lnk = C:\Program Files\myCompanyName VPN Client\vpngui.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165665269086
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = myCompanyName.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{102240BD-2E4C-40AF-8F9C-6F40B2A8A34D}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{34B23320-7ECC-4B92-BC29-E83DF4DCE302}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{53D5B2E0-24B5-4F65-8102-CC7A91348871}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\..\{C64E0CB7-AC74-4554-9606-35EB651BC984}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = myCompanyName.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = myCompanyName.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{102240BD-2E4C-40AF-8F9C-6F40B2A8A34D}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = myCompanyName.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = myCompanyName.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O17 - HKLM\System\CS2\Services\Tcpip\..\{102240BD-2E4C-40AF-8F9C-6F40B2A8A34D}: NameServer = 85.255.115.110,85.255.112.151
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = myCompanyName.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.110 85.255.112.151
O18 - Protocol: HTLFP - {03B7A5D4-96B0-4316-95F8-072D326A58F1} - (no file)
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: vfsp - {E4CB5121-E242-11D4-8ED6-00010219EB22} - (no file)
O20 - AppInit_DLLs: c:\winnt\system32\ldcore.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O20 - Winlogon Notify: rpcc - C:\WINNT\system32\rpcc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O21 - SSODL: Internet Explorer - {F28A40D7-AD0E-034A-C651-5F0ED76232E6} - C:\WINNT\system32\Hkjbmmmd.dll (file missing)
O21 - SSODL: wvLxmaatL - {50C836A0-FA62-9C0A-766A-0F4071FA1E22} - C:\WINNT\system32\cdab.dll (file missing)
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINNT\system32\ccsrvc.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINNT\system32\svchosts.exe" -e te-110-12-0000273 (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\myCompanyName VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\NavNT\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FLEXlm Service 1 - Globetrotter Software Inc - C:\Program Files\ESRI\License\Lmgrd.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\NavNT\rtvscan.exe
O23 - Service: SBHookSvc - Motive Communications, Inc. - C:\PROGRA~1\Verizon\SMARTB~1\SBHookSvc.exe
O23 - Service: Technesis Services - Technesis - C:\WINNT\technesis\enterprise\service\tnSvcNT.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\atuvkvm.exe (file missing)
O23 - Service: SMS Remote Control Agent (Wuser32) - Unknown owner - C:\WINNT\MS\SMS\CLICOMP\RemCtrl\Wuser32.exe (file missing)
Anti-virus software programs that i have on my system
- AVG Anti-spyware 7.x version
- HijackThis
- Spybot
- CCleaner
- CwShredder
- Ad-Adware SE Personal
- Hoster
- KillBox (i haven't used this yet)
- Norton Anti-virus
AVG Anti-spyware program never runs completely without hanging up inbetween especially when i run a 'Complete system scan'.
I followed the scanning steps that were outlined at :http://www.techsupportforum.com/sec...lease-read-before-posting-hijackthis-log.html
Thanks in advance