Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan-spy.win32@mx

Started by Sumo , Oct 22 2006 09:47 AM

  • Please log in to reply

#1
Sumo
Posted 22 October 2006 - 09:47 AM

Sumo

    New Member

  • Member
  • Pip
  • 5 posts
alright I having a problem with a virus




here goes the test before safe mode

SmitFraudFix v2.112

Scan done at 11:42:44.70, Sun 10/22/2006
Run from C:\Documents and Settings\Sumo\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sumo


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sumo\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sumo\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

Advertisements

#2
Sumo
Posted 22 October 2006 - 10:13 AM

Sumo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
SmitFraudFix v2.112

Scan done at 12:02:28.10, Sun 10/22/2006
Run from C:\Documents and Settings\Sumo\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#3
Sumo
Posted 22 October 2006 - 10:26 AM

Sumo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
alright the above test was done in safemode

I am using AVG anti virus and it keeps picking up

trojan horse Generic2.EPI
or
Trojan horse Downloader Zlob.CT
or
Trojan horse Generic2.EWR

Attached Thumbnails

  • virus_definition.JPG
  • virus_definition2.JPG
  • virus_definition3.JPG

  • 0

#4
Sumo
Posted 23 October 2006 - 12:32 PM

Sumo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Well this is a scan I did of my computer with Panda ActiveScan

Incident Status Location

Spyware:Cookie/QuestionMarket Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Adrevolver Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Casalemedia Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.advertising.com/]
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Mediaplex Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Tradedoubler Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/VirusBurst Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[www.virusburst.com/]
Spyware:Cookie/Overture Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.overture.com/]
Spyware:Cookie/BurstNet Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Falkag Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Statcounter Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/PointRoll Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Overture Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Hitbox Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Valueclick Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected
C:\Documents and Settings\Sumo\Application Data\Mozilla\Firefox\Profiles\8b4oy1go.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Advertising Not disinfected
C:\Documents and Settings\Sumo\Cookies\sumo@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected
C:\Documents and Settings\Sumo\Cookies\sumo@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected
C:\Documents and Settings\Sumo\Cookies\sumo@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected
C:\Documents and Settings\Sumo\Cookies\sumo@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected
C:\Documents and Settings\Sumo\Desktop\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected
C:\Documents and Settings\Sumo\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp
Spyware:Cookie/2o7 Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50C.tmp
Spyware:Cookie/2o7 Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq975.tmp
Spyware:Cookie/Advertising Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq976.tmp
Spyware:Cookie/Atlas DMT Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq977.tmp
Spyware:Cookie/Doubleclick Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq978.tmp
Spyware:Cookie/Advertising Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBBD.tmp
Spyware:Cookie/Casalemedia Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBBE.tmp
Spyware:Cookie/Doubleclick Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBBF.tmp
Spyware:Cookie/FastClick Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC0.tmp
Spyware:Cookie/Mediaplex Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC1.tmp
Spyware:Cookie/PointRoll Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC2.tmp
Spyware:Cookie/QuestionMarket Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC3.tmp
Spyware:Cookie/RealMedia Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC4.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC5.tmp
Spyware:Cookie/Tribalfusion Not disinfected
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC6.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
  • 0

#5
Sumo
Posted 23 October 2006 - 12:54 PM

Sumo

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:51:58 PM, on 10/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1157665370\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ups.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\AOL\1157665370\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\1157665370\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\ATI Multimedia\PowerCinema\PCMService.exe
C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\Program Files\Common Files\AOL\1157665370\ee\aolsoftware.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Common Files\AOL\1157665370\ee\SSCEvtHdlr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Sumo\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nvidia.co...ge/support.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7b4d79df-9ef0-429d-a0e9-d9b138c6a53b} - C:\Program Files\MMediaCodec\isaddon.dll (file missing)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Protection Bar - {8aed5df3-6e0b-4930-b1a5-f8aa8d757497} - C:\Program Files\MMediaCodec\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton Ghost\Agent\GhostTray.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1157665370\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1157665370\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1157665370\ee\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [ATIService] "C:\Program Files\ATI Multimedia\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC} -
O20 - Winlogon Notify: RegCompact - C:\WINDOWS\SYSTEM32\RegCompact.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1157665370\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#6
Flrman1
Posted 25 October 2006 - 06:04 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi Sumo

Welcome to GTG! :whistling:

Sorry for the late reply. If you still need help with this, please do the following:

* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP