Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Desktop Popups

Started by CDP4444 , Nov 14 2006 11:39 AM

  • This topic is locked This topic is locked

#1
CDP4444
Posted 14 November 2006 - 11:39 AM

CDP4444

    New Member

  • Member
  • Pip
  • 9 posts
Hello,

I have run the ATF Cleaner, Adaware Scan, AVG Antivus, Spybot and Panda Online Activescan. The Panda scan still shows some items that I am not sure how to get rid of. Thank you for any help you can offer. Here are my logs

Panda Scan Log

Incident Status Location

Adware:adware/commad Not disinfected Windows Registry
Adware:adware/yazzle Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adrevolver[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Chris\Cookies\chris@adtech[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris\Cookies\chris@belnk[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Chris\Cookies\chris@casalemedia[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Chris\Cookies\[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Chris\Cookies\chris@realmedia[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Chris\Cookies\chris@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Chris\Cookies\chris@tribalfusion[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Chris\Cookies\chris@zedo[2].txt
Possible Virus. Renamed C:\Documents and Settings\Chris\My Documents\??stem32\d?xplore.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{30FAD9F7-0D3F-1033-1011-040610040001}\Uninst.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Q2hyaXM\kZ1Vurg.vbs
Possible Virus. Not disinfected C:\WINDOWS\SYSTEM32\extsdmoe.exe

Logfile of HijackThis v1.99.1
Scan saved at 8:55:44 AM, on 11/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.micro...ult.aspx?pr=drx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup162.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe (file missing)
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Thanks Again
  • 0

Advertisements

#2
Ryan
Posted 20 November 2006 - 11:59 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Hi there, and welcome to geekstogo. I am sorry for the delay in getting to your post, we are very busy in the malware area.

If you still require assistance, please post a new hijack this log. If you have resolved this issue, please let me know so that I may close this topic.

-Ryan
  • 0

#3
CDP4444
Posted 21 November 2006 - 10:54 AM

CDP4444

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks for the response. I understand that you guys are up to your eyeballs in this stuff. I was able to find a self help section over at Tom Coyotes website and was able to get this off. It was the OIN popup virus, I used a thing called hosts.zip, Oiuninstaller and Combofix, along with AVG virus scan. If it wouldn't be too much trouble maybe you could review my HJT logs, etc. to make sure there is nothing that I am missing. If it is something I should have them do, just let me know. Thanks. Chris

Chris - 06-11-20 11:45:02.46 Service Pack 2
ComboFix 06.11.19 - Running from: "C:\Documents and Settings\Chris\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Cowabanga
C:\Program Files\Common Files\{80FAD9F7-0D3F-1033-1011-040610040001}
C:\WINDOWS\Q2hyaXM

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Documents and Settings\Chris\My Documents\STEM32~1
C:\QooBox\Purity\Documents and Settings\Chris\My Documents\STEM32~1\d?xplore_exe.vir
C:\QooBox\Purity\Program Files\YMBOLS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\WNSXS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\WNSXS~1\WNSXS~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-20 to 2006-11-20 ))))))))))))))))))))))))))))))))))


2006-11-19 10:31 69 --a-s---- C:\WINDOWS\test.bat
2006-11-13 08:13 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-13 08:13 <DIR> d-------- C:\Program Files\Grisoft
2006-11-12 21:40 <DIR> d-------- C:\Program Files\Enigma Software Group
2006-11-12 16:41 <DIR> d-------- C:\WINDOWS\oqqm
2006-11-12 16:41 <DIR> d-------- C:\Program Files\Common Files\oqqm
2006-11-10 21:45 <DIR> d-------- C:\Scenario
2006-10-30 22:18 <DIR> d-------- C:\temp
2006-10-23 13:54 <DIR> d-------- C:\Program Files\Craftsman


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-20 11:45 -------- d-------- C:\Program Files\Common Files
2006-11-20 11:43 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-20 08:53 -------- d-------- C:\Program Files\Internet Explorer
2006-11-20 08:52 -------- d-------- C:\Program Files\eFax Messenger 4.0
2006-11-20 08:52 -------- d-------- C:\Program Files\eFax Messenger 3.5
2006-11-20 08:34 -------- d-------- C:\Program Files\Audio Converter
2006-11-20 07:58 -------- d-------- C:\Program Files\WinZip
2006-11-20 07:58 -------- d-------- C:\Program Files\WinRAR
2006-11-19 21:21 -------- d-------- C:\Program Files\Lavasoft
2006-11-19 21:21 -------- d-------- C:\Documents and Settings\Chris\Application Data\Lavasoft
2006-11-14 22:57 -------- d-------- C:\Program Files\PokerStars
2006-11-14 08:42 -------- d-------- C:\Program Files\CleanUp!
2006-11-13 10:06 -------- d-------- C:\Program Files\Java
2006-11-13 09:51 -------- d-------- C:\Program Files\Setup
2006-11-13 09:51 -------- d-------- C:\Program Files\DSplayer_WhenUSave_Installer
2006-11-10 15:53 -------- d-------- C:\Documents and Settings\Chris\Application Data\IGN_DLM
2006-11-02 19:57 -------- d-------- C:\Program Files\Tweak-XP Pro 4
2006-10-29 21:54 -------- d-------- C:\Program Files\Bodog Poker
2006-10-16 21:44 -------- d-------- C:\Program Files\Poker Indicator
2006-10-15 15:38 -------- d-------- C:\Documents and Settings\Chris\Application Data\CyberLink
2006-10-15 15:33 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-15 15:33 -------- d-------- C:\Program Files\CyberLink
2006-10-14 20:15 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-14 20:15 249856 --------- C:\WINDOWS\Setup1.exe
2006-10-12 17:14 -------- d-------- C:\Documents and Settings\Chris\Application Data\IDMComp
2006-10-12 17:13 -------- d-------- C:\Program Files\IDM Computer Solutions
2006-10-10 18:19 -------- d-------- C:\Program Files\EA GAMES
2006-10-10 18:19 -------- d-------- C:\Documents and Settings\Chris\Application Data\InstallShield
2006-10-10 13:35 -------- d-------- C:\Documents and Settings\Chris\Application Data\funkitron
2006-10-09 12:20 -------- d-------- C:\Program Files\Inspiration 7.5
2006-10-09 12:19 -------- d-------- C:\Documents and Settings\Chris\Application Data\Inspiration Software


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"KernelFaultCheck"="%systemroot%\\system32\\dumprep 0 -k"
"IAAnotif"="\"C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe\""
"CTSysVol"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\Surround Mixer\\CTSysVol.exe\" /r"
"CTHelper"="CTHELPER.EXE"
"CTDVDDET"="\"C:\\Program Files\\Creative\\SBAudigy2ZS\\DVDAudio\\CTDVDDET.EXE\""
"ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:df,00,00,00
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20061120-075535-609
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Q2hyaXM\command.exe (file missing)
backup-20061120-075535-332
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup162.cab
backup-20061120-075535-389
R3 - URLSearchHook: (no name) - {109E0811-94D0-C300-D7F3-CD693EAEDCC5} - C:\WINDOWS\system32\ydfwaji.dll (file missing)
backup-20061120-075535-834
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20061120-075535-866
O4 - HKCU\..\Run: [Vnmrj] C:\Program Files\?ymbols\w?crtupd.exe
backup-20061120-075535-229
O2 - BHO: (no name) - {109E0811-94D0-C300-D7F3-CD693EAEDCC5} - C:\WINDOWS\system32\ydfwaji.dll (file missing)
backup-20061120-075535-133
O4 - HKCU\..\Run: [Sen] "C:\WINDOWS\system32\WNSXS~1\winlogon.exe" -vt ndrv
backup-20061112-192507-766
R3 - URLSearchHook: (no name) - {A7174C16-D188-865B-8BA6-D828EA73349C} - C:\WINDOWS\system32\hmubvjn.dll
backup-20061112-192507-755
O4 - HKCU\..\Run: [Jibsll] C:\Documents and Settings\Chris\My Documents\??stem32\d?xplore.exe
backup-20061112-192507-545
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20061112-192507-941
O2 - BHO: (no name) - {A7174C16-D188-865B-8BA6-D828EA73349C} - C:\WINDOWS\system32\hmubvjn.dll
backup-20060912-214425-506
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20060912-214425-423
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
backup-20060725-001255-521
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
backup-20051108-120831-579
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
backup-20051108-120831-615
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
backup-20051108-120831-196
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
backup-20051105-151906-434
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
backup-20051105-151746-694
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
backup-20051105-145147-574
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://66.29.7.159/t...free_access.cab
backup-20051105-145147-399
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
backup-20051105-145147-179
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
backup-20051105-145147-482
R3 - Default URLSearchHook is missing
Completion time: 06-11-20 11:52:34.78
C:\ComboFix.txt ... 06-11-20 11:52


Logfile of HijackThis v1.99.1
Scan saved at 1:36:29 PM, on 11/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.micro...ult.aspx?pr=drx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

Thanks again
  • 0

#4
Ryan
Posted 21 November 2006 - 02:38 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan
  • 0

#5
CDP4444
Posted 21 November 2006 - 02:57 PM

CDP4444

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks Ryan, here is a copy of the uninstall list from HJT.

Chris

«UCB»Clan Map Pack V 4.0
3ivx D4 4.5.1 (remove only)
A RobFantastic MP3 Encoder
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
Adobe Shockwave Player
Advanced WMA Workshop version 2.1rc2
Ahead Nero - Burning Rom
Armed and Dangerous
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
Audio Converter 5.1
avast! Antivirus
AVG Anti-Spyware 7.5
Azure Sheep
Banctec Service Agreement
Battlefield 2™
Battlefield 2: Special Forces
Battlefield 2142 Demo
Bazooka Scanner
Beta 1
BitTorrent 4.20.8
Blast Thru
Bodog Poker Version 2.4.0.19
BrainBread UPDATE v1.1
BrainBread v1.2
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
BTB Airlines Public Beta 1.03
Carnivores Cityscape
CDMaster32
CleanUp!
Codename WCC Coop
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
ContextPlus
Dance's World Beta 2.0
dBpowerAMP Music Converter
DC Realism Patch 0.81
Dell Driver Reset Tool
Delta Force: Xtreme - Demo
DesignPro 5.0 Limited Edition
Destructive Forces 1.1
DinoHunters Version 1.4
DivX
DivX Player
EAX4 Unified Redist
eFax Messenger 3.5
eFax Messenger 4.0
Escape from the Darkness 1.0
FilePlanet Download Manager 2.0
GameSpy Arcade
GMEAV 1.2
GModSecurity Recovery Tool
Google Video Player
Ground Control
Half-Life
Half-Life 2: Jaykin' Bacon Source
Half-Life Model Viewer 1.25
Half-Life: Opposing Force
HijackThis 1.99.1
hp officejet d series
Inspiration 7.5
Intel Application Accelerator
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 9
Jail Escape
Java 2 Runtime Environment, SE v1.4.2_03
Jetz
Kid Pix Deluxe 4
L&H TTS3000 Español
Lame ACM MP3 Codec
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 4.8.1
Logitech MouseWare 9.79
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Halo
Microsoft Halo Custom Edition
Microsoft Office 2000 Premium
Microsoft Rise Of Nations
Microsoft Text-to-Speech Engine 4.0 (English)
Mozilla Firefox (1.5.0.8)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MuvAudio
Napster
Napster Burn Engine
Natural Selection 3.1
NextWish's Counter-Strike Script
Night at the Office
NitroFamily
No One Lives Forever 2
NSIS MCG
PAF CSS Fun Yard Map Pack
PAF Firearms Map Pack 1
PAF Rat Pack
Panda ActiveScan
Pariah
Point Of View 1.1
Poke646 1.0
Poker Indicator 1.6.9
PokerStars
PowerDVD
Project: Snowblind 1.0
Punch! Professional Home Design - Platinum
Quicken 2006
Quicken WillMaker Plus 2006
QuickTime
RealPlayer
Resident Evil, Outbreak Mission 1
Resident Evil, The Awakening Part 1 1.2
Rise of Nations Thrones and Patriots
RzE's CS Helper
Serious Boot BETA v0.1
Serious Sam 2
Serious Sam XBOX for SS:SE 1.0
Serious Sam: The First Encounter
Serious Sam: The Second Encounter
Sierra Utilities
Soldier of Fortune Platinum
Sound Blaster Audigy 2 ZS
Spybot - Search & Destroy 1.4
Stage2-The Gate Install
Star Wars Galactic Battlegrounds
Star Wars JK II Jedi Outcast
Star Wars Republic Commando
Starship Troopers
Steam
Strike Force V3.01
Sven Co-op 3.0
SWAT 4
SWAT 4 - The Stetchkov Syndicate
Synergy Mod 1.0 Beta (Client)
Tactical War Version 0.1
TaskInfo2003 5.0.1.104
TeamSpeak 2 RC2
The Home Depot West ProBook CD
The Incredible Machine: Even More Contraptions
The Trenches
Times of Troubles 1.1
Tribes Vengeance
TurboTax Deluxe 2004
TurboTax ItsDeductible 2005
TurboTax Premier 2005
Tweak-XP Pro 4
TYS
UCB Co-Op Mod v1.3
UltraEdit-32
Unreal 2 Expanded Multiplayer
Unreal II
Unreal Tournament 2004
Urban Assault 0.1
VenShinra Co-Op 1.5
Ventrilo Client
Virtuosa
WexTech AnswerWorks
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
WinRAR archiver
WinZip
WONswap
Xfire (remove only)
XviD MPEG-4 Video Codec
XviD MPEG4 Video Codec v1.0.3 (remove only)
Zombie-X 1.0 Final Setup
  • 0

#6
Ryan
Posted 21 November 2006 - 07:57 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.


In the Control Panel, go to Add/Remove Programs and remove the following programs:

ContextPlus
WONswap



Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.

-Ryan
  • 0

#7
CDP4444
Posted 21 November 2006 - 08:06 PM

CDP4444

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks Ryan. Here are the results:

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Chris\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 6:05:30 PM, on 11/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.micro...ult.aspx?pr=drx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
  • 0

#8
Ryan
Posted 22 November 2006 - 01:33 AM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan and let me know how your computer is working.
-Ryan
  • 0

#9
CDP4444
Posted 22 November 2006 - 01:54 PM

CDP4444

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hello Ryan,

I ran AVG in safe mode as you suggested. Things seem to be running quite smoothly at the moment. I have not run Internet Explorer yet only Firefox to access the internet. Thanks for your help and let me know if you have any other suggestions.

Thanks,
Chris

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:48:42 AM 11/22/2006

+ Scan result:



C:\Documents and Settings\Chris\Desktop\DAD\Utilities\OiUninstaller.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).


::Report end
  • 0

#10
Ryan
Posted 23 November 2006 - 09:37 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Sorry for the delay.

The AVG log looks great :whistling:

Can you please post a new HiJack This log please.

-Ryan
  • 0

#11
CDP4444
Posted 24 November 2006 - 12:34 AM

CDP4444

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
No problem Ryan, I hope you had a good Thanksgiving. :whistling: The AVG did look very good but I was surprised to see anything there. Here is a HJT log from today. Thanks for all of your help with this, I really do appreciate it.

Chris

Logfile of HijackThis v1.99.1
Scan saved at 10:32:05 PM, on 11/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Valve\Steam\Steam.exe
C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.micro...ult.aspx?pr=drx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe"
O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
  • 0

#12
Ryan
Posted 25 November 2006 - 12:48 AM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Congratulations, your log is CLEAN :whistling:

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 2 free ones available for personal use:and a good antivirus (these are also free for personal use):It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visitmonthly. And to keep your system clean run these free malware scannersweekly, and be aware of what emails you open and websites you visit.

We highly recommend installing SP2 (if you haven't already). Click here: http://windowsupdate.microsoft.com/.
-or-
It's a very large download, so if you're on dial-up, order a free CD here:
http://www.microsoft...default810.mspx


To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Do you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.

-Ryan
  • 0

#13
Ryan
Posted 26 November 2006 - 12:31 PM

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP