Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack Log For Hostingvortal Popups

Started by BeachKeys , Oct 03 2006 08:12 PM

  • Please log in to reply

#1
BeachKeys
Posted 03 October 2006 - 08:12 PM

BeachKeys

    New Member

  • Member
  • Pip
  • 7 posts
I had this going on a little earlier today but after disabling an entry simply titled "start" in the startup menu it no longer is showing up. but I'm sure it is still here somewhere. Here's the log...

Any help would be appreciated, thx!


-------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:46:44 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
E:\PROGRAMS\NOD\nod32kui.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\PROGRAMS\ZoneAlarm\zlclient.exe
E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
E:\PROGRAMS\NOD\nod32krn.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
E:\DOWNLOADS\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRAMS\FlashGet\jccatch.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRAMS\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [nod32kui] "E:\PROGRAMS\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "E:\PROGRAMS\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SkinClock] E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAMS\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAMS\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\PROGRAMS\NOD\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by BeachKeys, 03 October 2006 - 08:13 PM.

  • 0

Advertisements

#2
BeachKeys
Posted 04 October 2006 - 06:44 PM

BeachKeys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Anyone?
  • 0

#3
loophole
Posted 04 October 2006 - 07:06 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#4
BeachKeys
Posted 04 October 2006 - 07:22 PM

BeachKeys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Thx for the reply, here is the log...

--------------------------------------------------------------------------------

ocean - 06-10-04 20:19:57.25 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\ocean\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-04 to 2006-10-04 ))))))))))))))))))))))))))))))))))


2006-10-01 08:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2006-09-30 08:15 99,776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2006-09-30 08:15 388,000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2006-09-30 08:15 32,288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2006-09-28 15:42 61,424 --a------ C:\WINDOWS\system32\drivers\cdr4_xp.sys
2006-09-28 15:42 23,420 --a------ C:\WINDOWS\system32\drivers\cdralw2k.sys
2006-09-28 15:29 86,016 -ra------ C:\WINDOWS\system32\CNMCP61.exe
2006-09-28 15:29 7,680 --a------ C:\WINDOWS\system32\CNMVS61.DLL
2006-09-28 15:29 116,736 --a------ C:\WINDOWS\system32\CNMLM61.DLL
2006-09-27 19:58 499,712 --------- C:\WINDOWS\system32\msvcp71.dll
2006-09-27 19:58 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
2006-09-27 19:38 57,344 --a------ C:\WINDOWS\uneng.exe
2006-09-27 19:29 130,048 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2006-09-27 15:24 5,888 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2006-09-27 15:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2006-09-27 15:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2006-09-27 15:24 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2006-09-27 15:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2006-09-27 15:24 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2006-09-27 15:24 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2006-09-27 15:24 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2006-09-27 15:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2006-09-27 15:19 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2006-09-27 15:19 151,552 --------- C:\WINDOWS\system32\pxwma.dll
2006-09-27 15:19 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-09-27 15:19 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-09-27 15:16 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2006-09-27 06:50 116,736 --a------ C:\WINDOWS\system32\CNMLM61(2).DLL
2006-09-27 06:44 57,344 --a------ C:\WINDOWS\system32\CNQU110.DLL
2006-09-27 06:44 352,256 --a------ C:\WINDOWS\system32\CNQL1213.DLL
2006-09-27 06:37 2,320,640 --a------ C:\WINDOWS\system32\TUKernel.exe
2006-09-26 23:50 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-09-26 23:50 274,432 --a------ C:\WINDOWS\system32\imon.dll
2006-09-26 15:34 9,728 -ra------ C:\WINDOWS\system32\bdco1ins.dll
2006-09-26 15:34 9,728 -ra------ C:\WINDOWS\system32\bdco1.dll
2006-09-26 15:34 33,408 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2006-09-26 15:34 32,256 -ra------ C:\WINDOWS\system32\nvconrm.dll
2006-09-26 15:34 261,504 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2006-09-26 15:34 208,256 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2006-09-26 15:34 201,728 -ra------ C:\WINDOWS\system32\fdco1ins.dll
2006-09-26 15:34 201,728 -ra------ C:\WINDOWS\system32\fdco1.dll
2006-09-26 15:34 176,128 --a------ C:\WINDOWS\system32\nvunrm.exe
2006-09-26 15:34 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2006-09-26 15:27 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-09-26 15:26 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2006-09-26 15:17 9,304,064 --a------ C:\WINDOWS\system32\RTLCPL.EXE
2006-09-26 15:17 77,824 --a------ C:\WINDOWS\SOUNDMAN.EXE
2006-09-26 15:17 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2006-09-26 15:17 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2006-09-26 15:17 40,960 --------- C:\WINDOWS\system32\ChCfg.exe
2006-09-26 15:17 294,912 --------- C:\WINDOWS\alcupd.exe
2006-09-26 15:17 200,704 --------- C:\WINDOWS\alcrmv.exe
2006-09-26 15:17 2,314,560 --a------ C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2006-09-26 15:17 192,512 --------- C:\WINDOWS\RtlExUpd.dll
2006-09-26 15:17 156,672 --a------ C:\WINDOWS\system32\RTLCPAPI.dll
2006-09-26 15:16 55,936 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys
2006-09-26 15:16 44,928 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys
2006-09-26 15:15 35,328 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2006-09-26 15:14 7,680 --------- C:\WINDOWS\system32\drivers\ABIT-IO.SYS
2006-09-26 13:41 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2006-09-26 13:41 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2006-09-26 13:00 306,688 --a------ C:\WINDOWS\IsUninst.exe
2006-09-26 12:58 945,424 --a------ C:\WINDOWS\system32\msjava.dll
2006-09-26 12:58 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2006-09-26 12:58 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2006-09-26 12:58 46,352 --a------ C:\WINDOWS\setdebug.exe
2006-09-26 12:58 404,752 --a------ C:\WINDOWS\system32\javart.dll
2006-09-26 12:58 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2006-09-26 12:58 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2006-09-26 12:58 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2006-09-26 12:58 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2006-09-26 12:58 172,304 --a------ C:\WINDOWS\system32\jview.exe
2006-09-26 12:58 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2006-09-26 12:58 171,280 --a------ C:\WINDOWS\system32\jit.dll
2006-09-26 12:58 154,896 --a------ C:\WINDOWS\system32\msawt.dll
2006-09-26 12:58 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2006-09-26 12:58 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2006-09-26 12:58 113 --a------ C:\WINDOWS\system32\zonedon.reg
2006-09-26 12:58 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2006-09-26 12:57 99,544 --a------ C:\WINDOWS\system32\GetFlash.exe
2006-09-26 12:57 253,952 --a------ C:\WINDOWS\SBCDSL.exe
2006-09-26 11:48 112,128 --a------ C:\WINDOWS\system32\mapi32.dll
2006-09-26 11:48 0 -rahs---- C:\MSDOS.SYS
2006-09-26 11:48 0 -rahs---- C:\IO.SYS
2006-09-26 11:48 0 --a------ C:\CONFIG.SYS
2006-09-26 11:48 0 --a------ C:\AUTOEXEC.BAT
2006-09-26 11:46 81,920 --a------ C:\WINDOWS\system32\ils.dll
2006-09-26 11:46 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2006-09-26 11:46 73,472 --a------ C:\WINDOWS\system32\drivers\sr.sys
2006-09-26 11:46 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2006-09-26 11:46 69,632 --a------ C:\WINDOWS\system32\msconf.dll
2006-09-26 11:46 678,400 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-09-26 11:46 67,584 --a------ C:\WINDOWS\system32\srclient.dll
2006-09-26 11:46 64,512 --a------ C:\WINDOWS\system32\acctres.dll
2006-09-26 11:46 6,656 --a------ C:\WINDOWS\system32\wuauserv.dll
2006-09-26 11:46 48,128 --a------ C:\WINDOWS\system32\inetres.dll
2006-09-26 11:46 45,568 --a------ C:\WINDOWS\system32\safrslv.dll
2006-09-26 11:46 430,592 --a------ C:\WINDOWS\system32\wuapi.dll
2006-09-26 11:46 43,520 --a------ C:\WINDOWS\system32\safrcdlg.dll
2006-09-26 11:46 43,520 --a------ C:\WINDOWS\system32\racpldlg.dll
2006-09-26 11:46 382,464 --a------ C:\WINDOWS\system32\qmgr.dll
2006-09-26 11:46 36,864 --a------ C:\WINDOWS\system32\wups.dll
2006-09-26 11:46 34,560 --a------ C:\WINDOWS\system32\mnmdd.dll
2006-09-26 11:46 32,768 --a------ C:\WINDOWS\system32\mnmsrvc.exe
2006-09-26 11:46 32,768 --a------ C:\WINDOWS\system32\isrdbg32.dll
2006-09-26 11:46 29,696 --a------ C:\WINDOWS\system32\safrdm.dll
2006-09-26 11:46 28,672 --a------ C:\WINDOWS\system32\nmmkcert.dll
2006-09-26 11:46 252,928 --a------ C:\WINDOWS\system32\msoeacct.dll
2006-09-26 11:46 239,104 --a------ C:\WINDOWS\system32\srrstr.dll
2006-09-26 11:46 22,528 --a------ C:\WINDOWS\system32\fltMc.exe
2006-09-26 11:46 183,296 --a------ C:\WINDOWS\system32\wuaueng1.dll
2006-09-26 11:46 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2006-09-26 11:46 170,496 --a------ C:\WINDOWS\system32\srsvc.dll
2006-09-26 11:46 165,888 --a------ C:\WINDOWS\system32\wuauclt1.exe
2006-09-26 11:46 16,896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-09-26 11:46 16,384 --a------ C:\WINDOWS\system32\icfgnt5.dll
2006-09-26 11:46 124,800 --a------ C:\WINDOWS\system32\drivers\fltMgr.sys
2006-09-26 11:46 120,320 --a------ C:\WINDOWS\system32\wuweb.dll
2006-09-26 11:46 12,288 --a------ C:\WINDOWS\system32\nmevtmsg.dll
2006-09-26 11:46 112,640 --a------ C:\WINDOWS\system32\wucltui.dll
2006-09-26 11:46 111,104 --a------ C:\WINDOWS\system32\wuauclt.exe
2006-09-26 11:46 11,264 --a------ C:\WINDOWS\system32\atrace.dll
2006-09-26 11:46 105,984 --a------ C:\WINDOWS\system32\msoert2.dll
2006-09-26 11:46 1,134,592 --a------ C:\WINDOWS\system32\wuaueng.dll
2006-09-26 11:45 81,920 --a------ C:\WINDOWS\system32\isign32.dll
2006-09-26 11:45 73,728 --a------ C:\WINDOWS\system32\icwdial.dll
2006-09-26 11:45 65,536 --a------ C:\WINDOWS\system32\icwphbk.dll
2006-09-26 11:45 5,632 --a------ C:\WINDOWS\system32\write.exe
2006-09-26 11:45 274,944 --a------ C:\WINDOWS\system32\mstask.dll
2006-09-26 11:45 274,432 --a------ C:\WINDOWS\system32\inetcfg.dll
2006-09-26 11:45 190,976 --a------ C:\WINDOWS\system32\schedsvc.dll
2006-09-26 11:45 12,288 --a------ C:\WINDOWS\system32\mstinit.exe
2006-09-26 11:44 949,248 --a------ C:\WINDOWS\system32\msdtctm.dll
2006-09-26 11:44 93,696 --a------ C:\WINDOWS\system32\tscfgwmi.dll
2006-09-26 11:44 90,112 --a------ C:\WINDOWS\system32\mtxoci.dll
2006-09-26 11:44 9,728 --a------ C:\WINDOWS\system32\reset.exe
2006-09-26 11:44 87,176 --a------ C:\WINDOWS\system32\rdpwsx.dll
2006-09-26 11:44 85,504 --a------ C:\WINDOWS\system32\catsrvps.dll
2006-09-26 11:44 82,432 --a------ C:\WINDOWS\system32\comrepl.dll
2006-09-26 11:44 80,384 --a------ C:\WINDOWS\system32\charmap.exe
2006-09-26 11:44 73,216 --a------ C:\WINDOWS\system32\avwav.dll
2006-09-26 11:44 67,072 --a------ C:\WINDOWS\system32\rdshost.exe
2006-09-26 11:44 655,360 --a------ C:\WINDOWS\system32\mstscax.dll
2006-09-26 11:44 628,224 --a------ C:\WINDOWS\system32\catsrvut.dll
2006-09-26 11:44 628,224 --a------ C:\WINDOWS\system32\catsrvut(3).dll
2006-09-26 11:44 62,464 --a------ C:\WINDOWS\system32\rdpclip.exe
2006-09-26 11:44 62,464 --a------ C:\WINDOWS\system32\colbact.dll
2006-09-26 11:44 62,464 --a------ C:\WINDOWS\system32\colbact(3).dll
2006-09-26 11:44 605,696 --a------ C:\WINDOWS\system32\getuname.dll
2006-09-26 11:44 60,416 --a------ C:\WINDOWS\system32\remotepg.dll
2006-09-26 11:44 6,144 --a------ C:\WINDOWS\system32\msdtc.exe
2006-09-26 11:44 58,880 --a------ C:\WINDOWS\system32\msdtclog.dll
2006-09-26 11:44 58,880 --a------ C:\WINDOWS\system32\licwmi.dll
2006-09-26 11:44 56,832 --a------ C:\WINDOWS\system32\sol.exe
2006-09-26 11:44 56,320 --a------ C:\WINDOWS\system32\servdeps.dll
2006-09-26 11:44 55,296 --a------ C:\WINDOWS\system32\freecell.exe
2006-09-26 11:44 540,160 --a------ C:\WINDOWS\system32\comuid.dll
2006-09-26 11:44 54,272 --a------ C:\WINDOWS\system32\stclient.dll
2006-09-26 11:44 538,624 --a------ C:\WINDOWS\system32\spider.exe
2006-09-26 11:44 501,248 --a------ C:\WINDOWS\system32\clbcatq.dll
2006-09-26 11:44 501,248 --a------ C:\WINDOWS\system32\clbcatq(3).dll
2006-09-26 11:44 5,120 --a------ C:\WINDOWS\system32\dcomcnfg.exe
2006-09-26 11:44 44,544 --a------ C:\WINDOWS\system32\tscupgrd.exe
2006-09-26 11:44 44,544 --a------ C:\WINDOWS\system32\hticons.dll
2006-09-26 11:44 425,472 --a------ C:\WINDOWS\system32\msdtcprx.dll
2006-09-26 11:44 407,552 --a------ C:\WINDOWS\system32\mstsc.exe
2006-09-26 11:44 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2006-09-26 11:44 4,096 --a------ C:\WINDOWS\system32\rdpcfgex.dll
2006-09-26 11:44 4,096 --a------ C:\WINDOWS\system32\mtxex.dll
2006-09-26 11:44 38,912 --a------ C:\WINDOWS\system32\cfgbkend.dll
2006-09-26 11:44 35,328 --a------ C:\WINDOWS\system32\winchat.exe
2006-09-26 11:44 345,088 --a------ C:\WINDOWS\system32\hypertrm.dll
2006-09-26 11:44 343,040 --a------ C:\WINDOWS\system32\mspaint.exe
2006-09-26 11:44 33,792 --a------ C:\WINDOWS\system32\regini.exe
2006-09-26 11:44 295,424 --a------ C:\WINDOWS\system32\termsrv.dll
2006-09-26 11:44 25,600 --a------ C:\WINDOWS\system32\comaddin.dll
2006-09-26 11:44 25,088 --a------ C:\WINDOWS\system32\mtxlegih.dll
2006-09-26 11:44 229,888 --a------ C:\WINDOWS\system32\catsrv.dll
2006-09-26 11:44 229,888 --a------ C:\WINDOWS\system32\catsrv(3).dll
2006-09-26 11:44 227,840 --a------ C:\WINDOWS\system32\avtapi.dll
2006-09-26 11:44 22,016 --a------ C:\WINDOWS\system32\qwinsta.exe
2006-09-26 11:44 21,896 --a------ C:\WINDOWS\system32\drivers\tdtcp.sys
2006-09-26 11:44 20,992 --a------ C:\WINDOWS\system32\msg.exe
2006-09-26 11:44 20,480 --a------ C:\WINDOWS\system32\qprocess.exe
2006-09-26 11:44 20,480 --a------ C:\WINDOWS\system32\mtxdm.dll
2006-09-26 11:44 196,864 --a------ C:\WINDOWS\system32\drivers\rdpdr.sys
2006-09-26 11:44 19,968 --a------ C:\WINDOWS\system32\rdpsnd.dll
2006-09-26 11:44 185,344 --a------ C:\WINDOWS\system32\cmprops.dll
2006-09-26 11:44 183,808 --a------ C:\WINDOWS\system32\accwiz.exe
2006-09-26 11:44 17,408 --a------ C:\WINDOWS\system32\mmfutil.dll
2006-09-26 11:44 161,280 --a------ C:\WINDOWS\system32\msdtcuiu.dll
2006-09-26 11:44 16,896 --a------ C:\WINDOWS\system32\tsshutdn.exe
2006-09-26 11:44 16,896 --a------ C:\WINDOWS\system32\qappsrv.exe
2006-09-26 11:44 16,384 --a------ C:\WINDOWS\system32\tskill.exe
2006-09-26 11:44 16,384 --a------ C:\WINDOWS\system32\avmeter.dll
2006-09-26 11:44 15,872 --a------ C:\WINDOWS\system32\rwinsta.exe
2006-09-26 11:44 15,872 --a------ C:\WINDOWS\system32\cdmodem.dll
2006-09-26 11:44 15,360 --a------ C:\WINDOWS\system32\logoff.exe
2006-09-26 11:44 147,968 --a------ C:\WINDOWS\system32\rdchost.dll
2006-09-26 11:44 147,456 --a------ C:\WINDOWS\system32\comsnap.dll
2006-09-26 11:44 140,800 --a------ C:\WINDOWS\system32\sessmgr.exe
2006-09-26 11:44 14,848 --a------ C:\WINDOWS\system32\tsdiscon.exe
2006-09-26 11:44 14,848 --a------ C:\WINDOWS\system32\tscon.exe
2006-09-26 11:44 14,848 --a------ C:\WINDOWS\system32\shadow.exe
2006-09-26 11:44 139,400 --a------ C:\WINDOWS\system32\drivers\rdpwd.sys
2006-09-26 11:44 138,752 --a------ C:\WINDOWS\system32\sndvol32.exe
2006-09-26 11:44 131,584 --a------ C:\WINDOWS\system32\sndrec32.exe
2006-09-26 11:44 13,824 --a------ C:\WINDOWS\system32\rdsaddin.exe
2006-09-26 11:44 126,976 --a------ C:\WINDOWS\system32\mshearts.exe
2006-09-26 11:44 123,392 --a------ C:\WINDOWS\system32\mplay32.exe
2006-09-26 11:44 12,040 --a------ C:\WINDOWS\system32\drivers\tdpipe.sys
2006-09-26 11:44 119,808 --a------ C:\WINDOWS\system32\winmine.exe
2006-09-26 11:44 114,688 --a------ C:\WINDOWS\system32\calc.exe
2006-09-26 11:44 110,080 --a------ C:\WINDOWS\system32\clbcatex.dll
2006-09-26 11:44 11,776 --a------ C:\WINDOWS\system32\xolehlp.dll
2006-09-26 11:44 11,264 --a------ C:\WINDOWS\system32\icaapi.dll
2006-09-26 11:44 102,912 --a------ C:\WINDOWS\system32\clipbrd.exe
2006-09-26 11:44 1,251,840 --a------ C:\WINDOWS\system32\comsvcs.dll
2006-09-26 11:44 1,251,840 --a------ C:\WINDOWS\system32\comsvcs(3).dll
2006-09-26 11:44 1,161 --a------ C:\WINDOWS\system32\usrlogon.cmd
2006-09-26 06:38 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2006-09-26 06:37 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys
2006-09-26 06:37 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-09-26 06:37 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2006-09-26 06:37 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2006-09-26 06:37 26,624 --a------ C:\WINDOWS\system32\Icam3EXT.dll
2006-09-26 06:37 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-09-26 06:37 19,328 --a------ C:\WINDOWS\system32\drivers\WSTCODEC.SYS
2006-09-26 06:37 17,024 --a------ C:\WINDOWS\system32\drivers\CCDECODE.sys
2006-09-26 06:37 141,056 --a------ C:\WINDOWS\system32\drivers\Icam3.sys
2006-09-26 06:36 86,016 --a------ C:\WINDOWS\system32\mdmxsdk.dll
2006-09-26 06:36 685,056 --a------ C:\WINDOWS\system32\drivers\HSFCXTS2.sys
2006-09-26 06:36 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2006-09-26 06:36 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2006-09-26 06:36 32,285 --a------ C:\WINDOWS\system32\HSFCISP2.dll
2006-09-26 06:36 220,032 --a------ C:\WINDOWS\system32\drivers\HSFBS2S2.sys
2006-09-26 06:36 11,868 --a------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2006-09-26 06:36 1,041,536 --a------ C:\WINDOWS\system32\drivers\HSFDPSP2.sys
2006-09-26 06:34 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2006-09-26 06:34 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2006-09-26 06:34 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2006-09-26 06:34 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-04 20:20 -------- d-------- C:\Documents and Settings\ocean\Application Data\uTorrent
2006-10-04 20:00 1018 --a------ C:\Documents and Settings\ocean\Application Data\alarms.ini
2006-10-04 17:53 713 --a------ C:\Documents and Settings\ocean\Application Data\AtomicAlarmClock.ini
2006-10-04 06:58 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-03 21:09 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-03 14:03 -------- d-------- C:\Documents and Settings\ocean\Application Data\Sun
2006-10-03 14:00 -------- d-------- C:\Documents and Settings\ocean\Application Data\PC Tools
2006-10-03 10:09 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-03 07:44 -------- d-------- C:\Program Files\Common Files
2006-10-02 18:24 -------- d-------- C:\Program Files\Common Files\LightScribe
2006-09-30 22:22 -------- d-------- C:\Program Files\Cyberlink
2006-09-30 21:50 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-29 12:03 -------- d-------- C:\Documents and Settings\ocean\Application Data\IrfanView
2006-09-29 09:36 -------- d-------- C:\Program Files\Java
2006-09-29 09:33 -------- d-------- C:\Program Files\Common Files\Java
2006-09-29 06:58 -------- d---s---- C:\Documents and Settings\ocean\Application Data\Microsoft
2006-09-29 06:47 -------- d-------- C:\Documents and Settings\ocean\Application Data\Real
2006-09-29 06:44 -------- d-------- C:\Program Files\Media Player Classic
2006-09-28 22:21 -------- d-------- C:\Documents and Settings\ocean\Application Data\Adobe
2006-09-28 20:21 -------- d-------- C:\Program Files\Windows Media Player
2006-09-28 20:17 -------- d-------- C:\Documents and Settings\ocean\Application Data\Media Player Classic
2006-09-28 17:54 -------- d-------- C:\Documents and Settings\ocean\Application Data\Opera
2006-09-28 15:42 49152 --a------ C:\WINDOWS\system32\cdrtc.dll
2006-09-28 15:42 45056 --a------ C:\WINDOWS\system32\cdral.dll
2006-09-28 15:42 -------- d-------- C:\Program Files\Roxio
2006-09-28 15:42 -------- d-------- C:\Program Files\Common Files\Roxio Shared
2006-09-28 15:42 -------- d-------- C:\Program Files\Common Files\Adaptec Shared
2006-09-28 13:19 -------- d-------- C:\Documents and Settings\ocean\Application Data\CyberLink
2006-09-28 10:53 -------- d-------- C:\Program Files\FLAC
2006-09-27 19:52 -------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-09-27 15:39 -------- d-------- C:\Program Files\Common Files\Adobe Systems Shared
2006-09-27 15:39 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-27 15:24 -------- d-------- C:\Program Files\Common Files\Ahead
2006-09-27 15:13 -------- d-------- C:\Program Files\Outlook Express
2006-09-27 15:13 -------- d-------- C:\Program Files\Common Files\System
2006-09-27 15:12 -------- d-------- C:\Program Files\Messenger
2006-09-27 15:12 -------- d-------- C:\Program Files\Internet Explorer
2006-09-27 07:57 -------- d-------- C:\Program Files\Adobe
2006-09-26 23:53 -------- d-------- C:\Documents and Settings\ocean\Application Data\TuneUp Software
2006-09-26 22:28 -------- d-------- C:\Documents and Settings\ocean\Application Data\Apple Computer
2006-09-26 21:28 -------- d-------- C:\Program Files\MagicISO
2006-09-26 21:28 -------- d-------- C:\Program Files\BroadJump
2006-09-26 20:40 -------- d-------- C:\Program Files\JustZIPit
2006-09-26 20:07 -------- d-------- C:\Documents and Settings\ocean\Application Data\Macromedia
2006-09-26 17:18 -------- d-------- C:\Documents and Settings\ocean\Application Data\Thunderbird
2006-09-26 17:18 -------- d-------- C:\Documents and Settings\ocean\Application Data\Mozilla
2006-09-26 15:31 -------- d-------- C:\Documents and Settings\ocean\Application Data\ATI
2006-09-26 15:28 -------- d-------- C:\Program Files\ATI Technologies
2006-09-26 15:17 -------- d-------- C:\Program Files\Realtek Sound Manager
2006-09-26 15:17 -------- d-------- C:\Program Files\AvRack
2006-09-26 15:15 -------- d-------- C:\Program Files\AMD
2006-09-26 11:59 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-26 11:59 -------- d-------- C:\Documents and Settings\ocean\Application Data\Identities
2006-09-26 11:48 -------- d-------- C:\Program Files\xerox
2006-09-26 11:48 -------- d-------- C:\Program Files\microsoft frontpage
2006-09-26 11:47 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-26 11:46 -------- d-------- C:\Program Files\NetMeeting
2006-09-26 11:46 -------- d-------- C:\Program Files\Movie Maker
2006-09-26 11:46 -------- d-------- C:\Program Files\Common Files\Services
2006-09-26 11:46 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-09-26 11:45 -------- d-------- C:\Program Files\Online Services
2006-09-26 11:45 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-09-26 11:45 -------- d-------- C:\Program Files\ComPlus Applications
2006-09-26 11:44 -------- d-------- C:\Program Files\Windows NT
2006-09-26 11:44 -------- d-------- C:\Program Files\MSN
2006-09-26 06:34 62 --ahs---- C:\Documents and Settings\ocean\Application Data\desktop.ini
2006-09-26 06:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-09-26 06:34 -------- d-------- C:\Program Files\Common Files\ODBC


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkinClock"="E:\\PROGRAMS\\Atomic Alarm Clock\\AtomicAlarmClock.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime"
"nod32kui"="\"E:\\PROGRAMS\\NOD\\nod32kui.exe\" /WAITSERVICE"
"Zone Labs Client"="\"E:\\PROGRAMS\\ZoneAlarm\\zlclient.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,d8,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: Wed 10/04/2006 20:20:35.17
ComboFix.txt
  • 0

#5
loophole
Posted 04 October 2006 - 07:40 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Can you re enable the item please, that way we can remove it for good Everything in the combofix log seems to be legit
  • 0

#6
BeachKeys
Posted 04 October 2006 - 08:02 PM

BeachKeys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi :whistling:

Can you re enable the item please, that way we can remove it for good Everything in the combofix log seems to be legit

Yes I can. Doing some checking the item I disabled in the start menu is... C:\WINDOWS\system32\scost\scost.exe

I'm not sure this is the problem or not since re-enabling it hasn't resulted in any more popups.
Should I do the scan again and post the log?

Edited by BeachKeys, 04 October 2006 - 08:03 PM.

  • 0

#7
loophole
Posted 04 October 2006 - 08:55 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
No you dont have to reenable it, thats what I needed. I'm pretty sure its no good

Can you do me a favor before we delete that folder

Show hidden files and folders
  • Click start >>> control panel
  • click the tools tab and then click folder options
  • Click view
  • tick the show hidden files and folders radio button
  • Uncheck hide extensions for known file types
  • Uncheck hide protected operating system files
  • Click Apply then Ok
Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\scost\scost.exe
  • Click on the submit button
  • Please post the results in your next reply.

  • 0

#8
BeachKeys
Posted 04 October 2006 - 09:15 PM

BeachKeys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi,
Folder views were already set.

Here's the results of the scans....

---------------------------------------------------

File: scost.exe
Status:
OK
MD5 c50059deffdce445b377b954b7f07fb3
Packers detected:
-
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
  • 0

#9
loophole
Posted 04 October 2006 - 09:29 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi

Lets hold off on deleting it for a moment, since you disabled it it shouldn't cause you any problems, I'm almost posotive its the culprit

Can you do this for me

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#10
BeachKeys
Posted 04 October 2006 - 10:13 PM

BeachKeys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here's Panda's scan.....


Incident Status Location


Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.tucows.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\ocean\Application Data\Mozilla\Firefox\Profiles\uto1r2z8.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@atdmt[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@go[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\ocean\Cookies\ocean@linksynergy[1].txt
Spyware:Spyware/SafeSurf Not disinfected E:\DOWNLOADS\evillyricsnightly\setup.exe[²ÜÇ\ExtractDLL.dll]




And here is the Hijackthis log....

------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:13:31 PM, on 10/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\PROGRAMS\ZoneAlarm\zlclient.exe
E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
E:\PROGRAMS\NOD\nod32krn.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\ocean\Application Data\Microsoft\Internet Explorer\Quick Launch\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\PROGRAMS\PeerGuardian2\pg2.exe
E:\PROGRAMS\NOD\nod32kui.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\DOWNLOADS\HijackThis.exe

O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - E:\PROGRAMS\FlashGet\jccatch.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - E:\PROGRAMS\FlashGet\getflash.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [nod32kui] "E:\PROGRAMS\NOD\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Zone Labs Client] "E:\PROGRAMS\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [SkinClock] E:\PROGRAMS\Atomic Alarm Clock\AtomicAlarmClock.exe
O8 - Extra context menu item: Download All by FlashGet - E:\PROGRAMS\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\PROGRAMS\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRAMS\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\PROGRAMS\NOD\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMS\TUNEUP\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#11
loophole
Posted 05 October 2006 - 07:55 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Thats definately the culprit. You can delete the C:\WINDOWS\system32\scost folder

Also delete this file E:\DOWNLOADS\evillyricsnightly\setup.exe

Did you disable it with Hijackthis or through msconfig?

Your panda log is almost spotless

Deleting Cookies on Firefox
  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.
If everything is running OK I think your fin but your the boss?

Edited by loophole, 05 October 2006 - 07:58 AM.

  • 0

#12
BeachKeys
Posted 05 October 2006 - 01:55 PM

BeachKeys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts

Hi :blink:

Thats definately the culprit. You can delete the C:\WINDOWS\system32\scost folder

Also delete this file E:\DOWNLOADS\evillyricsnightly\setup.exe

Did you disable it with Hijackthis or through msconfig?

Your panda log is almost spotless

Deleting Cookies on Firefox

  • Click Tools then Options.
  • Click Privacy.
  • Click Clear across from the Cookies option.
  • Click Ok to return to the browser main page.
  • Exit and relaunch the browser.
If everything is running OK I think your fin but your the boss?


OK, thx for your help, it is greatly appreciated!!!! :whistling:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP