[jasonbmc]

I can't get rid of this trojan dropper. AVG detects it when opening any explorer window, or any ie explorer window. A have done spybot, Trojan hunter, adaware, etc. It is really annoying and scary that it would be so difficult to remove. Thanks in advance for any help you can provide.

This is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 10:48:46 AM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Ahead\InCD\InCDsrv.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
I:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
I:\PROGRA~1\Grisoft\AVG7\avgcc.exe
I:\Program Files\Logitech\iTouch\iTouch.exe
I:\Program Files\USB Storage Device\shwicon.exe
I:\Program Files\Ahead\InCD\InCD.exe
I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
I:\Program Files\iTunes\iTunesHelper.exe
I:\Program Files\Messenger\msmsgs.exe
I:\Program Files\Plaxo\2.1.0.80\InstallStub.exe
I:\WINDOWS\system32\WTablet\TabUserW.exe
I:\Program Files\Palm\HOTSYNC.EXE
I:\Program Files\Logitech\MouseWare\system\em_exec.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\Program Files\Promise Technology, Inc\Promise Array Management\MsgSvr.exe
I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\Tablet.exe
I:\WINDOWS\system32\wdfmgr.exe
I:\WINDOWS\system32\ZoneLabs\vsmon.exe
I:\Program Files\iPod\bin\iPodService.exe
I:\WINDOWS\System32\alg.exe
I:\Program Files\Opera7\opera.exe
I:\Documents and Settings\Jason Mckim\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Jason
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: yyyy - {573E8D87-26A8-4FC3-8C89-2792E39F22C8} - I:\WINDOWS\system32\dsv5.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - I:\Program Files\Ipswitch\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - I:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - I:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] I:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Optimum Online] I:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [AdobeVersionCue] I:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [zBrowser Launcher] I:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] I:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_USB Storage Device v1.14e035] "I:\Program Files\USB Storage Device\shwicon.exe" -t"The Company\USB Storage Device v1.14e035"
O4 - HKLM\..\Run: [InCD] I:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Zone Labs Client] "I:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] I:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [THGuard] "I:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [NBJ] "I:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PlaxoUpdate] I:\Program Files\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Startup: HotSync Manager.lnk = I:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: TabUserW.exe.lnk = I:\WINDOWS\system32\WTablet\TabUserW.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Adobe LM Service - Unknown owner - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - I:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - I:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - I:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - I:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - I:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - I:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Promise Array Message Server (RAIDmSvr) - Unknown owner - I:\Program Files\Promise Technology, Inc.\Promise Array Management\MsgSvr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - I:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - I:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - I:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - I:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - I:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

[Advertisements]

hi sorry for the delayed response.

since your original post is over a week old could you please post a fresh hijack this for review.

if you have already gotten your machine fixed please post here and let us know.

Thanks

[Dragon]

hi sorry for the delayed response.

since your original post is over a week old could you please post a fresh hijack this for review.

if you have already gotten your machine fixed please post here and let us know.

Thanks