been hit by Dr. Watson!
Started by
heerozeero
, Mar 25 2005 07:11 AM
#1
Posted 25 March 2005 - 07:11 AM
#2
Posted 25 March 2005 - 07:12 AM
Logfile of HijackThis v1.99.1
Scan saved at 9:01:25 PM, on 3/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [BLBo8] C:\WINDOWS\yafeflh.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirtualDrive] "E:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metroban...VBAuthentic.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://210.1.70.65/n...Crypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D8418A-73ED-4199-803D-F875C7A580DA}: NameServer = 210.5.68.147 203.172.17.204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
Scan saved at 9:01:25 PM, on 3/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [BLBo8] C:\WINDOWS\yafeflh.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirtualDrive] "E:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metroban...VBAuthentic.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://210.1.70.65/n...Crypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D8418A-73ED-4199-803D-F875C7A580DA}: NameServer = 210.5.68.147 203.172.17.204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe
#3
Posted 25 March 2005 - 09:33 AM
GTG Admins, Mods and Experts... please help! i would like to know if i still have bugs in my system. pls check my log! thank you!
#4
Guest_thatman_*
Posted 27 March 2005 - 08:16 AM
Hi heerozeero
Welcome to geekstogo
Please read through the instructions before you start (you may want to print this out).
Please set your system to show all files; please see here if you're unsure how to do this.
[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [BLBo8] C:\WINDOWS\yafeflh.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://210.1.70.65/n...Crypt/npkcx.cab
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:
C:\PROGRA~1\COMMON~1\tsa<--Delete the whole folder
C:\WINDOWS\yafeflh.exe<--Delete this file
crsss.exe<--Delete this file
Exit Explorer
Reboot as normal
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.
Kc
Welcome to geekstogo
Please read through the instructions before you start (you may want to print this out).
Please set your system to show all files; please see here if you're unsure how to do this.
[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [BLBo8] C:\WINDOWS\yafeflh.exe
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://210.1.70.65/n...Crypt/npkcx.cab
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Using Windows Explorer, locate the following files/folders, and delete them:
C:\PROGRA~1\COMMON~1\tsa<--Delete the whole folder
C:\WINDOWS\yafeflh.exe<--Delete this file
crsss.exe<--Delete this file
Exit Explorer
Reboot as normal
Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From both virus scans and HJT.log we will need them to remove previous infections that have left files on your system.
Kc
#5
Posted 29 March 2005 - 05:11 AM
sir kc,
thank you very much for replying!
i am very excited because i must admit that this is the first time i sought professional help through the net.
i followed the first part of your instructions. i closed all programs and ran an HJT scan. i successfully fixed
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://210.1.70.65/n...Crypt/npkcx.cab
but mysteriously,
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [BLBo8] C:\WINDOWS\yafeflh.exe
were not there anymore.
i rebooted into safe mode but TSA, YAFEFLH, and CRSSS was nowhere to be seen. now i am back in normal mode and scanning my PC using the online services you posted. will post back results!
thank you very much for replying!
i am very excited because i must admit that this is the first time i sought professional help through the net.
i followed the first part of your instructions. i closed all programs and ran an HJT scan. i successfully fixed
O4 - HKCU\..\RunServices: [start uploading] crsss.exe
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://210.1.70.65/n...Crypt/npkcx.cab
but mysteriously,
O4 - HKLM\..\Run: [Tsl2] C:\PROGRA~1\COMMON~1\tsa\tsl2.exe
O4 - HKLM\..\Run: [BLBo8] C:\WINDOWS\yafeflh.exe
were not there anymore.
i rebooted into safe mode but TSA, YAFEFLH, and CRSSS was nowhere to be seen. now i am back in normal mode and scanning my PC using the online services you posted. will post back results!
#6
Posted 29 March 2005 - 06:22 AM
this is the activescan log! housecall log after this...
---------------------------------------
Incident Status Location
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/WUpd No disinfected C:\Program Files\Windows SyncroAd
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\MIKE\Local Settings\Temp\temp.frD636\istsvc.exe
Adware:Adware/Trymedia No disinfected C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\iux6blrr.default\Cache\3537BDB5d01
Adware:Adware/Trymedia No disinfected C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\iux6blrr.default\Cache\C232E64Ad01
Adware:Adware/Trymedia No disinfected C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\iux6blrr.default\Cache\1C4F9ADDd01
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\rey\Local Settings\Temp\optimize.exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temp\iinstall17034.exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temp\targetsaver.exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temp\GLF8GLF8.EXE
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\OLMBO963\istrecover[1].exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\4LM70HEF\targetsaver[1].exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\S1EJ896F\sidefind[1].exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\45IBWXAJ\istsvc[1].exe
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\45IBWXAJ\ysb[1].dll
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\45IBWXAJ\optimize[1].exe
Adware:Adware/WUpd No disinfected C:\Program Files\Windows SyncroAd\CComm.dll
Virus:HackTool Disinfected E:\Installr\Internet\DARKICQ.EXE
Possible Virus. No disinfected E:\My Games\AirStrike 2\airstrike3d ii.exe
Virus:Trj/WmvDownloader.A Disinfected E:\My Shared Folder\Workout - Nude Aerobics XXX - GOOD.wmv
Virus:Trj/WmvDownloader.A Disinfected E:\My Shared Folder\Workout - Nude Aerobics XXX cd1.wmv
Virus:Kamikaze Renamed F:\1\HACKS\202.163.205.224\mmm sarap.txt
Adware:Adware/BrilliantDigitalNo disinfected F:\Kazaa\My Shared Folder\BDCORE.DLL
Virus:Trj/Banker.EG Disinfected F:\Kazaa\My Shared Folder\Corel Draw 11 Serials (1).exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\HeavyWeaponSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Worms3DSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\HeavyWeaponSetup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Worms3DSetup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\AssignmentBerlinSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\UplinkSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\StarWraith3-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\UplinkSetup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\BeachHead2002-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\AirportTycoon3Setup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\StarWraith3-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\AirportTycoon3Setup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\WormsFortsSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\MobEnf_Setup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Diplomacy-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Diplomacy-dm-1.exe
Adware:Adware/BrilliantDigitalNo disinfected F:\program files\Kazaa\BDCORE.DLL
Adware:Adware/BrilliantDigitalNo disinfected F:\Documents and Settings\Rey\Kazaa Lite\BDCORE.DLL
Adware:Adware/BrilliantDigitalNo disinfected F:\Documents and Settings\Rey\Kazaa\BDCORE.DLL
---------------------------------------
Incident Status Location
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/NavHelper No disinfected C:\Program Files\Ares
Adware:Adware/WUpd No disinfected C:\Program Files\Windows SyncroAd
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\MIKE\Local Settings\Temp\temp.frD636\istsvc.exe
Adware:Adware/Trymedia No disinfected C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\iux6blrr.default\Cache\3537BDB5d01
Adware:Adware/Trymedia No disinfected C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\iux6blrr.default\Cache\C232E64Ad01
Adware:Adware/Trymedia No disinfected C:\Documents and Settings\MIKE\Application Data\Mozilla\Firefox\Profiles\iux6blrr.default\Cache\1C4F9ADDd01
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\rey\Local Settings\Temp\optimize.exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temp\iinstall17034.exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temp\targetsaver.exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temp\GLF8GLF8.EXE
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\OLMBO963\istrecover[1].exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\4LM70HEF\targetsaver[1].exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\S1EJ896F\sidefind[1].exe
Adware:Adware/SideFind No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\45IBWXAJ\istsvc[1].exe
Spyware:Spyware/YourSiteBar No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\45IBWXAJ\ysb[1].dll
Spyware:Spyware/Dyfuca No disinfected C:\Documents and Settings\rey\Local Settings\Temporary Internet Files\Content.IE5\45IBWXAJ\optimize[1].exe
Adware:Adware/WUpd No disinfected C:\Program Files\Windows SyncroAd\CComm.dll
Virus:HackTool Disinfected E:\Installr\Internet\DARKICQ.EXE
Possible Virus. No disinfected E:\My Games\AirStrike 2\airstrike3d ii.exe
Virus:Trj/WmvDownloader.A Disinfected E:\My Shared Folder\Workout - Nude Aerobics XXX - GOOD.wmv
Virus:Trj/WmvDownloader.A Disinfected E:\My Shared Folder\Workout - Nude Aerobics XXX cd1.wmv
Virus:Kamikaze Renamed F:\1\HACKS\202.163.205.224\mmm sarap.txt
Adware:Adware/BrilliantDigitalNo disinfected F:\Kazaa\My Shared Folder\BDCORE.DLL
Virus:Trj/Banker.EG Disinfected F:\Kazaa\My Shared Folder\Corel Draw 11 Serials (1).exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\HeavyWeaponSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Worms3DSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\HeavyWeaponSetup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Worms3DSetup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\AssignmentBerlinSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\UplinkSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\StarWraith3-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\UplinkSetup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\BeachHead2002-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\AirportTycoon3Setup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\StarWraith3-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\AirportTycoon3Setup-dm-1.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\WormsFortsSetup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\MobEnf_Setup-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Diplomacy-dm.exe
Adware:Adware/Trymedia No disinfected F:\NEWMP3\Diplomacy-dm-1.exe
Adware:Adware/BrilliantDigitalNo disinfected F:\program files\Kazaa\BDCORE.DLL
Adware:Adware/BrilliantDigitalNo disinfected F:\Documents and Settings\Rey\Kazaa Lite\BDCORE.DLL
Adware:Adware/BrilliantDigitalNo disinfected F:\Documents and Settings\Rey\Kazaa\BDCORE.DLL
#7
Posted 29 March 2005 - 07:12 AM
odd... housecall didn't prompt me to save any logs... at any rate, it found lone virus and labelled it uncleanable. i deleted it without incident and ran HJT. hope i did good!
Logfile of HijackThis v1.99.1
Scan saved at 9:10:43 PM, on 3/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ntvdm.exe
E:\Program Files\Yahoo!\Messenger\YPager.exe
E:\PROGRA~1\YAHOO!\MESSEN~1\YSERVER.EXE
C:\HJT\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD
Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\Launch
Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirtualDrive] "E:\Program Files\FarStone\VirtualDrive\VDTask.exe"
/AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) -
https://www.metroban...VBAuthentic.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D8418A-73ED-4199-803D-F875C7A580DA}: NameServer =
210.5.68.147 203.172.17.204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 9:10:43 PM, on 3/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Nokia\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
E:\Program Files\FarStone\VirtualDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\Washer\washer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ntvdm.exe
E:\Program Files\Yahoo!\Messenger\YPager.exe
E:\PROGRA~1\YAHOO!\MESSEN~1\YSERVER.EXE
C:\HJT\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe
bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD
Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCSuiteTrayApplication] E:\Program Files\Nokia\Nokia PC Suite 6\Launch
Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [VirtualDrive] "E:\Program Files\FarStone\VirtualDrive\VDTask.exe"
/AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O8 - Extra context menu item: &Google Search - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -
E:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) -
https://www.metroban...VBAuthentic.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6D8418A-73ED-4199-803D-F875C7A580DA}: NameServer =
210.5.68.147 203.172.17.204
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -
C:\WINDOWS\system32\ZONELABS\vsmon.exe
#8
Guest_thatman_*
Posted 29 March 2005 - 07:14 AM
Hi heerozeero
Need some information and a new HijackThis.log.
1. Is this a multi-boot system
2. With every reply I will need a HijackThis.Log
Kc
Need some information and a new HijackThis.log.
1. Is this a multi-boot system
2. With every reply I will need a HijackThis.Log
Kc
#9
Posted 29 March 2005 - 07:17 AM
if multi-boot means a PC that allows multi OSs to be used, then no it is not. its all XP SP2. and a hijack log with every reply aye!
#10
Guest_thatman_*
Posted 29 March 2005 - 08:04 AM
Hi heerozeero
Download the CCleaner unzip the file to install.
Unzip the program then open the ccleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Double click on the ccleaner icon then run the program.
Reboot into safemode
Using windows Explorer delete the following files and folder: If Found
C:\Program Files\Ares<--Delete the whole folder
C:\Program Files\Windows SyncroAd<--Delete the whole folder
F:\program files\Kazaa<--Delete the whole folder
F:\Documents and Settings\Rey\Kazaa Lite<--Delete the whole folder
F:\Kazaa<--Delete the whole folder
F:\1\HACKS<--Delete the whole folder
F:\NEWMP3<--Delete the whole folder
Possible Virus. No disinfected E:\My Games\AirStrike 2\airstrike3d ii.exe<-- if this items did not come with your game you will need to remove it.
Now run the ccleaner again
Reboot back into normal mode
Post a new Panda scan.Log and a new HJT.Log
Kc
Download the CCleaner unzip the file to install.
Unzip the program then open the ccleaner.
Place a check by everything in the Applications tab.
Place a check by Internet Explorer, Windows explorer, and System in the Windows tab.
Double click on the ccleaner icon then run the program.
Reboot into safemode
Using windows Explorer delete the following files and folder: If Found
C:\Program Files\Ares<--Delete the whole folder
C:\Program Files\Windows SyncroAd<--Delete the whole folder
F:\program files\Kazaa<--Delete the whole folder
F:\Documents and Settings\Rey\Kazaa Lite<--Delete the whole folder
F:\Kazaa<--Delete the whole folder
F:\1\HACKS<--Delete the whole folder
F:\NEWMP3<--Delete the whole folder
Possible Virus. No disinfected E:\My Games\AirStrike 2\airstrike3d ii.exe<-- if this items did not come with your game you will need to remove it.
Now run the ccleaner again
Reboot back into normal mode
Post a new Panda scan.Log and a new HJT.Log
Kc
#11
Guest_thatman_*
Posted 15 April 2005 - 11:33 AM
No reply from user
Topic closed
Kc
Topic closed
Kc
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users