Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spring Cleaning


  • This topic is locked This topic is locked

#1
lickalot

lickalot

    New Member

  • Member
  • Pip
  • 6 posts
Hi I followed complete directions in the newbie forums and removed alot of evil sh!t from my machine, very excellent and descriptive directions. I just want to make sure the log looks ok now before I install SP2. Thank you for this wonderfull site you guys and/or gals rock!
Heres my newest log.

Logfile of HijackThis v1.99.1
Scan saved at 5:33:50 PM, on 4/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mwxlyytwcqgf] C:\WINDOWS\System32\uzeulx.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - AppInit_DLLs: sx8foymt6u6dim.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

As soon as you have done this, I will be happy to take a look at your log! :tazz:
  • 0

#3
lickalot

lickalot

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok now i have a problem, sp1a installed ok but took forever. now i cant get any applications to start including hijack this, or firefox, or any other basic programs, I was able to get IE to run luckily. i get ALOT of popups and task manager lists pop64 as a running app and that 100% of my memory is being used by gcasDtServ.exe which i believe is a microsoft antispyware file. any ideas? it seems to be very badly infected.
  • 0

#4
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Since you have IE working please go to http://www.howtotell.com (MS website) and click on "Windows Validation Assistant" - Let me know what it tells you after you fill it out! :tazz:
  • 0

#5
lickalot

lickalot

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok i was finally able to disable and uninstall microsoft antispyware... what a mess. anyhow the computer is functioning now. heres the new log after installing SP1a. thank you for your time it is enormously appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 8:21:05 PM, on 5/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\WINDOWS\seeve.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??mbols\wuaclt.exe
C:\Documents and Settings\Ben Dover\Application Data\otie.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Plextor\PlexTool.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [dsbkxij] c:\windows\system32\hmlkmf.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Araa] C:\Documents and Settings\Ben Dover\Application Data\brta.exe
O4 - HKCU\..\Run: [Siqt] C:\WINDOWS\System32\??mbols\wuaclt.exe
O4 - HKCU\..\Run: [Tecr] C:\Documents and Settings\Ben Dover\Application Data\otie.exe
O4 - HKCU\..\Run: [Tvltbdpq] C:\WINDOWS\System32\??curity\taskmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0

#6
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
we're going to tackle this in a couple of steps, ok?

Please run Notepad and copy the following text into a new file:

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode.
Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Open HijackThis
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

There will also be an item towards the bottom of the O4 section in HijackThis (it should be the last O4 item marked "HKLM", and it should be between the entries for O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe and O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl). This item will be marked with "garbage" random characters. However, it seems to be renaming itself so the name will most likely be different by the time you follow these directions. In your previous log it was:

O4 - HKLM\..\Run: [dsbkxij] c:\windows\system32\hmlkmf.exe

Whatever the name of the item is, check it. Then close all open windows except for HijackThis and click Fix Checked.
Then delete the file listed in the random O4 entry. In the above example you would delete
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

Restart your computer

Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Than let it rerun. Save that log too.

Post back here with a fresh log using HijackThis and both of the scan results
  • 0

#7
lickalot

lickalot

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok new logs... thank you for your time

Logfile of HijackThis v1.99.1
Scan saved at 6:52:01 PM, on 5/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Spyware [bleep]\security suite\ewidoctrl.exe
C:\Spyware [bleep]\security suite\ewidoguard.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\WINDOWS\seeve.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\??mbols\wuaclt.exe
C:\Documents and Settings\Ben Dover\Application Data\otie.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Plextor\PlexTool.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Araa] C:\Documents and Settings\Ben Dover\Application Data\brta.exe
O4 - HKCU\..\Run: [Siqt] C:\WINDOWS\System32\??mbols\wuaclt.exe
O4 - HKCU\..\Run: [Tecr] C:\Documents and Settings\Ben Dover\Application Data\otie.exe
O4 - HKCU\..\Run: [Tvltbdpq] C:\WINDOWS\System32\??curity\taskmgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Spyware [bleep]\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Spyware [bleep]\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:39:33 PM, 5/3/2005
+ Report-Checksum: 17B166D7

+ Date of database: 5/4/2005
+ Version of scan engine: v3.0

+ Duration: 26 min
+ Scanned Files: 80355
+ Speed: 50.94 Files/Second
+ Infected files: 50
+ Removed files: 48
+ Files put in quarantine: 48
+ Files that could not be opened: 0
+ Files that could not be cleaned: 2

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0022019.dll -> TrojanDownloader.Small.amg -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0022169.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0022171.exe -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0023024.EXE -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025028.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025030.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025032.EXE -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025033.DLL -> Spyware.DelphinMedia.f -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0025058.exe -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026024.EXE -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026041.exe -> Spyware.WebRebates.a -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026042.exe -> Spyware.TopRebates.a -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026045.DLL -> Spyware.WebSearch.ae -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026059.DLL -> Spyware.Toolbar -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026060.EXE -> Spyware.WebSearch.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026062.dll -> Spyware.EliteBar.z -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026063.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026067.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026068.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0026113.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP499\A0027157.exe -> Spyware.WebSpecial.a -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030300.ocx -> Spyware.DelphinMediaViewer.c -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030301.exe -> TrojanDropper.Small.gt -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030302.exe -> TrojanDownloader.Agent.am -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031380.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031453.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031653.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031657.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031658.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031659.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031671.EXE -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
C:\WINDOWS\SYSTEM32\sg.exe/03kd97fg.exe -> TrojanDropper.Small.gt -> Error during cleaning
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\mm15201518.Stub.exe -> Spyware.EZula.ah -> Cleaned with backup
C:\WINDOWS\__delete_on_reboot__Bolger.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Local Settings\Temporary Internet Files\Content.IE5\2RGTID2R\Bolger[1].dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\backups\backup-20050503-170149-795.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@clickagents[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@valueclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Ben Dover\Cookies\ben dover@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@www.eadexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP501\A0030299.exe -> TrojanDownloader.Swizzor.au -> Cleaned with backup


::Report End

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:49:55 PM, 5/3/2005
+ Report-Checksum: 8F48D032

+ Date of database: 5/4/2005
+ Version of scan engine: v3.0

+ Duration: 43 min
+ Scanned Files: 80731
+ Speed: 31.29 Files/Second
+ Infected files: 4
+ Removed files: 4
+ Files put in quarantine: 4
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\System Volume Information\_restore{91FB2F70-AE04-4279-BC2F-D9895A4C6D8B}\RP502\A0031680.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\sg.exe/03kd97fg.exe -> TrojanDropper.Small.gt -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\Ben Dover\Cookies\ben dover@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup


::Report End
  • 0

#8
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.


Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the services called:

System Startup Service

or

SvcProc

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

SvcProc
Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe
O4 - HKCU\..\Run: [igmpagnt] C:\WINDOWS\System32\igmpagnt.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [Araa] C:\Documents and Settings\Ben Dover\Application Data\brta.exe
O4 - HKCU\..\Run: [Siqt] C:\WINDOWS\System32\??mbols\wuaclt.exe
O4 - HKCU\..\Run: [Tecr] C:\Documents and Settings\Ben Dover\Application Data\otie.exe
O4 - HKCU\..\Run: [Tvltbdpq] C:\WINDOWS\System32\??curity\taskmgr.exe
O4 - Global Startup: PlexTools.lnk = C:\Program Files\Plextor\PlexTool.exe
O9 - Extra button: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B6A5C623-417D-48A7-8A36-889F3948BD8E} - (no file) (HKCU)
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe


Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\Nail.exe
C:\WINDOWS\seeve.exe
c:\wp.exe
C:\Documents and Settings\Ben Dover\Application Data\brta.exe
C:\WINDOWS\System32\??mbols\wuaclt.exe
C:\Documents and Settings\Ben Dover\Application Data\otie.exe
C:\WINDOWS\System32\??curity\taskmgr.exe <<Note the ??'s in the file name. ONLY delete the file with the ??'s
C:\Program Files\Plextor\PlexTool.exe


reboot normally and post a fresh HJT log here for review. There may be another step or two to take, but we're getting there! :tazz:
  • 0

#9
lickalot

lickalot

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok things are looking up here! i encountered one problem in that i was not able to locate under the windows services any listings for windows startup services or SvcProc. and i did not delete the plextool.exe application as it runs in conjunction with my Plextor cdr/w drive. if it is infected i could uninstall it and reinstall it at a later time. and i was unable to find the directories with the ??? in them is there something i am not informed of here?
ok i am posting my new log thank you for being so patient :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 6:48:23 PM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Ben Dover\Desktop\hijackthis_199\HijackThis.exe

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [tray.exe] "C:\Program Files\Paragon Software\Paragon CD-ROM Emulator\tray.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG311v2 Smart Configuration.lnk = C:\Program Files\NETGEAR WG311v2 Adapter\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108788657265
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

#10
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
How are things running now? That's a clean log! :tazz: The files sometimes aren't found b/c HJT deletes them. We just ask you to look to be sure. As far as the Plexor, I'm sorry about that. That was a bad copy/paste on my part. ;)

Let me know how things are now!
  • 0

#11
lickalot

lickalot

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
very nice! now i am ready for sp2 i think....
thank you so much for the help!
  • 0

#12
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
yes please DO get SP2 installed!

Congratulations! :tazz: Your log is clean! ;)
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

This thread is being closed as it is resovled. If you need help in the future, please feel free to start a new topic! ;)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP