Hijack Log For Hostingvortal Popups - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Hijack Log For Hostingvortal Popups

#1 BeachKeys

  • Group: Member
  • Posts: 7
  • Joined: 03-October 06

Posted 03 October 2006 - 08:12 PM

I had this going on a little earlier today but after disabling an entry simply titled "start" in the startup menu it no longer is showing up. but I'm sure it is still here somewhere. Here's the log...

Any help would be appreciated, thx!


-------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:46:44 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\PROGRAMS\NOD\nod32kui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\PROGRAMS\ZoneAlarm\zlclient.exe
E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
E:\PROGRAMS\NOD\nod32krn.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
E:\DOWNLOADS\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRAMS\FlashGet\jccatch.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRAMS\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [nod32kui] "E:\PROGRAMS\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "E:\PROGRAMS\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SkinClock] E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAMS\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAMS\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\PROGRAMS\NOD\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#2 BeachKeys

  • Group: Member
  • Posts: 7
  • Joined: 03-October 06

Posted 04 October 2006 - 06:44 PM

Anyone?

#3 loophole

  • Group: Retired Staff
  • Posts: 9,798
  • Joined: 30-April 05

Posted 04 October 2006 - 07:06 PM

Hi :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

#4 BeachKeys

  • Group: Member
  • Posts: 7
  • Joined: 03-October 06

Posted 04 October 2006 - 07:22 PM

View Postloophole, on Oct 4 2006, 08:06 PM, said:

Hi :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Thx for the reply, here is the log...

--------------------------------------------------------------------------------

ocean - 06-10-04 20:19:57.25 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\ocean\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-01 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-30 08:15 99,776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2006-09-30 08:15 388,000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2006-09-30 08:15 32,288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2006-09-28 15:42 61,424 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-28 15:42 23,420 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-09-28 15:29 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2006-09-28 15:29 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2006-09-28 15:29 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2006-09-27 19:58 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2006-09-27 19:58 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-09-27 19:38 57,344 --a------ C:\WINDOWS\uneng.exe
2006-09-27 19:29 130,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-09-27 15:24 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-27 15:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-27 15:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-27 15:24 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-09-27 15:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-27 15:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-27 15:24 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-09-27 15:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-27 15:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-27 15:19 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-27 15:19 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2006-09-27 15:19 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-27 15:19 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-27 15:16 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-27 06:50 116,736 --a------ C:\WINDOWS\system32\CNMLM61(2).DLL
2006-09-27 06:44 57,344 --a------ C:\WINDOWS\system32\CNQU110.DLL
2006-09-27 06:44 352,256 --a------ C:\WINDOWS\system32\CNQL1213.DLL
2006-09-27 06:37 2,320,640 --a------ C:\WINDOWS\system32\TUKernel.exe
2006-09-26 23:50 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-09-26 23:50 274,432 --a------ C:\WINDOWS\system32\imon.dll
2006-09-26 15:34 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2006-09-26 15:34 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll
2006-09-26 15:34 33,408 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2006-09-26 15:34 32,256 -ra------ C:\WINDOWS\system32\nvconrm.dll
2006-09-26 15:34 261,504 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2006-09-26 15:34 208,256 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2006-09-26 15:34 201,728 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2006-09-26 15:34 201,728 -ra------ C:\WINDOWS\system32\fdco1.dll
2006-09-26 15:34 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-09-26 15:34 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2006-09-26 15:27 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-09-26 15:26 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-09-26 15:17 9,304,064 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2006-09-26 15:17 77,824 --a------ C:\WINDOWS\SOUNDMAN.EXE
2006-09-26 15:17 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-26 15:17 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-26 15:17 40,960 --------- C:\WINDOWS\system32\ChCfg.exe
2006-09-26 15:17 294,912 --------- C:\WINDOWS\alcupd.exe
2006-09-26 15:17 200,704 --------- C:\WINDOWS\alcrmv.exe
2006-09-26 15:17 2,314,560 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-09-26 15:17 192,512 --------- C:\WINDOWS\RtlExUpd.dll
2006-09-26 15:17 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2006-09-26 15:16 55,936 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys
2006-09-26 15:16 44,928 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys
2006-09-26 15:15 35,328 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2006-09-26 15:14 7,680 --------- C:\WINDOWS\system32\drivers\ABIT-IO.SYS
2006-09-26 13:41 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-26 13:41 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-26 13:00 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-26 12:58 945,424 --a------ C:\WINDOWS\system32\msjava.dll
2006-09-26 12:58 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-09-26 12:58 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-09-26 12:58 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-09-26 12:58 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-09-26 12:58 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-09-26 12:58 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-09-26 12:58 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-09-26 12:58 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-09-26 12:58 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-09-26 12:58 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-09-26 12:58 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-09-26 12:58 154,896 --a------ C:\WINDOWS\system32\msawt.dll
2006-09-26 12:58 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-09-26 12:58 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-09-26 12:58 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-09-26 12:58 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-09-26 12:57 99,544 --a------ C:\WINDOWS\system32\GetFlash.exe
2006-09-26 12:57 253,952 --a------ C:\WINDOWS\SBCDSL.exe
2006-09-26 11:48 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-26 11:48 0 -rahs---- C:\MSDOS.SYS
2006-09-26 11:48 0 -rahs---- C:\IO.SYS
2006-09-26 11:48 0 --a------ C:\CONFIG.SYS
2006-09-26 11:48 0 --a------ C:\AUTOEXEC.BAT
2006-09-26 11:46 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-26 11:46 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-26 11:46 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-26 11:46 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-26 11:46 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-26 11:46 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-26 11:46 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-26 11:46 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-26 11:46 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-26 11:46 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-26 11:46 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-26 11:46 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-26 11:46 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-26 11:46 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-26 11:46 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-26 11:46 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-09-26 11:46 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-26 11:46 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-26 11:46 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-26 11:46 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-26 11:46 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-26 11:46 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-26 11:46 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-26 11:46 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-26 11:46 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-26 11:46 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-26 11:46 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-26 11:46 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-26 11:46 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-26 11:46 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-26 11:46 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-09-26 11:46 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-26 11:46 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-26 11:46 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-26 11:46 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-26 11:46 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-26 11:46 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-26 11:46 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-26 11:45 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-26 11:45 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-26 11:45 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-26 11:45 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-26 11:45 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-26 11:45 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-26 11:45 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-26 11:45 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-26 11:44 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-26 11:44 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-26 11:44 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-26 11:44 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-26 11:44 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-26 11:44 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-26 11:44 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-26 11:44 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-26 11:44 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-26 11:44 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-26 11:44 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-26 11:44 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-26 11:44 628,224 --a------ C:\WINDOWS\system32\catsrvut(3).dll
2006-09-26 11:44 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-26 11:44 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-26 11:44 62,464 --a------ C:\WINDOWS\system32\colbact(3).dll
2006-09-26 11:44 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-26 11:44 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-26 11:44 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-26 11:44 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-26 11:44 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-26 11:44 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-26 11:44 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-26 11:44 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-26 11:44 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-26 11:44 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-26 11:44 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-26 11:44 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-26 11:44 501,248 --a------ C:\WINDOWS\system32\clbcatq(3).dll
2006-09-26 11:44 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-26 11:44 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-26 11:44 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-26 11:44 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-26 11:44 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-26 11:44 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-26 11:44 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-26 11:44 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-26 11:44 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-26 11:44 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-26 11:44 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-26 11:44 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-26 11:44 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-26 11:44 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-26 11:44 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-26 11:44 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-26 11:44 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-26 11:44 229,888 --a------ C:\WINDOWS\system32\catsrv(3).dll
2006-09-26 11:44 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-26 11:44 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-26 11:44 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-26 11:44 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-26 11:44 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-26 11:44 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-26 11:44 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-26 11:44 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-26 11:44 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-26 11:44 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-26 11:44 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-26 11:44 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-26 11:44 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-26 11:44 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-26 11:44 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-26 11:44 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-26 11:44 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-26 11:44 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-26 11:44 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-26 11:44 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-26 11:44 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-26 11:44 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-26 11:44 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-26 11:44 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-26 11:44 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-26 11:44 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-26 11:44 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-26 11:44 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-26 11:44 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-26 11:44 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-26 11:44 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-26 11:44 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-26 11:44 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-26 11:44 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-26 11:44 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-26 11:44 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-26 11:44 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-26 11:44 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-26 11:44 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-26 11:44 1,251,840 --a------ C:\WINDOWS\system32\comsvcs(3).dll
2006-09-26 11:44 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-26 06:38 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-09-26 06:37 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-09-26 06:37 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-26 06:37 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-26 06:37 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-26 06:37 26,624 --a------ C:\WINDOWS\system32\Icam3EXT.dll
2006-09-26 06:37 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-26 06:37 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-09-26 06:37 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-09-26 06:37 141,056 --a------ C:\WINDOWS\system32\drivers\Icam3.sys
2006-09-26 06:36 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-09-26 06:36 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-09-26 06:36 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-09-26 06:36 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-26 06:36 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-09-26 06:36 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-09-26 06:36 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-09-26 06:36 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-09-26 06:34 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-26 06:34 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-26 06:34 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-26 06:34 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 20:20 -------- d-------- C:\Documents and Settings\ocean\Application Data\uTorrent
2006-10-04 20:00 1018 --a------ C:\Documents and Settings\ocean\Application Data\alarms.ini
2006-10-04 17:53 713 --a------ C:\Documents and Settings\ocean\Application Data\AtomicAlarmClock.ini
2006-10-04 06:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 21:09 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-03 14:03 -------- d-------- C:\Documents and Settings\ocean\Application Data\Sun
2006-10-03 14:00 -------- d-------- C:\Documents and Settings\ocean\Application Data\PC Tools
2006-10-03 10:09 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-03 07:44 -------- d-------- C:\Program Files\Common Files
2006-10-02 18:24 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-09-30 22:22 -------- d-------- C:\Program Files\Cyberlink
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-29 12:03 -------- d-------- C:\Documents and Settings\ocean\Application Data\IrfanView
2006-09-29 09:36 -------- d-------- C:\Program Files\Java
2006-09-29 09:33 -------- d-------- C:\Program Files\Common Files\Java
2006-09-29 06:58 -------- d---s---- C:\Documents and Settings\ocean\Application Data\Microsoft
2006-09-29 06:47 -------- d-------- C:\Documents and Settings\ocean\Application Data\Real
2006-09-29 06:44 -------- d-------- C:\Program Files\Media Player Classic
2006-09-28 22:21 -------- d-------- C:\Documents and Settings\ocean\Application Data\Adobe
2006-09-28 20:21 -------- d-------- C:\Program Files\Windows Media Player
2006-09-28 20:17 -------- d-------- C:\Documents and Settings\ocean\Application Data\Media Player Classic
2006-09-28 17:54 -------- d-------- C:\Documents and Settings\ocean\Application Data\Opera
2006-09-28 15:42 49152 --a------ C:\WINDOWS\system32\cdrtc.dll
2006-09-28 15:42 45056 --a------ C:\WINDOWS\system32\cdral.dll
2006-09-28 15:42 -------- d-------- C:\Program Files\Roxio
2006-09-28 15:42 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-09-28 15:42 -------- d-------- C:\Program Files\Common Files\Adaptec Shared
2006-09-28 13:19 -------- d-------- C:\Documents and Settings\ocean\Application Data\CyberLink
2006-09-28 10:53 -------- d-------- C:\Program Files\FLAC
2006-09-27 19:52 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-27 15:39 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-27 15:39 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-27 15:24 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-27 15:13 -------- d-------- C:\Program Files\Outlook Express
2006-09-27 15:13 -------- d-------- C:\Program Files\Common Files\System
2006-09-27 15:12 -------- d-------- C:\Program Files\Messenger
2006-09-27 15:12 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 07:57 -------- d-------- C:\Program Files\Adobe
2006-09-26 23:53 -------- d-------- C:\Documents and Settings\ocean\Application Data\TuneUp Software
2006-09-26 22:28 -------- d-------- C:\Documents and Settings\ocean\Application Data\Apple Computer
2006-09-26 21:28 -------- d-------- C:\Program Files\MagicISO
2006-09-26 21:28 -------- d-------- C:\Program Files\BroadJump
2006-09-26 20:40 -------- d-------- C:\Program Files\JustZIPit
2006-09-26 20:07 -------- d-------- C:\Documents and Settings\ocean\Application Data\Macromedia
2006-09-26 17:18 -------- d-------- C:\Documents and Settings\ocean\Application Data\Thunderbird
2006-09-26 17:18 -------- d-------- C:\Documents and Settings\ocean\Application Data\Mozilla
2006-09-26 15:31 -------- d-------- C:\Documents and Settings\ocean\Application Data\ATI
2006-09-26 15:28 -------- d-------- C:\Program Files\ATI Technologies
2006-09-26 15:17 -------- d-------- C:\Program Files\Realtek Sound Manager
2006-09-26 15:17 -------- d-------- C:\Program Files\AvRack
2006-09-26 15:15 -------- d-------- C:\Program Files\AMD
2006-09-26 11:59 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-26 11:59 -------- d-------- C:\Documents and Settings\ocean\Application Data\Identities
2006-09-26 11:48 -------- d-------- C:\Program Files\xerox
2006-09-26 11:48 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-26 11:47 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-26 11:46 -------- d-------- C:\Program Files\NetMeeting
2006-09-26 11:46 -------- d-------- C:\Program Files\Movie Maker
2006-09-26 11:46 -------- d-------- C:\Program Files\Common Files\Services
2006-09-26 11:46 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-26 11:45 -------- d-------- C:\Program Files\Online Services
2006-09-26 11:45 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-26 11:45 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-26 11:44 -------- d-------- C:\Program Files\Windows NT
2006-09-26 11:44 -------- d-------- C:\Program Files\MSN
2006-09-26 06:34 62 --ahs---- C:\Documents and Settings\ocean\Application Data\desktop.ini
2006-09-26 06:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-26 06:34 -------- d-------- C:\Program Files\Common Files\ODBC


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="E:\\PROGRAMS\\Atomic Alarm Clock\\AtomicAlarmClock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"nod32kui"="\"E:\\PROGRAMS\\NOD\\nod32kui.exe\" /WAITSERVICE"
"Zone Labs Client"="\"E:\\PROGRAMS\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,d8,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Wed 10/04/2006 20:20:35.17
ComboFix.txt

#5 loophole

  • Group: Retired Staff
  • Posts: 9,798
  • Joined: 30-April 05

Posted 04 October 2006 - 07:40 PM

Hi :whistling:

Can you re enable the item please, that way we can remove it for good Everything in the combofix log seems to be legit

#6 BeachKeys

  • Group: Member
  • Posts: 7
  • Joined: 03-October 06

Posted 04 October 2006 - 08:02 PM

View Postloophole, on Oct 4 2006, 08:40 PM, said:

Hi :whistling:

Can you re enable the item please, that way we can remove it for good Everything in the combofix log seems to be legit

Yes I can. Doing some checking the item I disabled in the start menu is... C:\WINDOWS\system32\scost\scost.exe

I'm not sure this is the problem or not since re-enabling it hasn't resulted in any more popups.
Should I do the scan again and post the log?

#7 loophole

  • Group: Retired Staff
  • Posts: 9,798
  • Joined: 30-April 05

Posted 04 October 2006 - 08:55 PM

No you dont have to reenable it, thats what I needed. I'm pretty sure its no good

Can you do me a favor before we delete that folder

Show hidden files and folders
  • Click start >>> control panel
  • click the tools tab and then click folder options
  • Click view
  • tick the show hidden files and folders radio button
  • Uncheck hide extensions for known file types
  • Uncheck hide protected operating system files
  • Click Apply then Ok

Jotti File Submission:
  • Please go to Jotti's malware scan

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\scost\scost.exe

  • Click on the submit button

  • Please post the results in your next reply.

#8 BeachKeys

  • Group: Member
  • Posts: 7
  • Joined: 03-October 06

Posted 04 October 2006 - 09:15 PM

Hi,
Folder views were already set.

Here's the results of the scans....

---------------------------------------------------

File: scost.exe
Status:
OK
MD5 c50059deffdce445b377b954b7f07fb3
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

#9 loophole

  • Group: Retired Staff
  • Posts: 9,798
  • Joined: 30-April 05

Posted 04 October 2006 - 09:29 PM

Hi

Lets hold off on deleting it for a moment, since you disabled it it shouldn't cause you any problems, I'm almost posotive its the culprit

Can you do this for me

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

#10 BeachKeys

  • Group: Member
  • Posts: 7
  • Joined: 03-October 06

Posted 04 October 2006 - 10:13 PM

Here's Panda's scan.....


Incident Status Location


Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.tucows.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@atdmt[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@go[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@linksynergy[1].txt
Spyware:Spyware/SafeSurf Not disinfected E:\DOWNLOADS\evillyricsnightly\setup.exe[ēÜĮ\ExtractDLL.dll]




And here is the Hijackthis log....

------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:13:31 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\PROGRAMS\ZoneAlarm\zlclient.exe
E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
E:\PROGRAMS\NOD\nod32krn.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\ocean\Application Data\Microsoft\Internet Explorer\Quick Launch\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\PROGRAMS\PeerGuardian2\pg2.exe
E:\PROGRAMS\NOD\nod32kui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\DOWNLOADS\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRAMS\FlashGet\jccatch.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRAMS\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [nod32kui] "E:\PROGRAMS\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "E:\PROGRAMS\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SkinClock] E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAMS\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAMS\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\PROGRAMS\NOD\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#11 loophole

  • Group: Retired Staff
  • Posts: 9,798
  • Joined: 30-April 05

Posted 05 October 2006 - 07:55 AM

Hi :whistling:

Thats definately the culprit. You can delete the C:\WINDOWS\system32\scost folder

Also delete this file E:\DOWNLOADS\evillyricsnightly\setup.exe

Did you disable it with Hijackthis or through msconfig?

Your panda log is almost spotless

Deleting Cookies on Firefox
  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.
If everything is running OK I think your fin but your the boss?

#12 BeachKeys

  • Group: Member
  • Posts: 7
  • Joined: 03-October 06

Posted 05 October 2006 - 01:55 PM

View Postloophole, on Oct 5 2006, 08:55 AM, said:

Hi :blink:

Thats definately the culprit. You can delete the C:\WINDOWS\system32\scost folder

Also delete this file E:\DOWNLOADS\evillyricsnightly\setup.exe

Did you disable it with Hijackthis or through msconfig?

Your panda log is almost spotless

Deleting Cookies on Firefox
  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.
If everything is running OK I think your fin but your the boss?


OK, thx for your help, it is greatly appreciated!!!! :whistling:

Share this topic:


Page 1 of 1