Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack Log Help [CLOSED]


  • This topic is locked This topic is locked

#1
Fernette

Fernette

    New Member

  • Member
  • Pip
  • 2 posts
Can anyone help? We've run many scans but we have a terrible [bleep] dialer that opens whenever we reboot. Thanks so much in advance. You guys are great.


Logfile of HijackThis v1.99.1
Scan saved at 8:52:37 AM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\WINDOWS\System32\MSTMON_J.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Calendarscope\cs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://eideneurolear...g.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft

Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = localhost
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} -

C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ReadingBar - {5420be57-2ed4-4f4f-9eb9-381cec2290e7} - C:\Program

Files\ReadBar\ReadBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} -

C:\WINDOWS\System32\s1927.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital

Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program

Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe

/cleaneahtioga /start
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam

Inspector\siService.exe"
O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay]

C:\WINDOWS\System32\MSTMON_J.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio

Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator

6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE

4.0\SetHook.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint

Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Xzma] C:\WINDOWS\System32\nbbilaw.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\bwoxq.exe
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - Startup: I.url
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp

center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: StumbleUpon: &Blog This -

res://C:\WINDOWS\System32\s1927.dll/blogimage
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {30359FAE-AECB-4C52-889E-1CB5CC91AF15} -

http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {5E871F1F-7D5E-44BC-AB92-69DFD8496919} -

http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C21B9F03-34A8-4E6C-BAA9-8A87ED8B51B7} -

http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Boxer Geometry Library - http://www.boxermath...bfiles/geom.cab
O16 - DPF: Boxer Intermediate Algebra Library -

http://www.boxermath...files/inter.cab
O16 - DPF: Boxer Introductory Algebra Library -

http://www.boxermath...files/intro.cab
O16 - DPF: Boxer Shared Library - http://www.boxermath...iles/shared.cab
O16 - DPF: Boxer Trigonometry Library -

http://www.boxermath...bfiles/trig.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} -

http://activex.micro...jects/ocget.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -

http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) -

http://www.spywarest...es2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) -

http://www.miniclip....pGameLoader.dll
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13}

(PPSDKActiveXScanner.MainScreen) -

http://www.pestscan....r/axscanner.cab
O16 - DPF: {3BFB7140-D7F8-0731-11FC-76025DBCA656} -

http://69.50.182.94/1/gdnUS1735.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -

http://a1540.g.akama...e.com/mickey/us

/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -

http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

http://a1540.g.akama...e.com/saba/us/w

in/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupd...86/client/wuweb

_site.cab?1097454986812
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} -

http://69.56.176.78/webplugin.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration

Classes) - http://vztxcisccpro....ets/msie40x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)

- http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware

Scanner) -

http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) -

http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {AAF15A90-F3EC-4FEE-9A00-F65B25B83D05} -

http://activex.micro...jects/ocget.dll
O16 - DPF: {AB0E6E3B-4C96-48D8-A3FF-3235B524B7F9} -

http://activex.micro...jects/ocget.dll
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) -

http://centraone.sta...aDownloader.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) -

http://www.stamps.co...81591796875

e=stamps.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) -

http://viewers.multi...MINIBrowser.CAB
O16 - DPF: {CCA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) -

http://sessa.isprime.../CABEDialer.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} -

http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E8580BEA-BC7D-40BC-AA2E-E2A44E12CED8} (MCInfoOCX Control) -

http://img.megastudy.net/InfoOcx.Cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) -

http://download.palt...st/RegDload.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -

C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program

Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. -

C:\WINDOWS\System32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Guest_thatman_*

Guest_thatman_*
  • Guest
Hello

We are sorry for the delay in replying to your post, if your still need help please post a current HijackThis.log.

Thank you

Kc :tazz:
  • 0

#3
Fernette

Fernette

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Hi. KC asked that I repost the Hijack Log because no one answered it from a few days ago. We still have problems with a rotten dialer, although at least the Zone Alarm won't show the pictures (I am a mom with kids who use the computer all the time).

Here's the Hijack Log. Thanks for looking at it. I've tried multiple downloads that don't find anything wrong. The Internet Browser (IE and Mozilla) dial up the site as soon as there's a reboot.

Logfile of HijackThis v1.99.1
Scan saved at 3:25:51 PM, on 6/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe
C:\WINDOWS\System32\MSTMON_J.EXE
C:\WINDOWS\SM1BG.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Calendarscope\cs.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siMailProxyServer.exe
C:\Program Files\GIANT Company Software\Spam Inspector\siSpamFilterEngine.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Owner\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eideneurolear...g.blogspot.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us6.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us6.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: ReadingBar - {5420be57-2ed4-4f4f-9eb9-381cec2290e7} - C:\Program Files\ReadBar\ReadBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\System32\s1927.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [siService.exe] "C:\Program Files\GIANT Company Software\Spam Inspector\siService.exe"
O4 - HKLM\..\Run: [magicolor 2300WStatusDisplay] C:\WINDOWS\System32\MSTMON_J.EXE
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [Xzma] C:\WINDOWS\System32\nbbilaw.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\bwoxq.exe
O4 - HKCU\..\Run: [Calendarscope] "C:\Program Files\Calendarscope\cs.exe"
O4 - Startup: I.url
O4 - Startup: PalNetaware.lnk = C:\Program Files\Paltalk\pnetaware.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\System32\s1927.dll/blogimage
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Help - {30359FAE-AECB-4C52-889E-1CB5CC91AF15} - http://www.comcast.net/memberservices/ (file missing) (HKCU)
O9 - Extra button: ComcastHSI - {5E871F1F-7D5E-44BC-AB92-69DFD8496919} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C21B9F03-34A8-4E6C-BAA9-8A87ED8B51B7} - http://www.comcastsupport.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.comcast.net
O16 - DPF: Boxer Geometry Library - http://www.boxermath...bfiles/geom.cab
O16 - DPF: Boxer Intermediate Algebra Library - http://www.boxermath...files/inter.cab
O16 - DPF: Boxer Introductory Algebra Library - http://www.boxermath...files/intro.cab
O16 - DPF: Boxer Shared Library - http://www.boxermath...iles/shared.cab
O16 - DPF: Boxer Trigonometry Library - http://www.boxermath...bfiles/trig.cab
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.micro...jects/ocget.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarest...es2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan....r/axscanner.cab
O16 - DPF: {3BFB7140-D7F8-0731-11FC-76025DBCA656} - http://69.50.182.94/1/gdnUS1735.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1097454986812
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://vztxcisccpro....ets/msie40x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {AAF15A90-F3EC-4FEE-9A00-F65B25B83D05} - http://activex.micro...jects/ocget.dll
O16 - DPF: {AB0E6E3B-4C96-48D8-A3FF-3235B524B7F9} - http://activex.micro...jects/ocget.dll
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraone.sta...aDownloader.cab
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} (SDCInstaller Class) - http://www.stamps.co...file=stamps.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multi...MINIBrowser.CAB
O16 - DPF: {CCA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) - http://sessa.isprime.../CABEDialer.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {E8580BEA-BC7D-40BC-AA2E-E2A44E12CED8} (MCInfoOCX Control) - http://img.megastudy.net/InfoOcx.Cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt...st/RegDload.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi Fernette

Please read through the instructions before you start (you may want to print this out).

Please set your system to show all files; please see here if you're unsure how to do this.

Use windows add remove program file's uninstall the following:
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run yet.

Download Pocket Killbox and unzip it; save it to your Desktop. We may need it later.

Please download SpyBot V1.4 http://www.majorgeek...wnload2471.html Update the program then run it.

Download Ewido Trojan’s and malware remover http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate. Don't run yet

Reboot into Safe Mode: please see here if you are not sure how to do this.

Run Ewido full scan. Save the scan.log.

Clear out the files in the Prefetch folder. Go to start> run> type into the box Prefetch and delete all the files in that folder.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O4 - HKLM\..\Run: [DDCM] "C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe" -Background
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKCU\..\Run: [Xzma] C:\WINDOWS\System32\nbbilaw.exe
O9 - Extra button: ComcastHSI - {5E871F1F-7D5E-44BC-AB92-69DFD8496919} - http://www.comcast.net (file missing) (HKCU)
O9 - Extra button: Support - {C21B9F03-34A8-4E6C-BAA9-8A87ED8B51B7} - http://www.comcastsupport.com (file missing) (HKCU)
O16 - DPF: Boxer Geometry Library - http://www.boxermath...bfiles/geom.cab
O16 - DPF: Boxer Intermediate Algebra Library - http://www.boxermath...files/inter.cab
O16 - DPF: Boxer Introductory Algebra Library - http://www.boxermath...files/intro.cab
O16 - DPF: Boxer Shared Library - http://www.boxermath...iles/shared.cab
O16 - DPF: Boxer Trigonometry Library - http://www.boxermath...bfiles/trig.cab
O16 - DPF: {0FC6BF2B-E16A-11CF-AB2E-0080AD08A326} - http://activex.micro...jects/ocget.dll
O16 - DPF: {3BFB7140-D7F8-0731-11FC-76025DBCA656} - http://69.50.182.94/1/gdnUS1735.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000521958} - http://69.56.176.78/webplugin.cab
O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://vztxcisccpro....ets/msie40x.cab
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/s...ery/omn/kdx.cab
O16 - DPF: {AB0E6E3B-4C96-48D8-A3FF-3235B524B7F9} - http://activex.micro...jects/ocget.dll
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://centraone.sta...aDownloader.cab
O16 - DPF: {C432C4BD-3566-411C-8F3C-E5E0D3AE5D33} (CBrowser Class) - http://viewers.multi...MINIBrowser.CAB
O16 - DPF: {CCA6CE4C-2199-4A4F-9542-12E0163D6841} (Dialer Class) - http://sessa.isprime.../CABEDialer.cab
O16 - DPF: {E8580BEA-BC7D-40BC-AA2E-E2A44E12CED8} (MCInfoOCX Control) - http://img.megastudy.net/InfoOcx.Cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://download.palt...st/RegDload.CAB

Click on Fix Checked when finished and exit HijackThis.

Run Ad-aware se let remove all it finds

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.
C:\Program Files\WildTangent\DDC\DDCManager\DDCMan.exe
C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
C:\WINDOWS\System32\nbbilaw.exe

Let the system reboot.

Please download, install and run this disk cleanup utility called Cleanup version 4.0!: http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage: http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.When the scan has finnished click the close button
When prompted the system will log off to let it clean out the remaining files. when the log screen shows log back on and continue the fix.

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
Please post the logs From Panda, Ewido and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#5
Guest_thatman_*

Guest_thatman_*
  • Guest
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP