[Pixelghetto]

Hi, I am new here and have stuck upon a problem!

After googling for an hour, I have come across nothing that will help me with this problem.

What it is, all my "programs" shortcuts have ceased working, but when you right click the icon all the properties seem to be in order. But when you click them, you get the pop up about what software to open .lnk with.

I think I may have got the virus from some free dvd region changing software, as that was the last thing that I installed before it happened.

I have tried 2 systems restores, but the virus seems to be still there. I think its virus, I think I ok'd a registery setting and that could be whats doing this? I don't know as much about registey settings as I probably should do.

This is my Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 18:39:37, on 18/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\windows\System32\tcpsvcs.exe
C:\windows\System32\snmp.exe
C:\windows\System32\svchost.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\windows\soundman.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\windows\system32\LVComS.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\windows\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\SimonB\Desktop\FixWelch.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\SimonB\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.jlwdrzwtiesyztrsmf.com/7tqY9ry2JVmgKh3cwShBG/5QGAmJpDSWTZUYMrf_oTv/sN5MiZyjb9eK/p79e2ZC.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R3 - URLSearchHook: (no name) - _{5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: HOTLLAMA Update Check.lnk = C:\Program Files\HOTLLAMA Media\Player\WiseUpdt.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O4 - Startup: Shortcut to BT Voyager ADSL Modem Connection.lnk = ?
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004033001/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {D03A1C33-1913-4533-A8C1-F2C8D13045DE} - http://www.cjb.net/search.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1025972.exe
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/serialzip.cab
O16 - DPF: {E154E3CC-0C3A-4101-91D8-6B4876F0FD64} (PrintScreen Class) - http://www.mydisplayimage.com/create/Flash2Image.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn283.exe
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Thanks in advance for any help, this is seriously annoying to figure out!

[Advertisements]

Reply:
-----------------
I am looking over your log and I will be back with you shortly after my response is approved by one of the Geek U Moderators.
-----------------

[Salient]

Reply:
-----------------
I am looking over your log and I will be back with you shortly after my response is approved by one of the Geek U Moderators.
-----------------

[ScHwErV]

Hello and welcome to Geeks To Go.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please download Ewido security suite it is a trial version of the program.

• Install Ewido security suite
• Launch Ewido, there should be an icon on your desktop double-click it.
• The program will prompt you to update click the OK button
• The program will now go to the main screen

You will need to update ewido to the latest definition files.

• On the left hand side of the main screen click update
• Click on Start

The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:

• Click on scanner
• Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
• Click on Start Scan
• Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

• Click Save report
• Save the report to your desktop

+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

Update HiJackThis

• Open HiJackThis
• Click Open the Misc Tools Section
• Click Check for update online

+++++ Step 4 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.

If you have recieved help elsewhere or no longer need our assistance, please let us know.

Good Luck

ScHwErV

[ScHwErV]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.