Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

adware se personal gets stuck

Started by ddhacker , Nov 27 2005 11:21 AM

  • This topic is locked This topic is locked

#1
ddhacker
Posted 27 November 2005 - 11:21 AM

ddhacker

    Member

  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:28:24 PM, on 11/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Buddy Spy\BuddySpy.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.883\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130499380819
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDBBA000-8B4C-4048-BDA7-BAACC9570240}: NameServer = 61.0.128.65 61.0.0.5
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

please let me know why adware se is not scanning-do i have a trojan
  • 0

Advertisements

#2
Michelle
Posted 27 November 2005 - 11:31 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Welcome to Geeks to Go!

First, let's check the file Ad-Aware gets stuck on:

Set your system to SHOW HIDDEN FILES

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:

C:\WINDOWS\System32\ics.xml

Click "Open", then click the "Submit" button. Copy the results and paste them here.
  • 0

#3
ddhacker
Posted 27 November 2005 - 12:18 PM

ddhacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
HI THANKS FOR YOUR REPLY-I DID AS U ASKED AND RESULT IS CLEAR--POSTING U RESULT OF JOTTI VIRUS SCAN OF THE icsxml files

Service load: 0% 100%

File: ipcfg.xml
Status: OK
MD5 8635113bea450edd44e39086c5732ac0
File: osinfo.xml
Status: OK
MD5 b85b19d4a10d2a2a4ed8b662341a1bf8
File: potscfg.xml
Status: OK
MD5 79b903ed2cdacafa92b38a6177b200f2
File: pppcfg.xml
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 7fb62f521c35ad6d2b2567a361c25b73
File: cmnicfg.xml
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 d154b34d0691085a64935ac12e292058
  • 0

#4
Michelle
Posted 27 November 2005 - 12:23 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Is there not a file called ics.xml in your system32 folder?
  • 0

#5
ddhacker
Posted 27 November 2005 - 12:32 PM

ddhacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
no there is a folder icsxml inside system32. and inside the folder there r above mentioned 5 files which i scanned
ipcfg.xml
osinfo.xml
potscfg.xml
pppcfg.xml
cmnicfg.xml
scan of all five files is ok
  • 0

#6
Michelle
Posted 27 November 2005 - 12:37 PM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
Update Ad-Aware definitions.

Then reboot into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Use your arrow key to highlight Safe Mode and hit enter.

Run Ad-Aware in Safe Mode and see if it still gets stuck.
  • 0

#7
ddhacker
Posted 28 November 2005 - 03:30 AM

ddhacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i have updated defination and run in in safe mode too-but same problem
adware get stuck on folder-c/window/system32/icsxml

please see my hijack log and tell if there is any malware there
  • 0

#8
ddhacker
Posted 28 November 2005 - 07:09 AM

ddhacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
how can i make adware se-skip folder- c/window/system32/icsxml. while scanning
does my hijack thislog has anythign thing unfamiliar
  • 0

#9
Michelle
Posted 28 November 2005 - 08:03 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
No I don't see anything in your log but that doesn't mean nothing is on your system.

First, download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, if it does click No.

Then, please run this online virus scan:
ActiveScan (you'll need to use IE and choose scan "My Computer")

Copy the results of the ActiveScan and paste them here.
  • 0

#10
ddhacker
Posted 28 November 2005 - 08:24 AM

ddhacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
did both but clean -result and :tazz: same problem
  • 0

#11
Michelle
Posted 28 November 2005 - 08:32 AM

Michelle

    Malware Removal Goddess

  • Retired Staff
  • 8,928 posts
I would advise posting a new topic in the Applications forum:

http://www.geekstogo...hp?showforum=12

You won't need to post a HiJackThis log there, just tell them that Ad-Aware gets stuck when it reaches that folder (You do have the newest version version of Ad-Aware?)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP