[Wafna]

Hey there, I've run through the different programs you reccomend, starting with Adaware, (found and killed 217 items) and trend micro, (killed 1 of 2, second was killed after a reeboot to safe mode.) CWShredder found nothing, and spybot found ten... and could only hit 6 of them, even when running in safe mode.

It's my relative's computer, and I'm leaving tonight... so they'll be fixing it on their own. Please make the instructions easy and simple for them.

The hijack this log is as follows.

Logfile of HijackThis v1.99.1
Scan saved at 4:56:59 PM, on 14/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Chris\Desktop\virus&adware scanners\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VetTray] C:\Vet\VetTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKLM\..\Run: [FILE] C:\WINDOWS\abcdefg.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windll32.exe
O4 - HKLM\..\RunOnce: [System Mechanic Cache Cleanup] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CompleteCache
O4 - HKCU\..\Run: [Scheduled Maintenance] C:\Program Files\iolo\System Mechanic\Scheduled_Maintenance.exe
O4 - HKCU\..\Run: [Erase History at StartUp] C:\Program Files\iolo\System Mechanic\SysMechanic.exe /CleanHistory
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.2.4.1\InstallStub.exe -a
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windll32.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://*.hotmail.com
O15 - Trusted Zone: http://*.windowsupdate.com
O16 - DPF: ImageUploader - http://www.zorpia.co...ageUploader.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.co...laxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1103159682203
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O21 - SSODL: IntegrityChecker - {D1F01D31-476D-4CE3-B17C-E4971C45396A} - C:\WINDOWS\System32\webhdcom.nls
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Vet\isafe.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Speed Disk service - Sony Corporation - (no file)
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Vet\VetMsg.exe

the reli's may not know how to boot into safemode themselves, and I might not have time to show them... you might have to describe it to them in your instructions.

thanks again for all your help.

Yours in Service,
Wafna

[Advertisements]

I apologize for the delay getting to your log, the helpers here are very busy. If you are still having malware troubles, I will be glad to help. Due to the length of time passed, I need to see a new HijackThis Log.

You have a file on your system that some experts would like to take a look at, in order to help others. Can you please email this file:

C:\WINDOWS\abcdefg.exe

to submit[at]atribune.org ( replace [at] with @)

After that, please post a fresh HijackThis log in this thread.

Edited by insipid, 16 June 2005 - 06:24 PM.

[insipid]

I apologize for the delay getting to your log, the helpers here are very busy. If you are still having malware troubles, I will be glad to help. Due to the length of time passed, I need to see a new HijackThis Log.

You have a file on your system that some experts would like to take a look at, in order to help others. Can you please email this file:

C:\WINDOWS\abcdefg.exe

to submit[at]atribune.org ( replace [at] with @)

After that, please post a fresh HijackThis log in this thread.

Edited by insipid, 16 June 2005 - 06:24 PM.

[Wafna]

[edit] I understand the helpers are busy... looks like lots of folks getting hit by aurora.[/edit] I'll do what I can, I'm not living with my relatives anymore, who's computer it is. New log should be posted in 24 hours or so...

Edited by Wafna, 17 June 2005 - 02:16 PM.

[insipid]

I'll be here when you get to it, no hurry. Please, if you can, submit the file I mention, two experts asked me for it . Their efforts help us to help others.