Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

remove spy trap.


  • Please log in to reply

#16
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Greetings,


i think the situation is hopeless. Since i started the process to remove the virus's, the computer has became slower than before. It's slower every day. The last time i started the computer it took at least 20 minuts to be able to connect on the internet. I have uninstalled my avast anti-virus who was expired anyways to change it for avg and it's getting slower since then. The last scan i made with Ewido showed there was more than 3000 infected objects. What do you recommend? I think i have no choice but to reformat the Hard drive. Oh and the last scan i made with Ewido stopped before i could remove the infected objects.


Thanks.
  • 0

Advertisements


#17
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hello again,

Can you tell me what files Ewido found? And where those 3000 objects/files came from? That's a huge list.

Can you also post a new Hijackthis log?
  • 0

#18
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,


no i can`t tell you where these files are. The scan stopped before the end end i couldn`t remove them. I passed 5 hours on a scan and i couldn`t remove the infected items. I uninstalled avg and put back avast and made a scan at reboot and since then the computer have seem to take back his normal speed, (well almost). By the way, i`m sorry for my bad spelling, i had an accident, i can`t give you the details but it has to do with a lawn mower and a pair of very long pants.(joke) :whistling:.


Thanks.
  • 0

#19
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Sorry to hear that bad news..

Ok back to the problem.. Ewido should pop a window when it find something, so you should be able to see what files are detected even if it stops at the end.

Please post a new Hijackthis log and let's see if there are still some crap lurking in there.. :whistling:
  • 0

#20
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,


i`m trying to do a scan with avast but there`s so many problems windows who open that it would take me 3 days to do a scan and close the windows 1 at the time, i don`t think i have the option to do the same every time there`s a virus warning. I don`t know what to do.


Thanks.
  • 0

#21
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
I need you to run Hijackthis and get a new logfile, not Avast..
  • 0

#22
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,

ok here it is.


Logfile of HijackThis v1.99.1
Scan saved at 17:07:46, on 2006-09-21
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\winstall.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Messenger\msmsgs.exe
c:\ann.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {5D8AEFF1-F539-96AC-1222-6DED8BAA89A4} - startman.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [eippcaxA] C:\WINDOWS\eippcaxA.exe
O4 - HKLM\..\Run: [npta8cbd] RUNDLL32.EXE w0ff523e.dll,n 002a8cbb0000000a0ff523e
O4 - HKLM\..\Run: [sys011596194087-] C:\WINDOWS\sys011596194087-.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [MON76234] StartCpl.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] driver64.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [orfi] C:\PROGRA~1\FICHIE~1\orfi\orfim.exe
O4 - HKCU\..\Run: [FLKPT] ATLIEHELPER.exe
O4 - HKCU\..\Run: [AliceSD] SetupExeDll.exe
O4 - HKCU\..\Run: [abrek] trycrt.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.2...xinst_int16.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.58 85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{27690447-B631-4C69-9CCB-8A61347EDA6A}: NameServer = 85.255.116.58,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE51421-A029-4AE5-B5D1-183AAA79B826}: NameServer = 85.255.116.58,85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.58 85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.58 85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.58 85.255.112.173
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe






Thanks.
  • 0

#23
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hello again. :blink:

The infection came back. :whistling: You need to follow these intructions in order and make sure you don't miss any!

You may want to print out these instructions or save it as a text document, and use them as a reference. If you have any questions regarding the fix, please ask us before proceeding. It is also important for you to don't miss a step and perform everything in the right order.

=====================================

Please click here to make sure you can view hidden files.

Please go here: The Spy Killer Forum
  • Click on New Topic
  • Put your name, e-mail address, and a title.
  • Put a link to this topic in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate for:

    c:\ann.exe

  • Click Open.
  • Click Post.
=====================================



Download SmitfraudFix (by S!Ri)
  • Extract the content (a folder named SmitfraudFix) to your Desktop.
  • Do not do anything with it yet.
=====================================

Please open HijackThis, click Do a system scan only, and then place a checkmark beside each of these entries:

R3 - URLSearchHook: (no name) - {5D8AEFF1-F539-96AC-1222-6DED8BAA89A4} - startman.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O4 - HKLM\..\Run: [eippcaxA] C:\WINDOWS\eippcaxA.exe
O4 - HKLM\..\Run: [npta8cbd] RUNDLL32.EXE w0ff523e.dll,n 002a8cbb0000000a0ff523e
O4 - HKLM\..\Run: [sys011596194087-] C:\WINDOWS\sys011596194087-.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [MON76234] StartCpl.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] driver64.exe
O4 - HKCU\..\Run: [orfi] C:\PROGRA~1\FICHIE~1\orfi\orfim.exe
O4 - HKCU\..\Run: [FLKPT] ATLIEHELPER.exe
O4 - HKCU\..\Run: [AliceSD] SetupExeDll.exe
O4 - HKCU\..\Run: [abrek] trycrt.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O16 - DPF: {00000000-0000-0000-0000-000320050660} - http://207.234.185.2...xinst_int16.exe
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/d...r/int_ver34.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.58 85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{27690447-B631-4C69-9CCB-8A61347EDA6A}: NameServer = 85.255.116.58,85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCE51421-A029-4AE5-B5D1-183AAA79B826}: NameServer = 85.255.116.58,85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.58 85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.58 85.255.112.173
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.58 85.255.112.173

After placing all the checkmarks, close all windows (except HJT), and then hit Fix Checked. When it finishes, exit HJT.

=====================================

Download Killbox
  • Save it to your Desktop.
  • In the event you already have Killbox, this is a new version that I need you to download.
=====================================

Please download & Install - FixWareout.exe

When you reach the final page of the installation process, make sure Run fixit is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

NOTE : Do not be alarmed if your computer takes longer than usual to load -- this is normal

FixWareOut will produce a logfile, located here - C:\fixwareout\report.txt. Post it on your next reply.

=====================================



Show Hidden Files and Folders

Click Start » My Computer » Tools » Folder Options. Select the View tab.
  • Check - Show hidden files and folders
  • Uncheck - Hide file extensions for known types
  • Uncheck - Hide protected operating system files
Click Yes to confirm, then OK to exit.

=====================================

Reboot into Safe Mode
  • Restart your computer.
  • Before the Windows logo appear, tap F8 repeatedly.
  • A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
  • This will take a while than usual, so just wait.
=====================================

Open the SmitfraudFix folder.
  • Double-click smitfraudfix.cmd.
  • Select option #2 - Clean by typing 2 and press Enter to delete infected files.
  • You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
  • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
  • A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
  • The report can also be found here - C:\rapport.txt
  • NOTE : running option #2 on a non infected computer will remove your Desktop background.
=====================================

Run KillBox
  • Double-click Killbox.exe to run it.
  • Select Delete on Reboot.
  • Click on the All Files button.
  • Copy the words below (inside the box) by left clicking and covering all the text then right click inside the highlighted area and choose Copy:

    c:\ann.exe
    C:\winstall.exe
    C:\WINDOWS\eippcaxA.exe
    C:\WINDOWS\system32\npta8cbd.sys
    C:\WINDOWS\sys011596194087-.exe
    C:\WINDOWS\System32\ntsystem.exe
    C:\WINDOWS\system32\StartCpl.exe
    C:\WINDOWS\system32\driver64.exe
    C:\WINDOWS\system32\trycrt.exe
    C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
    C:\Program Files\Fichier\orfi
    
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes when prompted to restart your computer. Click OK at any PendingFileRenameOperations prompt.
NOTES :
  • If your computer does not restart automatically, please restart it manually.
  • If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
=====================================

Your computer should be back in Normal mode by now.


Post these logs:

1. New Hijackthis log
2. C:\fixwareout\report.txt
3. C:\rapport.txt

-- Jet :help:
  • 0

#24
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Hello. :whistling:

It has been a while now since my last post and I still haven't receive any feedback..

How's it going?
  • 0

#25
Rechkalov7

Rechkalov7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 97 posts
Hi,


well since the last time i realised i didn't removed the files you told me to remove. I checked them off and since then the pest trap came back 1 time , then i made another scan and the problem seem to be solved. No more Pest trap. I can make an other log file if you want here it is.


Logfile of HijackThis v1.99.1
Scan saved at 15:51:48, on 2006-08-30
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [eippcaxA] C:\WINDOWS\eippcaxA.exe
O4 - HKLM\..\Run: [npta8cbd] RUNDLL32.EXE w0ff523e.dll,n 002a8cbb0000000a0ff523e
O4 - HKLM\..\Run: [sys011596194087-] C:\WINDOWS\sys011596194087-.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [MON76234] StartCpl.exe
O4 - HKLM\..\Run: [NSYSCPLSTR] driver64.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [orfi] C:\PROGRA~1\FICHIE~1\orfi\orfim.exe
O4 - HKCU\..\Run: [FLKPT] ATLIEHELPER.exe
O4 - HKCU\..\Run: [AliceSD] SetupExeDll.exe
O4 - HKCU\..\Run: [abrek] trycrt.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ub...s/GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplane...DC_2.2.1.87.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.58 85.255.112.173
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FE06090-9533-48AA-B14A-BA07DD93439D}: NameServer = 85.255.116.58 85.255.112.173
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe




Thanks.
  • 0

Advertisements


#26
Jag11

Jag11

    Visiting Staff

  • Member
  • PipPipPipPipPip
  • 2,210 posts
Have you followed my last set of instructions yet? Because there's no difference in your Hijackthis log..

Please follow it again and post the required logs.

Thank you.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP