Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unfortunatly, I'm Back - PopUp Attack Again. [RESOLVED]

Started by withakay , Feb 19 2006 12:55 AM

  • This topic is locked This topic is locked

#1
withakay
Posted 19 February 2006 - 12:55 AM

withakay

    Member

  • Member
  • PipPip
  • 39 posts
I was here about a month or two ago, extremely nice gentleman by the name of CrustyOldBloke helped me. Here's my old post.

As of 2 days ago, the popups are back, but I think they may be different this time. Here's my latest HJT log. :tazz: pleaseee!

Logfile of HijackThis v1.99.1
Scan saved at 1:53:20 AM, on 2/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Adobe\Adobe Photoshop CS\Photoshop.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\hijack this\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\teeni\Application Data\Mozilla\Profiles\default\ojg67lxc.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DHaxi.exe] C:\WINDOWS\System32\DHaxi.exe
O4 - HKCU\..\Run: [newfrn.exe] C:\Documents and Settings\teeni\Application Data\System Restore\newfrn.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish....ImageEditor.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O16 - DPF: {C8A88E8D-9D33-4F01-80EC-E558545C0A9E} (Detector Class) - http://www.optimumon...s/xdetector.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Edited by withakay, 19 February 2006 - 12:57 AM.

  • 0

Advertisements

#2
didom
Posted 19 February 2006 - 06:49 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Have you installed MSN Messenger Plus recently?

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Please click: Start--> Control Panel--> Add or Remove Programs--> Uninstall (if found) any instances of:
WeatherBug

Then reboot your computer.

Scan again with HijackThis and check the following items:
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [DHaxi.exe] C:\WINDOWS\System32\DHaxi.exe
O4 - HKCU\..\Run: [newfrn.exe] C:\Documents and Settings\teeni\Application Data\System Restore\newfrn.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\Program Files\AWS <= this folder
C:\Documents and Settings\teeni\Application Data\System Restore <= this folder


Reboot your computer normally.

Step #5

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  • 0

#3
withakay
Posted 19 February 2006 - 11:35 AM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I don't use MSN messenger, so no I havent downloaded anything for that.

I've been doing all your recommended steps, and was finally halfway thru the Panda Scan, and the popups caused my windows to close on me. Grrr! eTrust ezAntivirus keeps detecting viruses and "deleting" them: Win32/Worfo. JS/CVE-2005-1790!exploit . and Win32/Actux.A
are what that program detected when it caused my browsers to close.

I will start panda scan again.

Thanks in advance for your help.

*PS! This forum is showing up with majorly big ads on the top and bottom of the board. I dont think they've always been there, have they?

Edited by withakay, 19 February 2006 - 11:37 AM.

  • 0

#4
withakay
Posted 19 February 2006 - 11:44 AM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
:tazz: I dont think it's going to let me use pandascan. Third time in a row pop ups pop up, and then close down IE.

Helllllp!!!

Here's my latest HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:42:48 PM, on 2/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\hijack this\HijackThis.exe

N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\teeni\Application Data\Mozilla\Profiles\default\ojg67lxc.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DHaxi.exe] C:\WINDOWS\System32\DHaxi.exe
O4 - HKCU\..\Run: [newfrn.exe] C:\Documents and Settings\teeni\Application Data\System Restore\newfrn.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish....ImageEditor.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O16 - DPF: {C8A88E8D-9D33-4F01-80EC-E558545C0A9E} (Detector Class) - http://www.optimumon...s/xdetector.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
  • 0

#5
didom
Posted 19 February 2006 - 01:07 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Scan again with HijackThis and check the following items:
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll

O4 - HKCU\..\Run: [DHaxi.exe] C:\WINDOWS\System32\DHaxi.exe
O4 - HKCU\..\Run: [newfrn.exe] C:\Documents and Settings\teeni\Application Data\System Restore\newfrn.exe
After checking these items, close all browser windows except HijackThis and click "Fix checked".

You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot into normal mode.

Then, please run this online virus scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log and the Ewido log in your next reply.

Edited by didom, 19 February 2006 - 01:08 PM.

  • 0

#6
withakay
Posted 19 February 2006 - 01:13 PM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Phew. Ok. Finally got Panda to finish a scan:


Incident Status Location

Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\DH.dll
Adware:adware/clickalchemy Not disinfected C:\WINDOWS\alchem.ini
Adware:adware/deskwizz Not disinfected C:\WINDOWS\DH.dll
Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/cws Not disinfected C:\Documents and Settings\teeni\Favorites\shop
Spyware:spyware/betterinet Not disinfected Windows Registry
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@247realmedia[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@adrevolver[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@burstnet[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@casalemedia[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@entrepreneur[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@maxserving[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@paypopup[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@revenue[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@statcounter[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@target[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@tribalfusion[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@zedo[2].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@247realmedia[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@adrevolver[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@burstnet[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@casalemedia[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@entrepreneur[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@maxserving[2].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@paypopup[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@revenue[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@statcounter[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@target[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@tradedoubler[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@tribalfusion[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\teeni\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\teeni\Desktop\l2mfix.exe[Process.exe]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@adrevolver[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@belnk[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@realmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@rn11[2].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Temporary Internet Files\Content.IE5\6MGI7FWN\channels_02[1].gif
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\DH.dll
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\DH.dll_
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\SYSTEM32\GS2.exe
Adware:Adware/P2PNetworking Not disinfected C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl
  • 0

#7
didom
Posted 19 February 2006 - 01:15 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please follow the instructions as I posted them above your last post!
  • 0

#8
withakay
Posted 19 February 2006 - 01:19 PM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Sorry about that didom, didnt see your latest post. I will do the suggested now.
  • 0

#9
withakay
Posted 19 February 2006 - 01:34 PM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Uh oh.

I updated ewido, and went to reboot in safe mode, but my computer is not allowing me to get on SAFE MODE or regular mode. It's just a black screen with a _ flashing in the top left corner. I've rebooted several times, and the same thing happens. (I'm on my LAPTOP right now, the problem resides on my DESKTOP).

Now I'm scared. :-/

Edited by withakay, 19 February 2006 - 01:35 PM.

  • 0

#10
didom
Posted 19 February 2006 - 01:43 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please be patient! Maybe you aren't waiting long enough...

Try it again and wait at least 5 minutes.... when you still have the same problem post back here!

Do you have your Windows XP CD?
  • 0

Advertisements

#11
withakay
Posted 19 February 2006 - 04:19 PM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Sorry, I might just be one of the most impatient girls ever. You were right, just had to give it a minute or two.

So here's the ewido log:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:39:41 PM, 2/19/2006
+ Report-Checksum: 7055F469

+ Scan result:

C:\Documents and Settings\teeni\Cookies\teeni@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\[email protected][1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\teeni\Cookies\teeni@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\hijack this\backups\backup-20060219-142004-679.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0029661.dll -> Hijacker.Small.jf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP107\A0029674.dll -> Hijacker.Small.jf : Cleaned with backup
C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup


::Report End

and the latest hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 5:17:16 PM, on 2/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijack this\HijackThis.exe

N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\teeni\Application Data\Mozilla\Profiles\default\ojg67lxc.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish....ImageEditor.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O16 - DPF: {C8A88E8D-9D33-4F01-80EC-E558545C0A9E} (Detector Class) - http://www.optimumon...s/xdetector.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

(The ads that were showing on this forum above and below the board are now gone, which is a good thing! Haven't been on long enough to see if the popups are completely gone..)

Thanks again. How's it look?
  • 0

#12
didom
Posted 19 February 2006 - 04:42 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Almost done ... :tazz:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
O4 - Startup: PowerReg Scheduler V3.exe
After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
C:\WINDOWS\DH.dll_ <= this file
C:\WINDOWS\alchem.ini <= this file
C:\WINDOWS\SYSTEM32\GS2.exe <= this file
C:\WINDOWS\SYSTEM32\P2P Networking v124.cpl <= this file

C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs <= this folder
C:\Documents and Settings\teeni\Favorites\shop <= this folder

Step #5

Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

Reboot your computer normally.

Step #6

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.
  • 0

#13
withakay
Posted 20 February 2006 - 12:14 AM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Update before I go to bed:

Couldnt run Disk Cleanup in Safe Mode - the "run" option wasnt there?

Rebooted - and I know I said I'm impatient, but that black screen with the flashing _ was literaly up there for 12 minutes, before the windows welcome screen came on.

Tried to run Disk Cleanup in regular mode: Not sure if it froze, but after an hour, there were still only 2 green status bars shown.

Rebooted yet again, had the same 12 minute wait (I know, cuz this time I timed it), started the panda scan, left it running while I left the house for 3 hours, the status bar was still only under the "U" in "YoU will receive a full report ..."

SO IN A NUTSHELL, my computer seems to be on a major, major delay with everything. Rebooted one more time before bed, and am now restarting the panda scan - but now Disk Cleanup isnt loading at all.

Hopefully will have a report from panda in the 'morn! Thanks for bearing with me!!!

Edited by withakay, 20 February 2006 - 12:15 AM.

  • 0

#14
didom
Posted 20 February 2006 - 05:48 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
We'll fix it!

You can also acces Disk Cleanup (cleanmgr) in this method:

Click Start | Programs | Accessories | System Tools | Disk Cleanup.

I'll wait for your Panda ActiveScan log!
  • 0

#15
withakay
Posted 20 February 2006 - 10:47 AM

withakay

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I love your enthusiasm, it gives me hope. :tazz: LOL.

Pandascan:


Incident Status Location

Spyware:spyware/betterinet Not disinfected Windows Registry
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@adrevolver[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@apmebf[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@casalemedia[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@entrepreneur[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@realmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@target[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@tribalfusion[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@adrevolver[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@apmebf[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@casalemedia[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@entrepreneur[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\teeni\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@realmedia[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@target[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\teeni\Cookies\teeni@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\teeni\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\teeni\Desktop\l2mfix.exe[Process.exe]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@adrevolver[1].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@ask[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@banner[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@belnk[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@maxserving[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@realmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Cookies\teeni@rn11[2].txt
Adware:Adware/FlashTrack Not disinfected C:\Documents and Settings\teeni\Local Settings\Temp\Temporary Internet Files\Content.IE5\6MGI7FWN\channels_02[1].gif
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-2446866317-2777513087-1858169834-1006\Dc6.exe
Adware:Adware/P2PNetworking Not disinfected C:\RECYCLER\S-1-5-21-2446866317-2777513087-1858169834-1006\Dc7.cpl



----------------------------------------------------------
Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 11:47:43 AM, on 2/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cleanmgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hijack this\HijackThis.exe

N4 - Mozilla: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\teeni\Application Data\Mozilla\Profiles\default\ojg67lxc.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: C2CMonitor.lnk = C:\Program Files\ClickToConvert\C2CMonitor.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Lottso by pogo - http://game1.pogo.co...ottso-en_US.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.subs...ve/makeover.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O16 - DPF: {43B70AAD-23F4-4FD8-ADD9-441D8592EEB8} (Snapfish Fix Photo Control) - http://www.snapfish....ImageEditor.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.co...72/mcinsctl.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish....ishUploader.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.co...,16/mcgdmgr.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - https://secure.stamp...file=stamps.cab
O16 - DPF: {C8A88E8D-9D33-4F01-80EC-E558545C0A9E} (Detector Class) - http://www.optimumon...s/xdetector.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe

Edited by withakay, 20 February 2006 - 10:49 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP