Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AURORA SPYWARE [RESOLVED]


  • This topic is locked This topic is locked

#1
Mattoman_501

Mattoman_501

    Member

  • Member
  • PipPip
  • 14 posts
Im getting this spyware called aurora and its so annoying i get it almost every minute. Im Am unable to download any service packs due to a invalid product key.

I ran a scan on hjackthis and also looked at some previous posts but im still unsure on how to get rid of it

Logfile of HijackThis v1.99.1
Scan saved at 9:05:30 AM, on 6/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\drivers\dcfssvc.exe
F:\WINDOWS\System32\gearsec.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\Explorer.exe
F:\Program Files\McAfee\McAfee Firewall\CPD.EXE
F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
F:\Program Files\Telstra\Cable Login\bpcable.exe
F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
F:\Program Files\Messenger Plus! 3\MsgPlus.exe
F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\Program Files\winupdate\winupdate.exe
F:\Program Files\Media Access\MediaAccK.exe
F:\Program Files\ISTsvc\istsvc.exe
F:\WINDOWS\aaokyhc.exe
F:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Wtakiuf\Czezwau.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\Media Access\MediaAccess.exe
F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
f:\windows\system32\xvvxnvk.exe
F:\Program Files\iPod\bin\iPodService.exe
F:\Program Files\Internet Optimizer\actalert.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\WINDOWS\System32\wuauclt.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Matt\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.c...v=6&aff=6413375
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.c...v=6&aff=6413375
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/en/root/cdrom.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*;localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
O1 - Hosts file is located at: F:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - F:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - F:\Program Files\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - F:\WINDOWS\System32\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [alchem] F:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "F:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdate] F:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Media Access] F:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] F:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [fBFYf5E] F:\WINDOWS\aaokyhc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Nbhdqyjy] C:\Program Files\Wtakiuf\Czezwau.exe
O4 - HKLM\..\Run: [shxbiv] f:\windows\system32\xvvxnvk.exe
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [Registry Cleaner] "F:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - F:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.13....chm::/file.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - F:\WINDOWS\System32\xplugin.dll
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - F:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - F:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: gearsec - GEAR Software - F:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - F:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe

Im very unfamiliar with this log but hopefully you can help me
thanks in advance

Edited by Mattoman_501, 17 June 2005 - 05:17 PM.

  • 0

Advertisements


#2
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey guys anyone help me> this is really annoying spyware

Edited by Mattoman_501, 17 June 2005 - 07:12 PM.

  • 0

#3
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Come on guys i need help badly
  • 0

#4
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Still no answer......
  • 0

#5
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
come on guys some1 look at this log
  • 0

#6
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
still nothing.......
  • 0

#7
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Did you ever notice the line Do not 'bump' or reply to your topic.

It is there for a reason. If you post in your own thread it looks to us as if someone is helping you.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#8
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok did everything but came into some problems,
First problem When i double clicked on the nailfix file it said this
"The system is not suitable for running MS DOS and microsfot windows applications click close to terminate the program
I click the other file - Process anyway
2nd problem Ewido saud DATA BASE COULD NOT BE FOUND PLEASE RUN AN ONLINE UPDATE
So i updated it and i performed a hijax scan ayaway and my results where this


Logfile of HijackThis v1.99.1
Scan saved at 6:44:27 PM, on 6/19/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\system32\NOTEPAD.EXE
F:\WINDOWS\explorer.exe
F:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.c...v=6&aff=6413375
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.c...v=6&aff=6413375
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/en/root/cdrom.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*;localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
O1 - Hosts file is located at: F:\WINDOWS\nsdb\hosts
O1 - Hosts: 82.179.166.164 lender-search.com
O1 - Hosts: 82.179.166.165 hot-searches.com
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - F:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - F:\Program Files\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - F:\WINDOWS\System32\apuc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [alchem] F:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "F:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [Task manager] TikTo.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdate] F:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Media Access] F:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] F:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [fBFYf5E] F:\WINDOWS\aaokyhc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Nbhdqyjy] C:\Program Files\Wtakiuf\Czezwau.exe
O4 - HKLM\..\Run: [jtqloog] f:\windows\system32\ekgxkgs.exe
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [Registry Cleaner] "F:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - F:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.13....chm::/file.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - F:\WINDOWS\System32\xplugin.dll
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - F:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - F:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: gearsec - GEAR Software - F:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - F:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - f:\windows\SvcProc.exe (file missing)
pLEASE GET BACK TO ME MAN

Edited by Mattoman_501, 19 June 2005 - 02:55 AM.

  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Let's see if we can disable some of the worst cr@p.
It looks like the result of years of collecting.
How long ago is it that Kaspersky was last updated?

Download CWShredder from http://www.intermute...r_download.html
Use the Fix button.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://best-search.c...v=6&aff=6413375
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://best-search.c...v=6&aff=6413375

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *hot-searches.com*;*lender-search.com*;localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe F:\WINDOWS\Nail.exe
O1 - Hosts file is located at: F:\WINDOWS\nsdb\hosts

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - F:\WINDOWS\nem220.dll

O2 - BHO: Setup.Setup1 - {2E65A557-173C-4DE9-860B-28FC5CACA542} - F:\DOCUME~1\ALLUSE~1\APPLIC~1\Setup\Setup.dll (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - F:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - F:\Program Files\SideFind\sfbho.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - F:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - F:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - F:\WINDOWS\System32\apuc.dll

O4 - HKLM\..\Run: [alchem] F:\WINDOWS\alchem.exe

O4 - HKLM\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\Run: [Task manager] TikTo.exe

O4 - HKLM\..\Run: [winupdate] F:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [Media Access] F:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [IST Service] F:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [fBFYf5E] F:\WINDOWS\aaokyhc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Nbhdqyjy] C:\Program Files\Wtakiuf\Czezwau.exe
O4 - HKLM\..\Run: [jtqloog] f:\windows\system32\ekgxkgs.exe
O4 - HKLM\..\RunServices: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKLM\..\RunServices: [Task manager] TikTo.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe

O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Task manager] TikTo.exe

O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - F:\Program Files\SideFind\sidefind.dll

O16 - DPF: {10000000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 - DPF: {14A3221B-1678-1982-A355-7263B1281987} - ms-its:mhtml:file://C:\foo.mht!http://82.179.166.13....chm::/file.exe

O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.konti...current/kdx.cab

O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - F:\WINDOWS\System32\xplugin.dll

O23 - Service: System Startup Service (SvcProc) - Unknown owner - f:\windows\SvcProc.exe (file missing)

Reboot and try updating Ewido or Kaspersky (whatever works) and run a full system scan in safe mode.

Post back with a scanlog and and a new HijackThis log.

Regards,
  • 0

#10
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Ok, Thanks so much for all your help so far seeing as im using 40 somthing GB of my hard drive i will do the scan over night and post results tomorrow
  • 0

Advertisements


#11
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
OK. :tazz:
  • 0

#12
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hey heres the Report

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:09:14 PM, 6/22/2005
+ Report-Checksum: 2389759A

+ Date of database: 6/22/2005
+ Version of scan engine: v3.0

+ Duration: 217 min
+ Scanned Files: 174430
+ Speed: 13.34 Files/Second
+ Infected files: 31
+ Removed files: 30
+ Files put in quarantine: 30
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
F:\

+ Scan result:
F:\Documents and Settings\Matt\Cookies\matt@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
F:\Documents and Settings\Matt\Cookies\matt@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
F:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
F:\Documents and Settings\Matt\Cookies\matt@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
F:\Documents and Settings\Matt\Cookies\matt@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
F:\Documents and Settings\Matt\Cookies\matt@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
F:\Documents and Settings\Matt\Local Settings\Temp\fWWY1vQ.exe -> TrojanDownloader.IstBar.kh -> Cleaned with backup
F:\Documents and Settings\Matt\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.kh -> Cleaned with backup
F:\WINDOWS\Downloaded Program Files\BridgeX.dll -> TrojanDownloader.Briss.a -> Cleaned with backup
F:\WINDOWS\Downloaded Program Files\CONFLICT.1\sp.exe -> Trojan.Spooner.f -> Cleaned with backup
F:\WINDOWS\Downloaded Program Files\CONFLICT.2\sp.exe -> Trojan.Spooner.f -> Cleaned with backup
F:\WINDOWS\Downloaded Program Files\CONFLICT.3\sp.exe -> Trojan.Spooner.f -> Cleaned with backup
F:\WINDOWS\Downloaded Program Files\gsda.dll -> Dialer.Generic -> Cleaned with backup
F:\WINDOWS\Downloaded Program Files\ISTactivex.dll -> TrojanDownloader.Istbar.Gen -> Cleaned with backup
F:\WINDOWS\Downloaded Program Files\sp.exe -> Trojan.Spooner.f -> Cleaned with backup
F:\WINDOWS\LastGood\preInsTT.exe -> Trojan.KeyHost.e -> Cleaned with backup
F:\WINDOWS\LastGood\System32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
F:\WINDOWS\LastGood\System32\polall1m.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
F:\WINDOWS\LastGood\twaintec.dll -> Spyware.BiSpy.f -> Cleaned with backup
F:\WINDOWS\preInsTT.exe -> Trojan.KeyHost.e -> Cleaned with backup
F:\WINDOWS\system32\bmk13.exe -> Trojan.Favadd.a -> Cleaned with backup
F:\WINDOWS\system32\bszip.dll -> Worm.Wurmark.c -> Cleaned with backup
F:\WINDOWS\system32\H@tKeysH@@k.DLL -> Not-A-Virus.Tool.Game.HotHook -> Cleaned with backup
F:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
F:\WINDOWS\system32\polall1m.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
F:\WINDOWS\system32\sysupd1003.exe -> Spyware.Small.an -> Cleaned with backup
F:\WINDOWS\system32\tksrv99.exe -> TrojanDownloader.Esepor.u -> Cleaned with backup
F:\WINDOWS\system32\tsrv1420.exe -> Spyware.Agent.aq -> Cleaned with backup
F:\WINDOWS\UnstSA2.exe -> Spyware.Delf.r -> Cleaned with backup
F:\WINDOWS\update13.js -> Spyware.Hijacker.Generic -> Cleaned with backup
F:\WINDOWS\yhvzungtyyr.exe -> Spyware.BetterInternet -> Cleaned with backup


::Report End
  • 0

#13
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Good job. You should now be able to update Kaspersky.
Let me know if that is correct and post a new HijackThis log.

Regards,
  • 0

#14
Mattoman_501

Mattoman_501

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here the Hijax log updated unfortunatly i cant update Kaspersky beacuse my trial period ran out 2 weeks ago
\
\
\
Logfile of HijackThis v1.99.1
Scan saved at 4:09:15 PM, on 6/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
F:\Program Files\Telstra\Cable Login\bpcable.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Microsoft Hardware\Keyboard\type32.exe
F:\Program Files\Messenger Plus! 3\MsgPlus.exe
F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
F:\Program Files\iTunes\iTunesHelper.exe
F:\WINDOWS\System32\RUNDLL32.EXE
F:\Program Files\Internet Explorer\iexplore.exe
F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
F:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
F:\WINDOWS\system32\drivers\dcfssvc.exe
F:\Program Files\ewido\security suite\ewidoctrl.exe
F:\Program Files\ewido\security suite\ewidoguard.exe
F:\WINDOWS\System32\gearsec.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\McAfee\McAfee Firewall\CPD.EXE
F:\Program Files\McAfee\McAfee Firewall\CPD.EXE
F:\Program Files\iPod\bin\iPodService.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\System32\wuauclt.exe
F:\PROGRA~1\MSNGAM~1\zone.exe
F:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://zone.msn.com/en/root/cdrom.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - F:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [BigPondCable] "F:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliType] "F:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [DataLayer] F:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [KAVPersonal50] "F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [$WindowsRegKey%update] IEXPLORE.EXE
O4 - HKCU\..\Run: [Task manager] TikTo.exe
O4 - HKCU\..\Run: [Registry Cleaner] "F:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Kodak EasyShare software.lnk = F:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = F:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://F:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://F:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://F:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://F:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab30149.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...006_regular.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp...nch/alaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory....ap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...abasetup152.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - F:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - F:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - F:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: gearsec - GEAR Software - F:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Macromedia - F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Firewall - Unknown owner - F:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - f:\windows\SvcProc.exe (file missing)
  • 0

#15
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Some of the viruses you have were added for detection in September 2004

Please do an online virusscan for example here: http://housecall.antivirus.com/

Regards,
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP