Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

POP Up Warning Sign Exclaimation in taskbar

Started by justawildchild , Mar 17 2005 10:42 PM

  • Please log in to reply

#1
justawildchild
Posted 17 March 2005 - 10:42 PM

justawildchild

    New Member

  • Member
  • Pip
  • 9 posts
I have Run Hijackthis and here is my log......who can help me?


Logfile of HijackThis v1.99.1
Scan saved at 11:33:35 PM, on 17/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog\upsd.exe
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Netscape\Netscape7.1\Netscp.exe
C:\Documents and Settings\Mark\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.cornerstoneinspection.com"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096947433671
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - C:\Program Files\Belkin Bulldog\upsd.exe
  • 0

Advertisements

#2
Wizard
Posted 18 March 2005 - 07:41 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Please follow the Guidlines laid out in this Post:
Prior to Posting
Make sure to follow the part about where to place HijackThis!!!!

Post back once all is complete and we will get ya cleaned up!!

Edited by Cretemonster, 18 March 2005 - 07:42 PM.

  • 0

#3
justawildchild
Posted 19 March 2005 - 04:42 PM

justawildchild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK I hope I did this right.....If not please tell me what I did wrong as this is all new to me.

Thanks


Logfile of HijackThis v1.99.1
Scan saved at 5:40:16 PM, on 19/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog\upsd.exe
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape7.1\Netscp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Documents and Settings\Basement\My Documents\My Downloads\Utilities\Hi Jack This\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.cornerstoneinspection.com"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape7.1\Netscp.exe" -turbo
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096947433671
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - C:\Program Files\Belkin Bulldog\upsd.exe
  • 0

#4
Wizard
Posted 19 March 2005 - 10:36 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Thats it,ya done great!!! :tazz:

Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!

O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe

O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe

O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
Safe Mode

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
Hidden Files
Be sure to follow Instructions for XP!

Please locate and Delete the Files in Bold Print:

C:\WINDOWS\System32\srvc32.exe

C:\WINDOWS\System32\spoolsrv32.exe

Once Completed,Restart in Normal Mode,follow the link below and run this Online Scan:
Online Scan

Save any results from that Scan and place them in the next post!

Once all is completed,scan the PC with HijackThis again and post those results!
  • 0

#5
justawildchild
Posted 19 March 2005 - 11:51 PM

justawildchild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is my active scan report (Below is my HIJACKTHIS Report)




Incident Status Location

Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\System32\srpcsrv32.dll
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-26843fea.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-26843fea.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-34e2b6fd-26843fea.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-3ae82c1c-7bb7349d.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-3ae82c1c-7bb7349d.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-3ae82c1c-7bb7349d.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-5157872c-61c1647b.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-5157872c-61c1647b.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-5157872c-61c1647b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-5157872c-61c1647b.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-631da5c6.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-631da5c6.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\ar3.jar-6ce3b82f-631da5c6.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-487b52a0-7bd53fa2.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-487b52a0-7bd53fa2.zip[VBUG.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-487b52a0-7bd53fa2.zip[Dummy.class]
Virus:Trj/StartPage.JU Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-487b52a0-7bd53fa2.zip[Beyond.class]
Virus:Trj/Downloader.NF Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-487b52a0-7bd53fa2.zip[rundll32.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-730774d5-39b1b6c0.zip[Mein.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-730774d5-39b1b6c0.zip[ProbeLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-730774d5-39b1b6c0.zip[Dummy.class]
Virus:Trojan Horse Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\archive.jar-730774d5-39b1b6c0.zip[Beyond.class]
Virus:Trj/Shinwow.A Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\counter.jar-5b38b92d-513d8f71.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\counter.jar-5b38b92d-513d8f71.zip[counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\counter.jar-5b38b92d-513d8f71.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\counter.jar-5b38b92d-513d8f71.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\counter.jar-7271642a-399a8314.zip[counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\counter.jar-7271642a-399a8314.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\counter.jar-7271642a-399a8314.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv15.jar-cdc1c63-7edd4756.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv15.jar-cdc1c63-7edd4756.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv15.jar-cdc1c63-7edd4756.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv15.jar-cdc1c63-7edd4756.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv74.jar-170b189c-3c143427.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv74.jar-170b189c-3c143427.zip[Dummy.class]
Virus:Trj/Shinwow.C Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv74.jar-170b189c-3c143427.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\loaderadv74.jar-170b189c-3c143427.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\WebCounter.jar-44dddd53-619d3b73.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\WebCounter.jar-44dddd53-619d3b73.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\WebCounter.jar-44dddd53-619d3b73.zip[WebCounter.class]
Virus:Trj/Shinwow.A Disinfected C:\Documents and Settings\Basement\.jpi_cache\jar\1.0\WebCounter.jar-44dddd53-619d3b73.zip[a.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\file\1.0\BlackBox.class-13478d8d-235b7250.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\file\1.0\Dummy.class-222c8acf-34ecdbc7.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\file\1.0\Dummy.class-3aeef6d7-1c869fed.class
Adware:Adware/CWS No disinfected C:\Documents and Settings\Mark\.jpi_cache\file\1.0\SecurityClassLoader.class-6fd9f626-3b319ed1.class
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-1f0ddbdc-6bf0e277.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-1f0ddbdc-6bf0e277.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-1f0ddbdc-6bf0e277.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-5202571b-64ce5ce1.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-5202571b-64ce5ce1.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-5202571b-64ce5ce1.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-5ea3e6c5-3ed6b6e6.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-5ea3e6c5-3ed6b6e6.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-5ea3e6c5-3ed6b6e6.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-71002e85-43a552b8.zip[Gummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-71002e85-43a552b8.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\ar3.jar-71002e85-43a552b8.zip[VerifierBug.class]
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\archive.jar-218f8094-1db6444c.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\archive.jar-487b52a0-19f70772.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\archive.jar-487b52a0-19f70772.zip[VBUG.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\archive.jar-487b52a0-19f70772.zip[Dummy.class]
Virus:Trj/StartPage.JU Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\archive.jar-487b52a0-19f70772.zip[Beyond.class]
Virus:Trj/Downloader.NF Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\archive.jar-487b52a0-19f70772.zip[rundll32.exe]
Virus:Trj/Java.Binny.A Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\archive.jar-6ff7fc8-6dc76071.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-1b1fa7a9-2438ea5d.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-1b1fa7a9-2438ea5d.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-1b1fa7a9-2438ea5d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-1b1fa7a9-2438ea5d.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2120314b-2c424323.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2120314b-2c424323.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2120314b-2c424323.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2120314b-2c424323.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2dd0698-117da794.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2dd0698-117da794.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2dd0698-117da794.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-2dd0698-117da794.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-3985cec3-6c7ea85a.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-3985cec3-6c7ea85a.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-3985cec3-6c7ea85a.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-3985cec3-6c7ea85a.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-506bdfc9-3eb59584.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-506bdfc9-3eb59584.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-506bdfc9-3eb59584.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-506bdfc9-3eb59584.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-546aaf36-5ddc9ddf.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-546aaf36-5ddc9ddf.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-546aaf36-5ddc9ddf.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-546aaf36-5ddc9ddf.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-5cb70e9-648ddf61.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-5cb70e9-648ddf61.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-5cb70e9-648ddf61.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-5cb70e9-648ddf61.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-a3129a8-2c38da48.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-a3129a8-2c38da48.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-a3129a8-2c38da48.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-a3129a8-2c38da48.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-d350ec1-3df82936.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-d350ec1-3df82936.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-d350ec1-3df82936.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\classload.jar-d350ec1-3df82936.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\demo.jar-65faee52-3648529b.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\demo.jar-65faee52-3648529b.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\demo.jar-65faee52-3648529b.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\demo.jar-65faee52-3648529b.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\freemovies.jar-677d2343-171d3691.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\freemovies.jar-677d2343-171d3691.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\freemovies.jar-677d2343-171d3691.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv499.jar-15d1bc03-788aa879.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv499.jar-15d1bc03-788aa879.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv499.jar-15d1bc03-788aa879.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv499.jar-15d1bc03-788aa879.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv74.jar-170b188f-643057f5.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv74.jar-170b188f-643057f5.zip[Dummy.class]
Virus:Trj/Shinwow.E Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv74.jar-170b188f-643057f5.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\loaderadv74.jar-170b188f-643057f5.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\WebCounter.jar-48b04eb-6f177c89.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\WebCounter.jar-48b04eb-6f177c89.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\WebCounter.jar-48b04eb-6f177c89.zip[WebCounter.class]
Virus:Trj/Shinwow.A Disinfected C:\Documents and Settings\Mark\.jpi_cache\jar\1.0\WebCounter.jar-48b04eb-6f177c89.zip[a.class]
Virus:Trj/Dropper.CR Disinfected C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\U1KBA1MV\file[2].out
Adware:Adware/Searchmeup No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\5490D6E1-1FA2-4CAC-9395-9ADABE\8BF0E72A-9A61-419F-AB57-F8BB55
Adware:Adware/Searchmeup No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\EC85BD79-7EC1-4558-A3DE-84CA2F\2B8043D0-F69C-4D28-9B7E-1A0B1B
Spyware:Spyware/New.net No disinfected C:\Program Files\NewDotNet\newdotnet6_30.dll
Adware:Adware/Searchmeup No disinfected C:\RECYCLER\S-1-5-21-842925246-573735546-725345543-1003\Dc104.exe
Adware:Adware/Searchmeup No disinfected C:\RECYCLER\S-1-5-21-842925246-573735546-725345543-1003\Dc105.exe
Adware:Adware/Searchmeup No disinfected C:\WINDOWS\system32\srdrv32.dll
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\system32\srpcsrv32.dll
Adware:Adware/Searchmeup No disinfected C:\WINDOWS\system32\srvc32.dll
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\system32\txfdb32.dll
Virus:Trj/Dropper.CR Disinfected C:\WINDOWS\system32\x.exe
Virus:W32/Disemboweler Disinfected Local Folders\Cornerstone Emails\articles\à=!"# $ %\OEMRNCE.EXE
Virus:W32/Sobig.B Disinfected Local Folders\Cornerstone Emails\Re: Approved (Ref: 3394-65467)\approved.pif
Virus:W32/Disemboweler Disinfected Personal Folders\Cornerstone Emails\articles\à=!"# $ %\OEMRNCE.EXE


HiJackThis Scan


Logfile of HijackThis v1.99.1
Scan saved at 12:49:04 AM, on 20/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog\upsd.exe
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Netscape\NETSCA~1.1\Netscp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Basement\My Documents\My Downloads\Utilities\Hi Jack This\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.cornerstoneinspection.com"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape7.1\Netscp.exe" -turbo
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096947433671
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - C:\Program Files\Belkin Bulldog\upsd.exe
  • 0

#6
Wizard
Posted 20 March 2005 - 01:24 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Now thats too cool,Panda is really stepping its scan up a knotch or two!!

Lets go get those files it wasnt able to DisInfect!!

Go to Add\Remove Programs and Remove:
NewDotNet

Download these 2 Cleaning Utilities,both good to hang on to and use on a weekely basis!

CleanUp!

CCleaner

Hang on to those,we will run them in a minute!

Now, Unregister these DLLs,to do this:

Click Start>>>Click Run>>>Copy&Paste the Text below into the Text Box and Click OK!

regsvr32 /u txfdb32.dll
If you get an error message,try it like this:
regsvr32 /u C:\WINDOWS\system32\txfdb32.dll

Do the same for these also:

regsvr32 /u srvc32.dll
or
regsvr32 /u C:\WINDOWS\system32\srvc32.dll

regsvr32 /u srpcsrv32.dll
or
regsvr32 /u C:\WINDOWS\system32\srpcsrv32.dll

regsvr32 /u srdrv32.dll
or
regsvr32 /u C:\WINDOWS\system32\srdrv32.dll


Configure Windows to Show All Hidden Files and Folders!
Here is a link to help with that:
Hidden Files

Locate and delete the Files or Folders in Bold Print:

C:\WINDOWS\system32\srdrv32.dll<<< File Only!

C:\WINDOWS\system32\srpcsrv32.dll<<< File Only!

C:\WINDOWS\system32\srvc32.dll<<< File Only!

C:\WINDOWS\system32\txfdb32.dll<<< File Only!

C:\Program Files\NewDotNet<<< Entire NewDotNet Folder!

Now Open CCleaner and Click the Run Cleaner Tab,let it do its thing!

Now Open CleanUp,make sure Standard Cleanup is selected and Click the CleanUp button!
This will prompt you to restart,do so and Post a fresh HijackThis log and let me know how the Unregistering and the Deletion process went!
  • 0

#7
justawildchild
Posted 20 March 2005 - 03:08 PM

justawildchild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
:tazz: I was only able to find the file for NewDotNet. It was not listed in the Add/Remove Programs area. Should I hit the Uninstall button within the file or will that do something to my computer again.

;) And I know I haven't said it yet but thanks for all your help up to this point. I am so happy to not have those PopUps everytime I go on my computer.
  • 0

#8
Wizard
Posted 20 March 2005 - 06:20 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,Thats good news!!

If you located:
C:\Program Files\NewDotNet<<< Delete that entire Folder!

Lets have a look at a fresh HijackThis log!
  • 0

#9
justawildchild
Posted 20 March 2005 - 10:04 PM

justawildchild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
New HiJack Scan

Wasn't able to delete C:\WINDOWS\system32\srpcsrv32.dll
but went ahead with everything else

When I ran the unregister stuff, I started getting EXCLAIMATION Error again


Here is the scan

Logfile of HijackThis v1.99.1
Scan saved at 10:58:39 PM, on 20/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Belkin Bulldog\upsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Netscape\Netscape7.1\Netscp.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Basement\My Documents\My Downloads\Utilities\Hi Jack This\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "www.cornerstoneinspection.com"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Mark\Application Data\Mozilla\Profiles\default\6qrgiwov.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-7173706D1316} - C:\WINDOWS\System32\spm1316.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTAvTray] C:\Program Files\Creative\SBLive2k\Program\CTAvTray.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB002" /M "Stylus C84"
O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive2k\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [CTAVTray] C:\Program Files\Creative\SBLive2k\Program\CTAvStub.EXE EAX.AVI
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape7.1\Netscp.exe" -turbo
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1096947433671
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPS - UPSlim Service (UPSlim) - Delta - C:\Program Files\Belkin Bulldog\upsd.exe


I hopes its all clean but something tells me it's not
  • 0

#10
justawildchild
Posted 21 March 2005 - 01:09 PM

justawildchild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
just waiting for reply and moving this message to the first page.
  • 0

#11
Wizard
Posted 22 March 2005 - 03:40 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Site was down this morning when I tried to reply!!

That log is clean!!!!

How is the PC acting???

Post back and if all is well,we can wrap this Up!!
  • 0

#12
justawildchild
Posted 22 March 2005 - 08:13 PM

justawildchild

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Haven't had any problems. All seems to be OK. Would this process have gotten rid of the Trogan too. The warning doesn't seem to show up like it used to so I am assuming it is gone too.

Thanks for all the help and hopefully I don't need any help in the future.
With that said......what is a good routine to make sure it doesn't happen again?
  • 0

#13
Wizard
Posted 24 March 2005 - 03:44 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
C:\WINDOWS\system32\srpcsrv32.dll<<<< Explain Further,were you able to locate the File and Unable to delete,or just Unable to locate the File?

Yes,this process deleted said Trojan,Dont let the name fool ya,All Virus Names refer to Files(exe...Dll...Sys...Bak)that execute a predetermined set of commands,usually Malicious to be labeled a Virus or Trojan!

Now we need to Clean Up System Restore,to do this,simply,disable System Restore,Restart the PC and ThenRenable System Restore,the next time you start up the Machine,a nice clean Restore Point is created,here is a link to help with System Restore:
System Restore

Post back with the Info on that file and we will wrap it up!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP