Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ad.oinadserver


  • Please log in to reply

#1
nishasb

nishasb

    New Member

  • Member
  • Pip
  • 6 posts
I am infected with ad.oinadserver.
Below is the log file of hijack this.

I cannot work and I need to be on the computer all day, please help....



Logfile of HijackThis v1.99.1
Scan saved at 10:07:56 AM, on 10/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
c:\winnt\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Seagate Software\SI\X86\Server\distribution\holosdmn.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\kybrdff_e27.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\WINNT\PPATCH~1\netdde.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Citrix\icaweb32\Wfcrun32.exe
C:\PROGRA~1\Citrix\icaweb32\WFICA32.EXE
C:\Program Files\Seagate Software\SI\x86\sentnl32.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Seagate Software\SI\x86\cidesk32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\?ymantec\?serinit.exe
C:\Program Files\Seagate Software\SI\X86\crw32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{D3C08739-37D3-0873-A0AB-111349D56C93} - (no file)
R3 - URLSearchHook: (no name) - _{A55581DC-2CDB-4089-8878-71A080B22342} - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
R3 - URLSearchHook: (no name) - {5E11F31D-49AE-7855-88DD-63349B08E69A} - C:\WINNT\system32\affdyb.dll
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 192.1.2.215 hevelius
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [bzzbccac] RUNDLL32.EXE w56f8464.dll,n 005bcca70000001256f8464
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e27.exe
O4 - HKLM\..\Run: [xload] "C:\WINNT\xload.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - HKCU\..\Run: [Otpt] "C:\WINNT\PPATCH~1\netdde.exe" -vt yazb
O4 - HKCU\..\Run: [Kpqlixim] C:\WINNT\system32\?ymantec\?serinit.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {29EF91B9-7120-477C-A5CB-2D67F2FD088C} (TeleControl Class) - https://kvm.ialtd.com/rrc.cab
O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - http://ialtd.com/cit...spv3fullchk.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://eqxlandesk/co...ENUrcviewer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\NISHAD~1.CAY\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O17 - HKLM\Software\..\Telephony: DomainName = intranet.cayre.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O23 - Service: Info Agent (Crystal Info Agent) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\ciagnt32.exe" -service (file missing)
O23 - Service: Info APS (Crystal Info APS) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\aps32.exe" -service (file missing)
O23 - Service: Info Sentinel (Crystal Info Sentinel) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\sentnl32.exe" -service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Info OLAP Server (Holosci) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\Server\distribution\holosdmn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Open OLAP NameShell - SI (NameShellSI) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\OpenOlap\nameshell.exe" -SERVICE=SI (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Open OLAP Gateway - DB2 (oogwyDB2) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=DB2 (file missing)
O23 - Service: Open OLAP Gateway - ESSBASE (oogwyESSBASE) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=ESSBASE (file missing)
O23 - Service: Open OLAP Gateway - HDCHAPI (oogwyHDCHAPI) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=HDCHAPI (file missing)
O23 - Service: Open OLAP Gateway - METACUBE (oogwyMETACUBE) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=METACUBE (file missing)
O23 - Service: Open OLAP Gateway - OLEDB (oogwyOLEDB) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=OLEDB (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Info Outlook Server (Seagate Info Outlook Server) - Unknown owner - C:\Program Files\Seagate Software\Outlook Server\scimssrv.exe" -service (file missing)
O23 - Service: Seagate Analysis Server (Seagate Info Query Server) - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe" -service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
  • 0

Advertisements


#2
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download Combofix by sUBs from here and save it to your Desktop.
  • Double click combo.exe to run it and follow the prompts.
  • When the tool has finished, it will produce a log C:\ComboFix.txt - copy and paste it into your next reply.
  • Post a fresh HJT log as well.
  • Let me know how the PC is behaving.
Please Note:
  • Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash.
  • Disable Script Blocking if you have NAV installed as it will interfere with the normal working of this tool.
  • Trojan Hunter has been reported to detect this tool as Worm.Qiv.100 - please ignore this, it's a false-positive.

  • 0

#3
nishasb

nishasb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
nishad - 06-10-18 9:30:07.87 Service Pack 2
ComboFix 06.10.16 - Running from: "C:\"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\nishad.CAYRE\Application Data\Dxcdmns.dll
C:\Documents and Settings\nishad.CAYRE\Application Data\Dxcknwrd.dll
C:\Documents and Settings\nishad.CAYRE\Application Data\Dxcuknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINNT\offun.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\WINNT\CROSOF~1.NET
C:\QooBox\Purity\WINNT\PPATCH~1
C:\QooBox\Purity\WINNT\PPATCH~1\??pPatch
C:\QooBox\Purity\WINNT\system32\YMANTE~1
C:\QooBox\Purity\WINNT\system32\YSTEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-09-18 to 2006-10-18 ))))))))))))))))))))))))))))))))))


2006-10-18 09:29 276,886 --a------ C:\combofix.exe
2006-10-17 09:11 3,968 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2006-10-13 15:43 455,327 ---hs---- C:\WINNT\system32\dfhkj.bak2
2006-10-12 15:43 98,324 --a------ C:\WINNT\system32\evjabsxr.dll
2006-10-12 15:43 143,380 --a------ C:\WINNT\system32\molsjqdr.exe
2006-10-12 15:42 684,084 ---hs---- C:\WINNT\system32\jkhfd.dll
2006-10-12 15:42 502,394 ---hs---- C:\WINNT\system32\dfhkj.bak1
2006-10-12 15:37 1,233 --a------ C:\WINNT\system32\bzzbccac.sys
2006-10-12 10:14 78,848 --a------ C:\WINNT\system32\nsz2F.dll
2006-10-11 11:48 83,672 --a------ C:\WINNT\system32\S32EVNT1.DLL
2006-10-11 11:48 73,224 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2006-10-06 18:11 65,536 --a------ C:\WINNT\system32\Winwcd.dll
2006-10-06 16:36 111,270 --a------ C:\WINNT\system32\Eim03.exe
2006-10-06 14:15 97,433 --a------ C:\WINNT\system32\traffic_solution_new.exe
2006-09-27 15:52 53,568 --a------ C:\WINNT\system32\drivers\GemUsb.sys
2006-09-27 15:41 82,304 --a------ C:\WINNT\system32\drivers\grclass.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-18 09:32 -------- d-------- C:\Program Files\Common Files
2006-10-17 10:32 -------- d-------- C:\Program Files\Outlook Express
2006-10-17 09:11 -------- d-------- C:\Program Files\Grisoft
2006-10-15 12:46 -------- d-------- C:\Program Files\Google
2006-10-13 12:29 -------- d-------- C:\Program Files\XoftSpy
2006-10-12 16:04 -------- d-------- C:\Program Files\AdwareAlert
2006-10-12 09:31 -------- d-------- C:\Program Files\Lavasoft
2006-10-12 09:31 -------- d-------- C:\Documents and Settings\nishad.CAYRE\Application Data\Lavasoft
2006-10-12 09:22 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-10-11 11:48 -------- d-------- C:\Program Files\Symantec_Client_Security
2006-10-11 11:48 -------- d-------- C:\Program Files\Symantec
2006-10-11 11:48 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-11 11:04 -------- d-------- C:\Program Files\PestPatrol
2006-10-04 07:49 -------- d-------- C:\Documents and Settings\nishad.CAYRE\Application Data\Adobe
2006-10-03 10:01 -------- d-------- C:\Documents and Settings\nishad.CAYRE\Application Data\Apple Computer
2006-10-01 18:03 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-10-01 18:03 -------- d-------- C:\Documents and Settings\nishad.CAYRE\Application Data\SonicWALL
2006-10-01 12:12 -------- d-------- C:\Program Files\LANDesk
2006-10-01 11:55 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-29 10:53 -------- d-------- C:\Documents and Settings\nishad.CAYRE\Application Data\LinkedIn
2006-09-27 15:52 -------- d-------- C:\Program Files\Gemplus
2006-09-27 15:52 -------- d-------- C:\Program Files\Common Files\Gemplus
2006-09-11 15:47 -------- d-------- C:\Documents and Settings\nishad.CAYRE\Application Data\eFax Messenger
2006-09-06 10:20 -------- d-------- C:\Documents and Settings\nishad.CAYRE\Application Data\Help
2006-08-23 10:27 -------- d-------- C:\Program Files\01-mp3search
2006-08-21 10:14 -------- d-------- C:\Program Files\eFax Messenger 4.2
2006-08-15 15:12 262 --a------ C:\Documents and Settings\nishad.CAYRE\Application Data\wklnhst.dat
2006-08-09 07:58 45056 --a------ C:\WINNT\NCUNINST.EXE
2006-07-31 18:30 22 --a------ C:\AUTOEXEC.BAT
2006-07-31 17:10 974 --a------ C:\DelCI32.bat
2006-07-28 11:32 24 --a------ C:\WINNT\WINSTART.BAT
2006-07-28 11:32 115 --a------ C:\WINNT\TMPCPYIS.BAT
2006-07-28 11:32 114 --a------ C:\WINNT\TMPDELIS.BAT
2006-07-28 11:31 14 --a------ C:\CONFIG.SYS
2006-07-28 09:35 62 --ahs---- C:\Documents and Settings\nishad.CAYRE\Application Data\desktop.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINNT\\system32\\ctfmon.exe"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"pdfFactory Dispatcher v1"="C:\\WINNT\\System32\\spool\\DRIVERS\\W32X86\\3\\fppdis1.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"bzzbccac"="RUNDLL32.EXE w56f8464.dll,n 005bcca70000001256f8464"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Outlook Express\\xuqyfe.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"=""
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=dword:40000001
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,b2,03,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,d2,03,00,00,23,00,00,00,1c,01,00,00,27,01,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ForceStartMenuLogOff"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk"
"backup"="C:\\WINNT\\pss\\America Online 9.0 Tray Icon.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\AMERIC~1.0A\\aoltray.exe -check"
"item"="America Online 9.0 Tray Icon"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLSP Scheduler"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWCares"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Gateway\\GWCares\\GWCares.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mmtask"
"hkey"="HKLM"
"command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfd

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061013-101004-876
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e27.exe

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\ISP signup reminder 1.job
C:\WINNT\tasks\ISP signup reminder 3.job
C:\WINNT\tasks\Symantec NetDetect.job
C:\WINNT\tasks\XoftSpy.job

Completion time: 06-10-18 9:35:05.78
C:\ComboFix.txt ... 06-10-18 09:35
  • 0

#4
nishasb

nishasb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I have attched the combofix and hijackthis log files. Please let me know how to proceed.




Logfile of HijackThis v1.99.1
Scan saved at 9:49:31 AM, on 10/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Seagate Software\SI\X86\Server\distribution\holosdmn.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\WINNT\system32\sndvol32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 192.1.2.215 hevelius
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [bzzbccac] RUNDLL32.EXE w56f8464.dll,n 005bcca70000001256f8464
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {29EF91B9-7120-477C-A5CB-2D67F2FD088C} (TeleControl Class) - https://kvm.ialtd.com/rrc.cab
O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - http://ialtd.com/cit...spv3fullchk.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://eqxlandesk/co...ENUrcviewer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\NISHAD~1.CAY\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O17 - HKLM\Software\..\Telephony: DomainName = intranet.cayre.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Info Agent (Crystal Info Agent) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\ciagnt32.exe" -service (file missing)
O23 - Service: Info APS (Crystal Info APS) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\aps32.exe" -service (file missing)
O23 - Service: Info Sentinel (Crystal Info Sentinel) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\sentnl32.exe" -service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Info OLAP Server (Holosci) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\Server\distribution\holosdmn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Open OLAP NameShell - SI (NameShellSI) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\OpenOlap\nameshell.exe" -SERVICE=SI (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Open OLAP Gateway - DB2 (oogwyDB2) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=DB2 (file missing)
O23 - Service: Open OLAP Gateway - ESSBASE (oogwyESSBASE) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=ESSBASE (file missing)
O23 - Service: Open OLAP Gateway - HDCHAPI (oogwyHDCHAPI) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=HDCHAPI (file missing)
O23 - Service: Open OLAP Gateway - METACUBE (oogwyMETACUBE) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=METACUBE (file missing)
O23 - Service: Open OLAP Gateway - OLEDB (oogwyOLEDB) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=OLEDB (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Info Outlook Server (Seagate Info Outlook Server) - Unknown owner - C:\Program Files\Seagate Software\Outlook Server\scimssrv.exe" -service (file missing)
O23 - Service: Seagate Analysis Server (Seagate Info Query Server) - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe" -service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
  • 0

#5
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Rename your copy of hijackthis.exe to searchfor.exe - it's possible that a nasty is interfering with the normal working of HJT in order to hide itself and renaming the .exe will get around this.

Also, run HJT:
  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager...
  • Click Save list... and save it to your Desktop.
  • Copy and paste the file uninstall_list.txt into your next reply.

  • 0

#6
nishasb

nishasb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:17:46 AM, on 10/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\Seagate Software\SI\X86\Server\distribution\holosdmn.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
C:\Program Files\eFax Messenger 4.2\J2GTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\CENTURY\WTERM\WTERM32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\hjt\searchfor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 192.1.2.215 hevelius
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINNT\system32\evjabsxr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {A9FC2C20-5CFC-42EC-8D59-61CFBBFE771F} - C:\Program Files\MSN Gaming Zone\vijyrocu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D3C08739-37D3-0873-A0AB-111349D56C93} - C:\WINNT\system32\jav.dll (file missing)
O2 - BHO: (no name) - {DEA1BEDC-9C9D-45AC-B282-A9522A571226} - C:\WINNT\system32\jkhfd.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [bzzbccac] RUNDLL32.EXE w56f8464.dll,n 005bcca70000001256f8464
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [pdfFactory Dispatcher v1] C:\WINNT\System32\spool\DRIVERS\W32X86\3\fppdis1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: eFax 4.2.lnk = C:\Program Files\eFax Messenger 4.2\J2GTray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.sxload.com
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {29EF91B9-7120-477C-A5CB-2D67F2FD088C} (TeleControl Class) - https://kvm.ialtd.com/rrc.cab
O16 - DPF: {30439117-02CA-4FBA-ADAF-84C2D8E2004D} (v3 silent install) - http://ialtd.com/cit...spv3fullchk.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin....nderControl.cab
O16 - DPF: {E1E65027-5BB8-4186-A619-81E219274CC8} (ExecuteViewer2 Class) - http://eqxlandesk/co...ENUrcviewer.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\NISHAD~1.CAY\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O17 - HKLM\Software\..\Telephony: DomainName = intranet.cayre.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = intranet.cayre.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfd - C:\WINNT\system32\jkhfd.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Info Agent (Crystal Info Agent) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\ciagnt32.exe" -service (file missing)
O23 - Service: Info APS (Crystal Info APS) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\aps32.exe" -service (file missing)
O23 - Service: Info Sentinel (Crystal Info Sentinel) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\sentnl32.exe" -service (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Info OLAP Server (Holosci) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\Server\distribution\holosdmn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Open OLAP NameShell - SI (NameShellSI) - Unknown owner - C:\Program Files\Seagate Software\SI\X86\OpenOlap\nameshell.exe" -SERVICE=SI (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Open OLAP Gateway - DB2 (oogwyDB2) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=DB2 (file missing)
O23 - Service: Open OLAP Gateway - ESSBASE (oogwyESSBASE) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=ESSBASE (file missing)
O23 - Service: Open OLAP Gateway - HDCHAPI (oogwyHDCHAPI) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=HDCHAPI (file missing)
O23 - Service: Open OLAP Gateway - METACUBE (oogwyMETACUBE) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=METACUBE (file missing)
O23 - Service: Open OLAP Gateway - OLEDB (oogwyOLEDB) - Unknown owner - C:\Program Files\Seagate Software\Open Olap\Support\oogwy.exe" -SERVICE=OLEDB (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: Info Outlook Server (Seagate Info Outlook Server) - Unknown owner - C:\Program Files\Seagate Software\Outlook Server\scimssrv.exe" -service (file missing)
O23 - Service: Seagate Analysis Server (Seagate Info Query Server) - Unknown owner - C:\Program Files\Seagate Software\Query Server\querysrv.exe" -service (file missing)
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
  • 0

#7
nishasb

nishasb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
Agere Systems AC'97 Modem
Ahead Nero BurnRights
AVG Anti-Spyware 7.5
BARCODE 2000
BlackBerry Desktop Software 4.0.1
BlackBerry Desktop Software 4.0.1
Citrix ICA Web Client
CoffeeCup Free HTML Editor
eFax Messenger 4.2
FinePrint pdfFactory
GemSAFE Libraries
Google Toolbar for Internet Explorer
HijackThis 1.99.1
hp LaserJet 1150 / 1300
IBM Informix Client-SDK
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
iPod Access for Windows v2.6
iPod for Windows 2005-11-17
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_12
LiveUpdate 2.5 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft Picture It! Photo Premium 9
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5)
Nero OEM
ORiNOCO 802.11b USB
Paint Shop Pro 7 ESD
PowerDVD
PS/2 Millennium Keyboard
Quicken 2004
QuickTime
RealPlayer Basic
Roxio Burn Engine
Seagate Info 7
Shockwave
Simplify Printing Client v3
SPv3 Full Client Web Push (nstl chk)
Spybot - Search & Destroy 1.4
Symantec AntiVirus Client
VNC 3.3.7
Windows Media Format Runtime
Windows Media Player 10
WinZip
XoftSpy
Yahoo! Messenger
  • 0

#8
Noviciate

Noviciate

    Confused Helper

  • Malware Removal
  • 1,567 posts
Download the Virtumonde Remover by Lavasoft from here and save it to your Desktop.
  • Double click Virtumonde_Remover.exe to begin.
  • Click I agree to accept the license agreement.
  • Click Scan and sit back.
  • If any targets are found you will be asked to neutralize - click Neutralize.
  • Once this is complete, the program will check if a reboot is recommended, and if so, you will have the option to do so immediately - let it reboot your PC.
  • Once the PC has rebooted, update Ad-Aware Lavasoft SE Personal and run a full system scan allowing it to fix everything it finds.
Post a fresh HJT log AND a description of how your PC is behaving.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP