This topic is locked
I have followed the steps outlined in the following thread: http://www.aluriasof.../thread998.html and need further assistance.
Here is my HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:49:43 PM, on 10/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\sarah\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [Verbatim Store 'n' G] c:\program files\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Program Files\Verbatim Store N Go
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (UploadList Control) - http://wwl470.daum.n...-ax/hanmail.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.0 Control) - http://www.photolab....geUploader3.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by15fd.bay15....ex/HMAtchmt.ocx
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Msdebugsrv1 (Msdebugsrv) - Unknown owner - C:\WINDOWS\dbg32hlp.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Here is rdriv.txt:
~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~
rdriv.sys PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!
~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~
rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!
And here is my Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:00:26 PM, 10/10/2005
+ Report-Checksum: 81D6D4B2
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-1960408961-507921405-1708537768-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
C:\Program Files\Common Files\Sony Shared\Visualizer\ExlGen.dll -> Dialer.Generic : Cleaned with backup
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/Common Files/CMEII/CMESys.exe -> Adware.Gator : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/Common Files/CMEII/GMTProxy.dll -> Adware.Gator : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/Common Files/CMEII/CMEIIAPI.dll -> Adware.Gator : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/Common Files/GMT/GatorStubSetup.exe -> Adware.Gator : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/Common Files/GMT/GUninstaller.exe -> Adware.Gator : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/windows/temp/adware/fsg_4104.exe -> Spyware.Web3000 : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/kazaa/topsearch.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/points manager/sysdetect.dll -> Adware.BrilliantDigital : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/adm4005.exe -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/windows/temp/altnet/admdloader.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/windows/temp/altnet/admfdi.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/windows/temp/altnet/Setup.exe -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/windows/temp/altnet/adm25.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/points manager/setup.cab/PMuninstall.bde -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/points manager/points manager.exe -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/asmps.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/asmend.exe -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/asm.exe -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/altnetuninstall.exe -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/admprog.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/admfdi.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/admdloader.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/adm4.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/altnet/download manager/adm25.dll -> Spyware.Altnet : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/windows/system/p2p networking/marshal.dll -> Spyware.P2PNetworking : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115173440810.zip/Program Files/perfectnav/bho/perfectnav150c.dll -> Spyware.eUniverse : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041115225556640.zip/windows/system/p2p networking/marshal.dll -> Spyware.P2PNetworking : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041208164106180.zip/WINDOWS/Cookies/michael nguyen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041208164106180.zip/WINDOWS/Cookies/michael nguyen@atdmt[2].txt -> Spyware.Cookie.Atdmt : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041219133837670.zip/WINDOWS/Cookies/michael nguyen@atdmt[2].txt -> Spyware.Cookie.Atdmt : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041219133837670.zip/WINDOWS/Cookies/michael nguyen@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20041219133837670.zip/WINDOWS/Cookies/michael nguyen@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050131192348700.zip/WINDOWS/Cookies/michael nguyen@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050131192348700.zip/WINDOWS/Cookies/michael [email protected][2].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050131192348700.zip/WINDOWS/Cookies/michael nguyen@fastclick[1].txt -> Spyware.Cookie.Fastclick : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050131192348700.zip/WINDOWS/Cookies/michael nguyen@advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050131192348700.zip/WINDOWS/Cookies/michael nguyen@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050131192348700.zip/WINDOWS/Cookies/michael [email protected][1].txt -> Spyware.Cookie.Coremetrics : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050131192348700.zip/WINDOWS/Cookies/michael nguyen@atdmt[2].txt -> Spyware.Cookie.Atdmt : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050217182124.zip/Documents and Settings/sarah/Cookies/sarah@atdmt[2].txt -> Spyware.Cookie.Atdmt : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050217182124.zip/Documents and Settings/sarah/Cookies/sarah@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050217182124.zip/Documents and Settings/sarah/Cookies/sarah@fastclick[1].txt -> Spyware.Cookie.Fastclick : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050217182124.zip/Documents and Settings/sarah/Cookies/sarah@advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050217182124.zip/Documents and Settings/sarah/Cookies/sarah@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050217182124.zip/Documents and Settings/sarah/Cookies/[email protected][1].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/sarah@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/sarah@atdmt[2].txt -> Spyware.Cookie.Atdmt : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/sarah@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/sarah@advertising[1].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/sarah@fastclick[1].txt -> Spyware.Cookie.Fastclick : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/[email protected][1].txt -> Spyware.Cookie.Coremetrics : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/[email protected][1].txt -> Spyware.Cookie.Advertising : Error during cleaning
C:\Program Files\PestPatrol\Quarantine\20050319134039.zip/Documents and Settings/sarah/Cookies/[email protected][2].txt -> Spyware.Cookie.Hitslink : Error during cleaning
C:\Documents And Settings\sarah\Cookies\sarah@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents And Settings\Guest\Cookies\guest@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP230\A0037534.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP230\A0037535.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP230\A0037540.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0037563.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0037572.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0037723.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0037726.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0037727.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0038047.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0038117.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0038126.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0038137.SYS -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP231\A0038139.sys -> Trojan.Rootkit.k : Cleaned with backup
C:\System Volume Information\_restore{B7824BF6-3680-4CC1-B22E-A961AA5BC89A}\RP191\A0033509.dll -> Spyware.180Solutions : Cleaned with backup
::Report End
Any help would be appreciated. Thanks
Sign In
Create Account
