Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Strange appilcation in the hijackthis log...help

Started by adys , Aug 19 2005 03:55 PM

  • This topic is locked This topic is locked

#1
adys
Posted 19 August 2005 - 03:55 PM

adys

    New Member

  • Member
  • Pip
  • 4 posts
this is after Ad Aware, Panda, norton antivirus, spybot , ewido and smitRem.


Logfile of HijackThis v1.99.1
Scan saved at 12:57:02 AM, on 8/20/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\USB Media\shwicon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\DOCUME~1\adys\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\adys\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\totalcmd\TOTALCMD.EXE
c:\CleanSpy\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShowIcon_Vosonic_USB Media Device Driver v1.19r003] "C:\Program Files\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [pdorkxx] c:\windows\cadivhf.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [qhewynn] c:\windows\tcafqfc.exe
O4 - HKCU\..\Run: [ixegknb] c:\windows\txridau.exe
O4 - HKCU\..\Run: [bdkjpsi] c:\windows\txridau.exe
O4 - HKCU\..\Run: [fvyenmg] c:\windows\txridau.exe
O4 - HKCU\..\Run: [kmtriqn] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ebavsla] c:\windows\txridau.exe
O4 - HKCU\..\Run: [wgntwqt] c:\windows\txridau.exe
O4 - HKCU\..\Run: [jtbodkl] c:\windows\txridau.exe
O4 - HKCU\..\Run: [jtvwtlb] c:\windows\txridau.exe
O4 - HKCU\..\Run: [rdskrnm] c:\windows\txridau.exe
O4 - HKCU\..\Run: [jgwuprw] c:\windows\txridau.exe
O4 - HKCU\..\Run: [bgvssqt] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ulqujfa] c:\windows\txridau.exe
O4 - HKCU\..\Run: [tgjfifk] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ockkiho] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ykuesoi] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ceteoly] c:\windows\txridau.exe
O4 - HKCU\..\Run: [bfsovef] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [jxaighd] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [sothaol] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [mbiurrd] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [mtrwyet] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [ypqemjg] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [giqocnt] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [xsvrobm] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [rwixcqt] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [ngmpmcd] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [picywmg] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [icoygnb] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [ckwjkha] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [mlqmxnn] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\dkmekgc.exe
O4 - Startup: adsl.lnk = ?
O4 - Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: View EXIF - C:\Program Files\ViewEXIF\EXIF.htm
O9 - Extra button: ??÷? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105529089592
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Beamerke
Posted 24 August 2005 - 02:26 PM

Beamerke

    Visiting Staff

  • Member
  • PipPip
  • 88 posts
Hi,

It's betst to print out these instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download and install CCleaner
Do not use it yet.

*Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/
  • Exit Ewido. DO NOT run a scan yet.
* Set your system to show all files; please see here if you're unsure how to do this.

* Start HijackThis, close all open windows leaving only HijackThis running. Put a check in the box next to the following items:

O4 - HKLM\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKLM\..\RunServices: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [Microsoft DirectX] PDSched.exe
O4 - HKCU\..\Run: [pdorkxx] c:\windows\cadivhf.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 - HKCU\..\Run: [qhewynn] c:\windows\tcafqfc.exe
O4 - HKCU\..\Run: [ixegknb] c:\windows\txridau.exe
O4 - HKCU\..\Run: [bdkjpsi] c:\windows\txridau.exe
O4 - HKCU\..\Run: [fvyenmg] c:\windows\txridau.exe
O4 - HKCU\..\Run: [kmtriqn] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ebavsla] c:\windows\txridau.exe
O4 - HKCU\..\Run: [wgntwqt] c:\windows\txridau.exe
O4 - HKCU\..\Run: [jtbodkl] c:\windows\txridau.exe
O4 - HKCU\..\Run: [jtvwtlb] c:\windows\txridau.exe
O4 - HKCU\..\Run: [rdskrnm] c:\windows\txridau.exe
O4 - HKCU\..\Run: [jgwuprw] c:\windows\txridau.exe
O4 - HKCU\..\Run: [bgvssqt] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ulqujfa] c:\windows\txridau.exe
O4 - HKCU\..\Run: [tgjfifk] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ockkiho] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ykuesoi] c:\windows\txridau.exe
O4 - HKCU\..\Run: [ceteoly] c:\windows\txridau.exe
O4 - HKCU\..\Run: [bfsovef] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [jxaighd] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [sothaol] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [mbiurrd] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [mtrwyet] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [ypqemjg] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [giqocnt] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [xsvrobm] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [rwixcqt] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [ngmpmcd] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [picywmg] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [icoygnb] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [ckwjkha] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [aavfgqh] c:\windows\dkmekgc.exe
O4 - HKCU\..\Run: [mlqmxnn] c:\windows\aefhjgd.exe
O4 - HKCU\..\Run: [mwuaddm] c:\windows\dkmekgc.exe

* Click on "Fix Checked" when finished and exit HijackThis.

* Reboot into Safe Mode`: ( without networking support !)
To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.
(or see HERE for help)

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\System32\PDSched.exe
C:\WINDOWS\System32\kernels32.exe
C:\WINDOWS\System32\MSlti32.exe
c:\windows\cadivhf.exe
C:\WINDOWS\System32\symcsvc.exe
c:\windows\tcafqfc.exe
c:\windows\txridau.exe
c:\windows\dkmekgc.exe
c:\windows\aefhjgd.exe

* Still in safe mode Run Ccleaner and click Run Cleaner (bottom right)

*Open Ewido Security Suite
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

* Reboot your system back to normal mode.

Post back a fresh HijackThis log and the Ewido report, and I'll take another look.

If you had any problems with deleting files or noticed any other problems during your fix, let me also know in your next reply.
  • 0

#3
adys
Posted 24 August 2005 - 04:49 PM

adys

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks !

here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 1:52:01 AM, on 8/25/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\USB Media\shwicon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
c:\CleanSpy\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShowIcon_Vosonic_USB Media Device Driver v1.19r003] "C:\Program Files\USB Media\shwicon.exe" -t"Vosonic\USB Media Device Driver v1.19r003"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe
O4 - Startup: adsl.lnk = ?
O4 - Startup: PhotoCAL Startup.lnk = C:\Program Files\PANTONE COLORVISION\PhotoCAL\PhotoCAL.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: View EXIF - C:\Program Files\ViewEXIF\EXIF.htm
O9 - Extra button: ??÷? - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1105529089592
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D8A8A7F1-53EF-41F2-B44D-F3E2E595DC27} - ms-its:mhtml:file://C:\MAIN.MHT!http://69.50.172.102...hm::/update.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:46:26 AM, 8/25/2005
+ Report-Checksum: E9830E3A

+ Scan result:

C:\temp\aefhjgd.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\temp\cadivhf.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\temp\dkmekgc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\temp\tcafqfc.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\temp\txridau.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\jafmutbh.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End


thanks a lot man!

adys
  • 0

#4
Beamerke
Posted 24 August 2005 - 06:18 PM

Beamerke

    Visiting Staff

  • Member
  • PipPip
  • 88 posts
Hi,

This looks much better, but there are a few things left:

* Set your system to show all files; please see here if you're unsure how to do this.

* Start HijackThis, close all open windows leaving only HijackThis running. Put a check in the box next to the following items:

O4 - HKLM\..\RunServices: [Microsoft AUT Update] MSlti32.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symcsvc.exe

* Click on "Fix Checked" when finished and exit HijackThis.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\System32\MSlti32.exe
C:\WINDOWS\System32\symcsvc.exe

* Reboot your system.

Post back a fresh HijackThis log and I'll take another look.
  • 0

#5
Beamerke
Posted 23 September 2005 - 03:32 PM

Beamerke

    Visiting Staff

  • Member
  • PipPip
  • 88 posts
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending a staff member a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Edited by Beamerke, 23 September 2005 - 03:36 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP