I've followed the posting prerequisites as closely as possible and have come up with the following end results:
Logfile of HijackThis v1.99.1
Scan saved at 7:04:15 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\utils\protection\ewido anti-spyware 4.0\ewido.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
C:\utils\PROTEC~1\Avast4\ashDisp.exe
C:\utils\memory\FASTDE~1\FAST2.EXE
C:\utils\protection\Avast4\aswUpdSv.exe
C:\utils\protection\Avast4\ashServ.exe
C:\utils\protection\ewido anti-spyware 4.0\guard.exe
C:\utils\protection\Kerio\Personal Firewall 4\kpf4ss.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\oodag.exe
D:\WINDOWS\system32\svchost.exe
C:\utils\protection\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\MozillaFirefox\firefox.exe
C:\utils\protection\Avast4\ashMaiSv.exe
C:\utils\protection\Avast4\ashWebSv.exe
D:\WINDOWS\System32\alg.exe
C:\utils\protection\Kerio\Personal Firewall 4\kpf4gui.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\Wildfire in Paradise\Bureau\HijackThis_v1_99_1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\utils\PROTEC~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\vid&aud\players&codecs\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [!ewido] "C:\utils\protection\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\utils\PROTEC~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [THGuard] "C:\utils\protection\TrojanHunter 4.6\THGuard.exe"
O4 - HKCU\..\Run: [FAST Defrag] C:\utils\memory\FASTDE~1\FAST2.EXE -tray
O4 - HKCU\..\Run: [PeerGuardian] C:\utils\protection\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "D:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\utils\chat\Skype\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Vidalia] "C:\utils\protection\Tor\Vidalia\vidalia.exe"
O4 - Startup: Firewall Engine.lnk = D:\WINDOWS\system32\net.exe
O4 - Global Startup: Privoxy.lnk = C:\utils\protection\Tor\Privoxy\privoxy.exe
O8 - Extra context menu item: Download with GetRight - C:\utils\updlprogs\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\utils\updlprogs\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136036100900
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\utils\protection\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\utils\protection\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\utils\protection\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\utils\protection\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\utils\protection\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\utils\protection\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
-----------------------
And the results from a "tasklist /svc" operation that caused the concern in the first place (especially considering the fact that I at one time ran DCOMbobulator, unPNP, etc.):
Nom de l'image PID˙ Services
========================= ====== =============================================
System Idle Process 0 N/D
System 4 N/D
smss.exe 508 N/D
csrss.exe 760 N/D
winlogon.exe 788 N/D
services.exe 832 Eventlog, PlugPlay
lsass.exe 844 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 1000 DcomLaunch, TermService
svchost.exe 1060 RpcSs
svchost.exe 1288 AudioSrv, Browser, CryptSvc, Dhcp, dmserver, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasAuto, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC
svchost.exe 1344 Dnscache
svchost.exe 1584 LmHosts, RemoteRegistry, SSDPSRV, upnphost, WebClient
spoolsv.exe 1708 Spooler
explorer.exe 2016 N/D
LVCOMSX.EXE 344 N/D
LogiTray.exe 376 N/D
jusched.exe 392 N/D
ewido.exe 436 N/D
FxSvr2.exe 444 N/D
ashDisp.exe 544 N/D
THGuard.exe 552 N/D
FAST2.EXE 560 N/D
aswUpdSv.exe 748 aswUpdSv
ashServ.exe 916 avast! Antivirus
guard.exe 1260 ewido anti-spyware 4.0 guard
kpf4ss.exe 1316 KPF4
nvsvc32.exe 1716 NVSvc
oodag.exe 1768 O&O Defrag
svchost.exe 1952 stisvc
kpf4gui.exe 2084 N/D
firefox.exe 2340 N/D
ashMaiSv.exe 2372 avast! Mail Scanner
ashWebSv.exe 2540 avast! Web Scanner
alg.exe 2860 ALG
kpf4gui.exe 3092 N/D
svchost.exe 3924 HTTPFilter
notepad.exe 2816 N/D
notepad.exe 1808 N/D
ntvdm.exe 3192 N/D
cmd.exe 3272 N/D
tasklist.exe 1568 N/D
wmiprvse.exe 2136 N/D
All the above processes have remained, despite all the malware removal preliminaries I've gone through in the last two days.
If you need any more information, just let me know.
Thanks,
GoGeeko
Sign In
Create Account
