Hi,
I think I have got this azsearch malware or worm or whatever thing on my PC and now everytime I open windows, there is Microsoft Visual C++ Runtime error on C:\Windows\Explorer.EXE
And I also got intermittent IE browsers pop up with ads. I didn't even open any browser at that time. This is really annoying.
Please help !!!
I am running MS XP Professional SP-1. And I have tried using Ad-aware SE Personal but every time I run there are about 12 Critical infected Objects or so with " Alexa" and everytime I reboot, there will be Visual C++ RunTime error and if I run Ad-Aware again, I will get the same infected Objects...
Here is the HijackThis Log...
Logfile of HijackThis v1.99.1
Scan saved at 2:56:41 PM, on 4/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\MS\SMS\CORE\BIN\CLISVCL.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRAM FILES\OfficeScan NT\pccntmon.exe
C:\PROGRA~1\IBM\IMNNQ\imnsvdem.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\IBM\IMNNQ\HTTPDL.exe
C:\WINDOWS\MS\SMS\clicomp\apa\Bin\smsapm32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\MS\SMS\CORE\BIN\Launch32.exe
C:\WINDOWS\MS\SMS\CLICOMP\SWDist32\bin\smsmon32.exe
D:\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gmail.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gmail.com...rver/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mycompany.us:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.mycompany.us;<local>
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\PROGRAM FILES\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - Global Startup: Microsoft Office Shortcut Bar.lnk = ?
O4 - Global Startup: Start HTML Search Server.lnk = C:\Program Files\SQLLIB\bin\db2nq.exe
O4 - Global Startup: Task Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O14 - IERESET.INF: START_PAGE_URL=http://www.gmail.com
O15 - Trusted Zone: http://www.gmail.com
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://s-salemrev-58...tivexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mycompany.com
O17 - HKLM\Software\..\Telephony: DomainName = mycompany.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{31486D93-7FD7-4A51-A106-441966F37239}: NameServer = 167.131.14.164,167.131.50.97,167.131.210.149
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mycompany.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{31486D93-7FD7-4A51-A106-441966F37239}: NameServer = 167.131.14.164,167.131.50.97,167.131.210.149
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = mycompany.com
O17 - HKLM\System\CS2\Services\Tcpip\..\{31486D93-7FD7-4A51-A106-441966F37239}: NameServer = 167.131.14.164,167.131.50.97,167.131.210.149
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: DB2 JDBC Applet Server - Control Center (DB2ControlCenterServer) - Unknown owner - C:\Program Files\SQLLIB\bin\db2ccs.exe
O23 - Service: DB2 JDBC Applet Server (DB2JDS) - Unknown owner - C:\Program Files\SQLLIB\bin\db2jds.exe
O23 - Service: DB2 Security Server (DB2NTSECSERVER) - International Business Machines Corporation - C:\Program Files\SQLLIB\bin\db2sec.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\PROGRAM FILES\OfficeScan NT\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\PROGRAM FILES\OfficeScan NT\OfcPfwSvc.exe
O23 - Service: Remote Console (RCONSVC) - Unknown owner - C:\WINDOWS\System32\rconsvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\PROGRAM FILES\OfficeScan NT\tmlisten.exe