Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Free baked goods in exchange for help! [RESOLVED]


  • This topic is locked This topic is locked

#1
meghani

meghani

    Member

  • Member
  • PipPip
  • 23 posts
HELP! I know, that's what they all say, but here's how I'm different:
If you can actually help me clean some of this cr@p up, I'll send you 2
dozen home baked cookies of your choice, in grateful appreciation of your
time. I'm serious - anything from fat-free vegan carrot raisin cookies
to triple chocolate chunk cookies that come with their own referral to
a cardiologist - fix my 'puter and they're yours!

Problems appear to have started this week. I have run all of the apps
listed below, with the results indicated. In each case, repeated scans,
fixes, and reboots result in the same scan results. Ran all tools in
Safe Mode, no apparent change.

Thanks in advance for your help!

Meghani

From Spy Sweeper:

Adware found: cws_ns3
Adware found: cws_tiny0
Adware found: cws_analyzeie
Adware found: psguard desktop hijacker
Adware found: psguard
Cookie found: cnt cookie
Adware found: cws-aboutblank
Adware found: coolwebsearch (cws)

From CWShredder:
None present (!?!?!? looking at above...)

From Spybot S&D:
CoolWWWSearch.Aff.Winshow

From Ad-Aware:
CoolWebSearch(TAC index:10):18 total references
MRU List(TAC index:0):2 total references

Logfile of HijackThis v1.99.1
Scan saved at 9:52:17 PM, on 6/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\crcg.exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\javajj.exe
C:\Documents and Settings\Meghan\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C8F9B1E9-AD1A-EF0D-DF96-10D544CD2876} - C:\WINDOWS\system32\apirk32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [javajj.exe] C:\WINDOWS\javajj.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...55/sdcregie.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://64.143.186.13...Q/bin/WebIQ.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend...ets/msie40x.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instants...erxsigned33.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.14...geWell-ipix.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi meghani and welcome to GeeksToGo! My name is Excal and I will be helping you.

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log so I can help you with your Malware Problems.

If you have resolved this issue please let us know.

:tazz:

Excal
  • 0

#3
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Thanks for your response. I am actually on vacation at the moment, so the delay was no trouble. Because of the vacation, my computer has been disconnected from the Internet and turned off since I posted the logs above. I assume that means that the logs won't have changed much in the interim...If that's not the case, then I'll be back home on the 26th and will post new logs then.

Thanks in advance for any help you can provide,
Meghani
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Meghani,

Hope you have a great time on your vacation. Here is your fix when u get back :tazz:

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {C8F9B1E9-AD1A-EF0D-DF96-10D544CD2876} - C:\WINDOWS\system32\apirk32.dll
O4 - HKLM\..\Run: [javajj.exe] C:\WINDOWS\javajj.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


7. click the Fix Checked box

8. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\crcg.exe
C:\WINDOWS\javajj.exe
C:\WINDOWS\system32\apirk32.dll


11. Run the program CleanUp!

10. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

11. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#5
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK, so I am back, and am trying to follow these instructions, but when I try to download CleanUp!, I get a message that this account has been suspended and to contact the billing/support department as soon as possible.

Please advise?

Thanks.
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
How was your vacation ;)


they changed links since your were gone, this one will work ;)


Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.
We will use this program later.


Thanks,

:tazz:

Excal
  • 0

#7
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK, in Safe Mode, the Hijackthis log is a little different than what's posted above, so not everything you say to fix is listed. Only the O4 javajj.exe and the O9 extra button are there. The other two are not.

Problem is, Computer 1 is the sick one, and in Safe Mode, I have no way to capture the log from there and put it onto Computer 2, where I am connected to the Internet. Do you need me to reboot Computer 1 into normal mode to repost the log?

Thanks again...
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi meghani,


Go ahead and boot to normal mode. Do a HiJackthis scan and see if those 2 other ones are there. If they are, check them off and fix them. Then reboot and post a fresh hijackthis log and the active scan log.


Thanks,

:tazz:

Excal
  • 0

#9
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Found all but the O2 on reboot. The only file available to delete through Explorer was javajj.exe.

ActiveScan:


Incident Status Location

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\appsd.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\gator*.log
Adware:Adware/SearchAid No disinfected Windows Registry
Adware:Adware/ExactSearch No disinfected C:\DOCUME~1\Meghan\LOCALS~1\Temp\blank.gif
Adware:Adware/CWS.HomeSearchAsisstantNo disinfected Windows Registry
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\wp.bmp
Adware:Adware/PsGuard No disinfected C:\Program Files\PSGuard
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\All Users\Desktop\PSGuard.lnk
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\Meghan\Application Data\Microsoft\Internet Explorer\Quick Launch\PSGuard.lnk
Adware:Adware/PsGuard No disinfected C:\Program Files\PSGuard\PSGuard.exe
Adware:Adware/PsGuard No disinfected C:\Program Files\PSGuard\PSGuardSkin.dll
Adware:Adware/PsGuard No disinfected C:\Program Files\PSGuard\Uninstall.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addbf32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addcu.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addgs.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addis.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addji32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addli.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addpt32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addqx.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addtu.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addyb.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apice32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apick.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apicr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apicv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apieb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiex.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiia32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiij32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiir32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apikg.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiky32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apilq32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apipx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apisg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apiur.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apizs.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apizx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apphu32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appiw.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appkp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apppq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appqt32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\apptb.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appti32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appul32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appvh32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appwa.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appxg.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\appzc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlay32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlbh.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlcs32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atldb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlev.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlmk.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlnj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlnp32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlpo.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlqg.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlwx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlyx.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atlzq.exe
Adware:Adware/Coupons No disinfected C:\WINDOWS\cpbrkpie.ocx
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crfq32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crfu32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crjg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crki32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crld32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crlo32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\croo.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crpc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crss.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crvx.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crxi.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\cryf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3cm32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3co.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3cy32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3db32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3in32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3lt.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3mj.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3nv32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3pf32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3tn.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3ui32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3us.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3xq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3yv.exe
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\duiek.dll
Adware:Adware/Gator No disinfected C:\WINDOWS\GatorHDPlugin.log-old.log
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieam.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iebq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iecj.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iedx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieek32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iegf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iehu32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieio.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieis.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iekb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iekj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iels.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iemc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieqe.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ieqn32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ierw.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ievp32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iewa.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iezo32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipab32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipcy32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipdc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipjj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipkq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipkr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipkv.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipky.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipln.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ippp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ippu.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iprl32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\iptk.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipxo.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javabi32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javadc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaiw.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javajl32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javana32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaoj.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javauc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javawm.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaxp32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaxt32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javayf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcak32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcas32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcck.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcew.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcim32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfctw.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfctz.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcuc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcvx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msau32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msby32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgd.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msgn.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msit.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msiv32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msiy32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mslr32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msmt32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msmy.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msnr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msod.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msph.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mspi32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msqb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mssb.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msue32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msvp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netai32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netbf.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netbs.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netex32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netiz.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netjl.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netld.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netmp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netnb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\nettc32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netvn.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\netzj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntcr.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntdg.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntfb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntip32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntiw32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntjh.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntmm.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntne32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntok.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntpa32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntuc.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntut.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntvb.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntww.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkbk32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkfb.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkhj32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdklw32.exe
  • 0

#10
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Oops, it wouldn't all fit. Logs are attached - please advise if you can't read them.

Thanks SO much for your help!

Attached Files


  • 0

Advertisements


#11
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Oops, one attachment got dropped. Here it is again.

Logfile of HijackThis v1.99.1
Scan saved at 3:11:37 PM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Meghan\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {70AB6A13-94F0-513A-F548-18F7897AEA93} - C:\WINDOWS\system32\appsd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...55/sdcregie.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://64.143.186.13...Q/bin/WebIQ.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend...ets/msie40x.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instants...erxsigned33.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.14...geWell-ipix.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Interesting, you have smithfraud infection also....wasn't even showing, consider your self lucky though, you usally lose your desktop :tazz: Lets see if we can get that out of there for you ;)

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.


DOWNLOAD PROGRAMS

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!


THE FIX

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


Open Ad-aware and do a full scan. Remove all it finds.


Now open Ewido Security Suite
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save Report
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!

Save the scan log and post it along with a new HijackThis Log and the Ewido Log by using Add Reply.

Let us know how your computer is running ;)
  • 0

#13
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Great topic title by the way. :tazz:
  • 0

#14
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Oh, but it isn't merely a topic title, it's a genuine offer! If Excal is willing to give me an address to send them to (and a cookie preference), I'll start baking!
  • 0

#15
meghani

meghani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
OK, I think I have followed all the steps to the letter. Here's the latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:01:51 PM, on 6/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe
C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\System32\hphmon03.exe
C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
C:\WINDOWS\System32\HPHipm09.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ntsg32.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\RunDLL32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Documents and Settings\Meghan\Desktop\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {70AB6A13-94F0-513A-F548-18F7897AEA93} - C:\WINDOWS\system32\appsd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HPHmon03] C:\WINDOWS\System32\hphmon03.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [ntsg32.exe] C:\WINDOWS\ntsg32.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [OfotoNow USB Detection] C:\WINDOWS\System32\RunDLL32.exe C:\PROGRA~1\Ofoto\OfotoNow\OFUSBS.DLL,WatchForConnection OfotoNow
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Yahoo! Euchre - http://download.game...nts/y/et1_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...55/sdcregie.cab
O16 - DPF: {38578BF0-0ABB-11D3-9330-0080C6F796A1} (Create and Print ActiveX Plug-in) - http://ak.imgag.com/...stall/AxCtp.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://64.143.186.13...Q/bin/WebIQ.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.14...tiveXImgCtl.CAB
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend...ets/msie40x.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instants...erxsigned33.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A82C3A33-5C0E-466C-B020-71585433A7E4} (PhxStudent.OeSetup15) - https://mycampus.pho...hxStudent15.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab33902.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.crtvg.es/camweb/camera.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} (iPIX Media Send Class) - http://216.249.24.14...geWell-ipix.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver - HP - C:\WINDOWS\System32\HPHipm09.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


The ActiveScan log is attached. Norton keeps reporting that OLEADM.DLL is infected with Trojan.desktophijack.B and that WININET.DLL is infected with W32.Desktophijack. Norton can't fix it even in Safe mode, and I can't delete the files - it says they are in use.

Now what?

Thanks in advance for any additional direction,
meghani

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP