Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet explorer problems


  • Please log in to reply

#1
skyblue2807

skyblue2807

    Member

  • Member
  • PipPip
  • 13 posts
When I switch on, internet explorer opens automatically in 3 simultaneous windows.

when I close them down they just keep opening up again. Have tried all adware, antivirus etc options so here is my Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 17:30:06, on 14/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SPMSMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\wuauclt.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Neil\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vwlwcesqh...Bb4uSx_4MOC.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.0.0.2
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.szqsvxgsu...Xwk0eho4fY.jsp"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ChangeICON] C:\WINNT\SPMSMON.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [16 dead great bold] C:\Documents and Settings\All Users\Application Data\pingextra16dead\Ruleplay.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Neil"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Cake Drive] C:\DOCUME~1\Neil\APPLIC~1\HOLDOW~1\Bolt Funk For.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT - {281BFCCF-F821-4F6B-B370-08FCB76E1BC6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {C406F203-B8BA-47FE-A936-4A84BC159160} - http://www.btopenwor...om/businesshome (file missing) (HKCU)
O9 - Extra button: Help - {CFB51994-FA56-420C-8EF0-4F239D6CDECA} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: bega - {A57721C9-B905-49B3-8BCA-B99FBB8C627E} - C:\Program Files\Common Files\BEGA\DatabaseTools.dll
O18 - Protocol: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINNT\system32\wbem\clipsvr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - wbem\netdde32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

Can anybody help?????????????
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:
I apologize for the delay getting to your log, the helpers here are very busy.

Before we can get started on fixing your problem you must change the location of Hijackthis. It should not run directly from your desktop or a temp directory. Please create a directory on your c: drive called c:\hijackthis and download and unzip hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

Download FindLop. Unzip the file. It will create a folder. From the extracted files, locate findlop.bat and double click on it. It will generate a log file - C:\findlop.txt

Find that file and copy the content into your next post along with a new HijackThis log.
  • 0

#3
skyblue2807

skyblue2807

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi,

Thanks for the reply, here is the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 15:29:33, on 18/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SPMSMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Netscape\Netscape Browser\netscape.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\EXPLORER.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vwlwcesqh...Bb4uSx_4MOC.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.0.0.2
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.szqsvxgsu...Xwk0eho4fY.jsp"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ChangeICON] C:\WINNT\SPMSMON.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [16 dead great bold] C:\Documents and Settings\All Users\Application Data\pingextra16dead\Ruleplay.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Neil"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Cake Drive] C:\DOCUME~1\Neil\APPLIC~1\HOLDOW~1\Bolt Funk For.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT - {281BFCCF-F821-4F6B-B370-08FCB76E1BC6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {C406F203-B8BA-47FE-A936-4A84BC159160} - http://www.btopenwor...om/businesshome (file missing) (HKCU)
O9 - Extra button: Help - {CFB51994-FA56-420C-8EF0-4F239D6CDECA} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: bega - {A57721C9-B905-49B3-8BCA-B99FBB8C627E} - C:\Program Files\Common Files\BEGA\DatabaseTools.dll
O18 - Protocol: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINNT\system32\wbem\clipsvr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - wbem\netdde32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE


The Findlop will not work, maybe I am doing something wrong but when I double click on Findlop.bat I get an error message as follows:

'jt' is not recognized as an internal or external command, operable program or batch file


:tazz:
  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's do this instead.

Open Hijackthis, click "Open the Misc Tools section"
Next to "Generate StartupList log", place a check next to "List also minor sections" (full) and "List empty sections (complete).
Then click "Generate StartupList log"
Click "Yes" to the box that pops-up.
Then copy and paste the notepad text that appears to this topic.
  • 0

#5
skyblue2807

skyblue2807

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK, here it is.................... it's all double dutch to me!!!!!!!!!!!!!!!!!!!!!!


StartupList report, 19/11/2005, 17:16:09
StartupList version: 1.52.2
Started from : C:\Hijack This\HijackThis.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SPMSMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\EXPLORER.EXE
C:\Hijack This\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Neil\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
Apoint = C:\Program Files\Apoint\Apoint.exe
NvCplDaemon = RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /installquiet
bascstray = BascsTray.exe
Dell QuickSet = C:\Program Files\Dell\QuickSet\quickset.exe
PRPCMonitor = PRPCUI.exe
DVDSentry = C:\WINNT\system32\DSentry.exe
CreateCD50 = "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
HPDJ Taskbar Utility = C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
ChangeICON = C:\WINNT\SPMSMON.EXE
NeroCheck = C:\WINNT\system32\NeroCheck.exe
gcasServ = "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
Windows spoolservr Service = spoolservr.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
LVCOMSX = C:\WINNT\system32\LVCOMSX.EXE
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
16 dead great bold = C:\Documents and Settings\All Users\Application Data\pingextra16dead\Ruleplay.exe
THGuard = "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Windows spoolservr Service = spoolservr.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

washindex = C:\Program Files\Washer\washidx.exe "Neil"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Internat.exe = internat.exe
Window Washer = C:\Program Files\Webroot\Washer\wwDisp.exe
Cake Drive = C:\DOCUME~1\Neil\APPLIC~1\HOLDOW~1\Bolt Funk For.exe
LogitechSoftwareUpdate = "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
ares = "C:\Program Files\Ares\Ares.exe" -h

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINNT\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINNT\system32\setup\wmpocm.exe /HideWMP

[>{23DA3FB8-16C3-43A3-B92B-22EE21E35CFB}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{6A5110B5-E14B-4268-A065-EF89FF33C325}] *
StubPath = regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINNT\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\system32\SSFLWBOX.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINNT\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINNT\Explorer\Explorer.exe: not present
C:\WINNT\System\Explorer.exe: not present
C:\WINNT\System32\Explorer.exe: not present
C:\WINNT\Command\Explorer.exe: not present
C:\WINNT\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINNT
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\DIALux\DLXShellExtension.dll - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2}
(no name) - C:\WINNT\system32\IETie.dll - {9527D42F-D666-11D3-B8DD-00600838CD5F}
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll - {AE7CD045-E861-484f-8273-0445EE161910}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[iPIX ActiveX Control]
InProcServer32 = C:\WINNT\DOWNLO~1\ipixx.ocx
CODEBASE = http://www.ipix.com/viewers/ipixx.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab31267.cab

[WScanCtl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\webscan.dll
CODEBASE = http://www3.ca.com/s...nfo/webscan.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...8356.1331365741

[Autodesk DWF Viewer Control]
InProcServer32 = C:\Program Files\Common Files\Autodesk Shared\dwf common\AdView.dll
CODEBASE = http://www.autodesk....ViewerSetup.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pdownloader.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\macromed\flash\Flash.ocx
CODEBASE = http://active.macrom...abs/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINNT\System32\rnr20.dll
NameSpace #2: C:\WINNT\System32\winrnr.dll
Protocol #1: C:\WINNT\system32\msafd.dll
Protocol #2: C:\WINNT\system32\msafd.dll
Protocol #3: C:\WINNT\system32\msafd.dll
Protocol #4: C:\WINNT\system32\rsvpsp.dll
Protocol #5: C:\WINNT\system32\rsvpsp.dll
Protocol #6: C:\WINNT\system32\msafd.dll
Protocol #7: C:\WINNT\system32\msafd.dll
Protocol #8: C:\WINNT\system32\msafd.dll
Protocol #9: C:\WINNT\system32\msafd.dll
Protocol #10: C:\WINNT\system32\msafd.dll
Protocol #11: C:\WINNT\system32\msafd.dll
Protocol #12: C:\WINNT\system32\msafd.dll
Protocol #13: C:\WINNT\system32\msafd.dll
Protocol #14: C:\WINNT\system32\msafd.dll
Protocol #15: C:\WINNT\system32\msafd.dll
Protocol #16: C:\WINNT\system32\msafd.dll
Protocol #17: C:\WINNT\system32\msafd.dll
Protocol #18: C:\WINNT\system32\msafd.dll
Protocol #19: C:\WINNT\system32\msafd.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: system32\DRIVERS\ACPI.sys (system)
adpu160m: system32\DRIVERS\adpu160m.sys (system)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: system32\DRIVERS\agp440.sys (system)
Aha154x: system32\DRIVERS\aha154x.sys (system)
aic78u2: system32\DRIVERS\aic78u2.sys (system)
aic78xx: system32\DRIVERS\aic78xx.sys (system)
Alerter: %SystemRoot%\system32\services.exe (manual start)
Alps Touch Pad Filter Driver for Windows 2000/XP: system32\DRIVERS\Apfiltr.sys (manual start)
Application Management: %SystemRoot%\system32\services.exe (manual start)
RAS Asynchronous Media Driver: system32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: system32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: system32\DRIVERS\atmarpc.sys (manual start)
Audio Stub Driver: system32\DRIVERS\audstub.sys (manual start)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Rezident Driver: \SystemRoot\System32\Drivers\avg7rsnt.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
Broadcom 570x Gigabit Integrated Controller: system32\DRIVERS\b57w2k.sys (manual start)
Broadcom ASF IP monitoring service v6.0.3: C:\WINNT\system32\basfipm.exe (autostart)
BASFND: \??\C:\WINNT\system32\Drivers\BASFND.sys (autostart)
Dell Wireless WLAN Card Driver: system32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\system32\svchost.exe -k BITSgroup (manual start)
Computer Browser: %SystemRoot%\system32\services.exe (autostart)
Closed Caption Decoder: system32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINNT\system32\cisvc.exe (disabled)
ClipBook: C:\WINNT\system32\wbem\clipsvr.exe (autostart)
Microsoft ACPI Control Method Battery Driver: system32\DRIVERS\CmBatt.sys (manual start)
Microsoft Composite Battery Driver: system32\DRIVERS\compbatt.sys (system)
TI UltraMedia CardBus Controller Filter Driver: system32\DRIVERS\tiumflt.sys (system)
DHCP Client: %SystemRoot%\system32\services.exe (autostart)
Disk Driver: system32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
dmload: System32\drivers\dmload.sys (system)
Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\system32\services.exe (autostart)
3Com EtherLink XL B/C Adapter Driver: system32\DRIVERS\el90xbc5.sys (manual start)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINNT\system32\svchost.exe -k netsvcs (manual start)
FAD: \??\C:\WINNT\system32\Drivers\FAD.sys (autostart)
fasttrak: system32\DRIVERS\fasttrak.sys (system)
Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
Fd16_700: system32\DRIVERS\fd16_700.sys (system)
Floppy Disk Controller Driver: system32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: system32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
USB Serial Converter Driver: system32\drivers\ftdibus.sys (manual start)
Volume Manager Driver: system32\DRIVERS\ftdisk.sys (system)
USB Serial Port Driver: system32\drivers\ftser2k.sys (manual start)
Generic Packet Classifier: system32\DRIVERS\msgpc.sys (manual start)
GTICARD: system32\DRIVERS\gticard.sys (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (autostart)
HSFHWICH: system32\DRIVERS\HSFHWICH.sys (manual start)
HSF_DP: system32\DRIVERS\HSF_DP.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (system)
IntelIde: system32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: system32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: system32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: system32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: system32\DRIVERS\ipsec.sys (manual start)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: system32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: system32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\system32\services.exe (autostart)
Workstation: %SystemRoot%\system32\services.exe (autostart)
TCP/IP NetBIOS Helper Service: %SystemRoot%\system32\services.exe (autostart)
Logitech USB Monitor Filter: system32\drivers\lvusbsta.sys (manual start)
AEGIS Protocol (IEEE 802.1x) v2.3.1.7: system32\DRIVERS\mdc8021x.sys (autostart)
mdmxsdk: system32\DRIVERS\mdmxsdk.sys (autostart)
Messenger: %SystemRoot%\system32\services.exe (disabled)
NetMeeting Remote Desktop Sharing: C:\WINNT\system32\mnmsrvc.exe (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
BDA MPE Filter: system32\DRIVERS\MPE.sys (manual start)
mraid2k: system32\DRIVERS\mraid2k.sys (system)
mraid35x: system32\DRIVERS\mraid35x.sys (system)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINNT\system32\msdtc.exe (manual start)
Windows Installer: C:\WINNT\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: system32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: system32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: system32\DRIVERS\netbt.sys (system)
Network DDE: wbem\netdde32.exe (autostart)
NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
Net Logon: %SystemRoot%\system32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\system32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
nv: system32\DRIVERS\nv4_mini.sys (manual start)
nv4: system32\DRIVERS\nv4.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: system32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: system32\DRIVERS\nwlnkfwd.sys (manual start)
Texas Instruments OHCI Compliant IEEE 1394 Host Controller: system32\DRIVERS\ohci1394.sys (system)
OMCI WDM Device Driver: system32\DRIVERS\omci.sys (system)
Intel® AnyPoint® 3240 USB Modem Firmware Loader: system32\DRIVERS\p31usbld.sys (autostart)
Parallel class driver: system32\DRIVERS\parallel.sys (manual start)
Parallel port driver: system32\DRIVERS\parport.sys (system)
PCI Bus Driver: system32\DRIVERS\pci.sys (system)
PCIIde: system32\DRIVERS\pciide.sys (system)
Pcmcia: system32\DRIVERS\pcmcia.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Policy Agent: %SystemRoot%\system32\lsass.exe (autostart)
WAN Miniport (PPTP): system32\DRIVERS\raspptp.sys (manual start)
Protected Storage: %SystemRoot%\system32\services.exe (autostart)
Direct Parallel Link Driver: system32\DRIVERS\ptilink.sys (manual start)
Logitech QuickCam Communicate: system32\DRIVERS\LVCM.sys (manual start)
Remote Access Auto Connection Driver: system32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): system32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Direct Parallel: system32\DRIVERS\raspti.sys (manual start)
Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
Digital CD Audio Playback Filter Driver: system32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
Microsoft Legacy Modem Driver: System32\Drivers\RootMdm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\system32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\system32\rsvp.exe -s (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (autostart)
Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
RunAs Service: %SystemRoot%\system32\services.exe (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: system32\DRIVERS\serenum.sys (manual start)
Serial port driver: system32\DRIVERS\serial.sys (system)
Internet Connection Sharing: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
BDA Slip De-Framer: system32\DRIVERS\SLIP.sys (manual start)
Sparrow: system32\DRIVERS\sparrow.sys (system)
MS Card_Reader: system32\DRIVERS\SP560X2K.SYS (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Srv: system32\DRIVERS\srv.sys (manual start)
Audio Driver (WDM) - SigmaTel CODEC: system32\drivers\STAC97.sys (manual start)
BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: system32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: system32\DRIVERS\tcpip.sys (system)
tiumfwl: system32\drivers\tiumfwl.sys (manual start)
Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
Microsoft USB Universal Host Controller Driver: system32\DRIVERS\uhcd.sys (manual start)
Ultra: system32\DRIVERS\ultra.sys (system)
Microcode Update Driver: system32\DRIVERS\update.sys (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
USB 2.0 Root Hub Support: system32\DRIVERS\usbhub20.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
Windows Time: %SystemRoot%\System32\services.exe (manual start)
Remote Access IP ARP Driver: system32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
winachsf: system32\DRIVERS\HSF_CNXT.sys (manual start)
Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (manual start)
WLTRYSVC: %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
World Standard Teletext Codec: system32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Neil\LOCALS~1\Temp\_iu14D2N.tmp|||L

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
SysTray: stobject.dll
WebCheck: C:\WINNT\system32\webcheck.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 33,694 bytes
Report generated in 1.852 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please delete these folders.

C:\Documents and Settings\All Users\Application Data\pingextra16dead
C:\Documents and Settings\Neil\Application Data\HOLDOW~1


Reboot and post a new hijackthis log (original log).
  • 0

#7
skyblue2807

skyblue2807

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thats fixed it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Excellent, thanks very much!!! :tazz: :) :) :woot: :woot: :woot: :P

I guess those files were infiltrated without my knowledge? Is there any defence?

do you still want to see a new log???????????????????????

Thanks Again!!
  • 0

#8
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please post a new hijackthis log. I recognized another issue in the last log that you had posted. It may just be an orphaned registry entry, but best not to take chances.
  • 0

#9
skyblue2807

skyblue2807

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK, here it is:

Logfile of HijackThis v1.99.1
Scan saved at 08:55:55, on 22/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SPMSMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\EXPLORER.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vwlwcesqh...Bb4uSx_4MOC.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.0.0.2
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.szqsvxgsu...Xwk0eho4fY.jsp"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ChangeICON] C:\WINNT\SPMSMON.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [16 dead great bold] C:\Documents and Settings\All Users\Application Data\pingextra16dead\Ruleplay.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Neil"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [Cake Drive] C:\DOCUME~1\Neil\APPLIC~1\HOLDOW~1\Bolt Funk For.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BT - {281BFCCF-F821-4F6B-B370-08FCB76E1BC6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {C406F203-B8BA-47FE-A936-4A84BC159160} - http://www.btopenwor...om/businesshome (file missing) (HKCU)
O9 - Extra button: Help - {CFB51994-FA56-420C-8EF0-4F239D6CDECA} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: bega - {A57721C9-B905-49B3-8BCA-B99FBB8C627E} - C:\Program Files\Common Files\BEGA\DatabaseTools.dll
O18 - Protocol: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINNT\system32\wbem\clipsvr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - wbem\netdde32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

Thanks.
  • 0

#10
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
It looks like it's back.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vwlwcesqh...Bb4uSx_4MOC.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.szqsvxgsu...Xwk0eho4fY.jsp"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
O4 - HKLM\..\Run: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\Run: [16 dead great bold] C:\Documents and Settings\All Users\Application Data\pingextra16dead\Ruleplay.exe
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKCU\..\Run: [Cake Drive] C:\DOCUME~1\Neil\APPLIC~1\HOLDOW~1\Bolt Funk For.exe




Please run Panda Online Virus Scan
  • You must allow the active-x control to run when asked.
  • You may need to disable your antivirus program while this scan runs.
  • There may be files that this scan will not remove.
  • Please include that information in your next post.
  • Make sure to reenable your antivirus program if you disabled it.
Reboot and post a new hijackthis log and the info from your virus scan.
  • 0

Advertisements


#11
skyblue2807

skyblue2807

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The problem has been fixed, but here they are anyway:

Logfile of HijackThis v1.99.1
Scan saved at 13:20:49, on 23/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SPMSMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\EXPLORER.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.0.0.2
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ChangeICON] C:\WINNT\SPMSMON.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Neil"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BT - {281BFCCF-F821-4F6B-B370-08FCB76E1BC6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {C406F203-B8BA-47FE-A936-4A84BC159160} - http://www.btopenwor...om/businesshome (file missing) (HKCU)
O9 - Extra button: Help - {CFB51994-FA56-420C-8EF0-4F239D6CDECA} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: bega - {A57721C9-B905-49B3-8BCA-B99FBB8C627E} - C:\Program Files\Common Files\BEGA\DatabaseTools.dll
O18 - Protocol: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINNT\system32\wbem\clipsvr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - wbem\netdde32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE

And now the Panda list:



Incident Status Location

Spyware:spyware/clearsearch Not desinfected C:\WINNT\system32\IETie.dll
Adware:adware/lop Not desinfected C:\Documents and Settings\Neil\Local Settings\Temp\sta5.exe
Spyware:spyware/clearsearch Not desinfected C:\WINNT\SYSTEM32\IETie.dll
Adware:adware/cws Not desinfected C:\Documents and Settings\Neil\Favorites\Shop
Adware:adware/ist.yoursitebar Not desinfected Windows Registry
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[release.doc.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[product.htm.scr]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[final.scr]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[stuff.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[message.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[swimmingpool.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[found.htm.pif]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[aboutyou.doc.scr]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[found.com]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[website.txt.com]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[ranking.rtf.scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[document.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[bill.doc.scr]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[message.htm.exe]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[~0001088.~]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[~0001540.~]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[~0001650.~]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[~0001888.~]
Virus:W32/Mydoom.N.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[text.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[release.doc.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[product.htm.scr]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[final.scr]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[stuff.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[message.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[swimmingpool.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[found.htm.pif]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[aboutyou.doc.scr]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[found.com]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[website.txt.com]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[ranking.rtf.scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[document.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[message.htm.exe]
Virus:W32/Netsky.B.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[bill.doc.scr]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[~0000847.~]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[~0001244.~]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[~0001416.~]
Virus:Trj/Citifraud.A Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[~0001432.~]
Virus:W32/Mydoom.N.worm Disinfected C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[text.exe]
Possible Virus. Not desinfected C:\Documents and Settings\Neil\Application Data\FindLocks\Defy shim.exe
Adware:Adware/Lop Not desinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3C22A2EC-5DA3-4DA0-97CA-5EDB9D\E4D2DC0E-D199-4D73-A885-EC53F8
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[release.doc.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[product.htm.scr]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[final.scr]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[stuff.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[message.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[swimmingpool.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[found.htm.pif]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[aboutyou.doc.scr]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[found.com]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[website.txt.com]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[ranking.rtf.scr]
Virus:W32/Netsky.P.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[document.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[bill.doc.scr]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Inbox[message.htm.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[release.doc.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[product.htm.scr]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[final.scr]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[stuff.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[message.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[swimmingpool.txt.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[found.htm.pif]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[aboutyou.doc.scr]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[found.com]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[website.txt.com]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[ranking.rtf.scr]
Virus:W32/Netsky.P.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[document.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[message.htm.exe]
Virus:W32/Netsky.B.worm Disinfected C:\My Docs LP\Profiles\default\yymkzmk9.slt\Mail\pop.virgin.net\Trash[bill.doc.scr]


I am perturbed that Panda has found so many items whan my AVG found none. Should I buy Panda when my AVG licence expires??
  • 0

#12
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Fix this line with Hijackthis.

O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll


Delete these files.

C:\WINNT\system32\IETie.dll
C:\Documents and Settings\Neil\Local Settings\Temp\sta5.exe
C:\Documents and Settings\Neil\Favorites\Shop <-- delete this folder
C:\Documents and Settings\Neil\Application Data\FindLocks <-- delete this folder


There are still signs that you may have LOP on your computer. Please reboot and post a new hijackthis log.


Most of what Panda found was email attachments. I know AVG will scan incoming and outgoing email if you have it configured to do so. Review your settings to make sure.

Panda is a very good antivirus program, and if you wish to spend a few bucks it is one that I would recommend. However I also feel that AVG is an excellent antivirus program, if it's configured correctly.
  • 0

#13
skyblue2807

skyblue2807

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks for the advice!

By the way, what is LOP???

Here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 16:22:50, on 23/11/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINNT\system32\basfipm.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WLTRYSVC.EXE
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\bcmwltry.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINNT\system32\PRPCUI.exe
C:\WINNT\system32\DSentry.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\SPMSMON.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINNT\EXPLORER.EXE
C:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by BT Openworld
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 10.0.0.2
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Neil\Application Data\Mozilla\Profiles\default\yymkzmk9.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINNT\system32\DSentry.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ChangeICON] C:\WINNT\SPMSMON.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [Windows spoolservr Service] spoolservr.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Neil"
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: BT - {281BFCCF-F821-4F6B-B370-08FCB76E1BC6} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {C406F203-B8BA-47FE-A936-4A84BC159160} - http://www.btopenwor...om/businesshome (file missing) (HKCU)
O9 - Extra button: Help - {CFB51994-FA56-420C-8EF0-4F239D6CDECA} - http://www.btopenworld.com/helpbb (file missing) (HKCU)
O12 - Plugin for .htm: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} (Autodesk DWF Viewer Control) - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O18 - Protocol: bega - {A57721C9-B905-49B3-8BCA-B99FBB8C627E} - C:\Program Files\Common Files\BEGA\DatabaseTools.dll
O18 - Protocol: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files\DIALux\DLXToolBox.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: ClipBook (ClipSrv) - Unknown owner - C:\WINNT\system32\wbem\clipsvr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network DDE (NetDDE) - Unknown owner - wbem\netdde32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\System32\WLTRYSVC.EXE
  • 0

#14
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Here's some info about LOP.
http://www.doxdesk.c...rasite/lop.html

Almost every time I see it in a log, it has come bundled with an installation of Messenger Plus. I would stay away from that program until they change the way they do business.


Your log looks clean to me! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:) :)
  • 0

#15
skyblue2807

skyblue2807

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry for the delay, had another problem. PC froze, had to cut power, swithced back on, lost all e-mails and bookmarks, address book etc. my personal documents and settings file was deleted . [bleep]!!!!!!!! :woot:



Still, thanks very much for all your help, what's the usual donation?????????????????????????????

:tazz: :) :) :woot:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP