Post by: jenseeka on January 14, 2006, 05:58:04 AM
This is my latest hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 6:47:24 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com (http://\"http://www.dell.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jennifer/My%20Documents/My%20Webs/navigate.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com\")
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1045.dll,InstantAccess
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: M8Clips.lnk = C:\Program Files\ClipM8\ClipM8.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/s...net32_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN_XP.cab\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab (http://\"http://www.cyberlink.com/winxp/CheckDVD.cab\")
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P2EC..._1041_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab (http://\"http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB (http://\"http://advnt01.com/dialer/int_ver30.CAB\")
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EC..._1045_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN_XP.cab\")
O16 - DPF: {BFC9677B-8006-4336-9D49-2C797AEFCB9E} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1058_XP.cab (http://\"http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1058_XP.cab\")
O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/s...svc32_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN_XP.cab\")
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB (http://\"http://advnt01.com/dialer/internazionale_ver15.CAB\")
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1061_XP.cab (http://\"http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {C342E0D7-E333-42D5-89C6-47B734C359C6} - C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
I tried to follow a couple of threads but it seems I have some unique problems that are not the same as the other persons' problems so I'm posting this as a last resort.
Post by: jenseeka on January 15, 2006, 04:08:47 AM
I've downloaded:
- hijackthis
- ewido
- already had ad aware SE
- BFU.exe and p2pnetwork.bfu...
- Windows Cleanup!
I ran all of this following another thread. I only deleted the cookies found in the Cleanup and the bad stuff in Ad aware. I didn't touch anything in Ewido but scanned and recorded a log from it. my computer runs much better now but it is still getting the error popup.
I think I've still got a lot of stuff I dont need in my task manager but didn't want to touch anything in case it is relevent to how the computer works.
Please help me fix this error popup? I only want to fix this popup that's all!
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />
Post by: guestolo on January 15, 2006, 10:27:45 PM
Let's see what has changed
Post by: jenseeka on January 17, 2006, 12:12:25 AM
Scan saved at 1:11:01 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\ClipM8\ClipM8.exe
C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com (http://\"http://www.dell.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jennifer/My%20Documents/My%20Webs/navigate.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com\")
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1045.dll,InstantAccess
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: M8Clips.lnk = C:\Program Files\ClipM8\ClipM8.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab (http://\"http://www.cyberlink.com/winxp/CheckDVD.cab\")
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P2EC..._1041_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1041_EN_XP.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab (http://\"http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN_XP.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB (http://\"http://advnt01.com/dialer/int_ver30.CAB\")
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EC..._1045_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_1045_EN_XP.cab\")
O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/s...svc32_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN_XP.cab\")
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB (http://\"http://advnt01.com/dialer/internazionale_ver15.CAB\")
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1061_XP.cab (http://\"http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1061_XP.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {C342E0D7-E333-42D5-89C6-47B734C359C6} - C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Post by: guestolo on January 17, 2006, 12:18:45 AM
Save Silent Runners.vbs (http://\"http://www.silentrunners.org/Silent%20Runners.vbs\") to your desktop and double click on it to run.
If prompted by your AV, please let this script run, we are just collecting information
This will create a text file on your desktop
Open the text file and copy and paste the contents back here
NOTE: let silentrunners completely finish, it should prompt when it is done
Post by: jenseeka on January 17, 2006, 12:39:43 AM
-------------------------
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/ (http://\"http://www.silentrunners.org/\")
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WebCamRT.exe" = (empty string)
"Instant Access" = "rundll32.exe p2esocks_1045.dll,InstantAccess" [MS]
"Utopia Angel" = ""C:\Utopia\Angel\Angel.exe"" [null data]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"(Default)" = (empty string)
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"LVCOMS" = "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"SurfAccuracy" = "C:\Program Files\SurfAccuracy\SAcc.exe" [file not found]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"muydghoja" = "c:\windows\system32\muydghoja.exe muydghoja" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{944864A5-3916-46E2-96A9-A2E84F3F1208}\(Default) = "Accoona Search Assistant"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Accoona\ASearchAssist.dll" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SmartFTP\smarthook.dll" [file not found]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/html\CLSID = "{C342E0D7-E333-42D5-89C6-47B734C359C6}"
-> {CLSID}\InProcServer32\(Default) = "C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Active Desktop web content:
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
Startup items in "Jennifer" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\Jennifer\Start Menu\Programs\Startup
INFECTION WARNING! "PowerReg Scheduler V3.exe" ["Leader Technologies"]
INFECTION WARNING! "PowerReg Scheduler.exe" [empty string]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"D-Link AirPlus" -> shortcut to: "C:\Program Files\D-Link AirPlus\AirPlus.exe" ["D-Link"]
"M8Clips" -> shortcut to: "C:\Program Files\ClipM8\ClipM8.exe" ["M8 Software"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"TabUserW.exe" -> shortcut to: "C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe" ["Wacom Technology, Corp."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
TabletService, TabletService, "C:\WINDOWS\system32\Tablet.exe" ["Wacom Technology, Corp."]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 68 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 108 seconds)
Post by: guestolo on January 17, 2006, 12:40:57 AM
But like I reminded you, let it prompt that it's done
Should take about 30 seconds<<--rough guess
Post by: jenseeka on January 17, 2006, 12:43:39 AM
Post by: guestolo on January 17, 2006, 01:26:39 AM
When I ask you too download a zip file, make sure you choose SAVE TO DISK rather than Open
Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU
==Download and save and then UNZIP to the BFU folder
BFU.zip (http://\"http://www.merijn.org/files/bfu.zip\")
So you now have BFU.exe extracted
==[color=\"red\"]RIGHT-CLICK HERE[/color] (http://\"http://metallica.geekstogo.com/EGDACCESS.bfu\") and choose "Save As" (in IE it's "Save Target As") in order to download [color=\"red\"]EGDACCESS Remover[/color]. Save it in the folder you made earlier
C:\BFU folder
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop, well need this later, don't run it yet
Ensure to save REGEDIT4 and below in the code box
Code: [Select]
REGEDIT4
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SurfAccuracy"=-
"muydghoja"=- ==Download and Install
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
Don't run it yet
==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!
RESTART your Computer into SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu and hit Enter
Access your Add/remove programs via control panel and remove if found
SurfAccuracy
Remain in safe mode and delete this folder if found
C:\Program Files\SurfAccuracy <-folder
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Open the BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to EGDACCESS.bfu in the BFU folder
Right click EGDACCESS.bfu and choose Select
In Brute Force Uninstaller select Execute
Let it finish then Exit
==Double click on fix.reg and allow to add/merge to the registry
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows
Stay in safe mode
Do a "System scan only" with Hijackthis and put a check next to these entries:
Not all may exist, but tick what you see from below
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/...//www.yahoo.com\")
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1045.dll,InstantAccess
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab (http://\"http://www.cyberlink.com/winxp/CheckDVD.cab\")
O16 - DPF: {54C75FB0-6B8B-4278-BF7B-77036F15A69E} - http://akamai.downloadv3.com/binaries/P2EC..._1041_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/P2EC..._1041_EN_XP.cab\")
O16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} - http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab (http://\"http://scripts.downloadv3.com/binaries/IA/...svc32_EN_XP.cab\")
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/dialer/int_ver30.CAB (http://\"http://advnt01.com/dialer/int_ver30.CAB\")
O16 - DPF: {BE5A7132-329F-4319-B781-2A83BFE51534} - http://akamai.downloadv3.com/binaries/P2EC..._1045_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/P2EC..._1045_EN_XP.cab\")
O16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} - http://akamai.downloadv3.com/binaries/IA/s...svc32_EN_XP.cab (http://\"http://akamai.downloadv3.com/binaries/IA/s...svc32_EN_XP.cab\")
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB (http://\"http://advnt01.com/dialer/internazionale_ver15.CAB\")
O16 - DPF: {FA83E942-B796-46DE-9155-1632ECC5473B} - http://akamai.downloadv3.com/binaries/EGDA...ESS_1061_XP.cab (http://\"http://akamai.downloadv3.com/binaries/EGDA...ESS_1061_XP.cab\")
After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot back to Normal mode
Back in Windows
Can i see the following please
1. Post a fresh hijackthis log
2. Post the full report from Ewido's
3. Can you run Silent Runners again and post the new log
Additionally, can you
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
Can you go to this site
Jotti's Online Malware scan (http://\"http://virusscan.jotti.org/\")
Give this site time to load if busy
Use the browse button and navigate to this file on your hard drive
C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat <-this file
Right click on it and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scans back here please
Post by: jenseeka on January 17, 2006, 07:17:59 AM
+++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at 8:04:46 PM, on 1/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\ClipM8\ClipM8.exe
C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com (http://\"http://www.dell.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jennifer/My%20Documents/My%20Webs/navigate.html
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: M8Clips.lnk = C:\Program Files\ClipM8\ClipM8.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {C342E0D7-E333-42D5-89C6-47B734C359C6} - C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
++++++++++++++++++++++
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:40:22 PM, 1/17/2006
+ Report-Checksum: F18FCB15
+ Scan result:
:mozilla.33:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Jennifer\My Documents\My Received Files\jenseeka\ksobdgxz.slt\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-9936589-2548320283-1105450815-500\Dc4.dll -> Adware.NaviPromo : Cleaned with backup
::Report End
+++++++++++++++++++
"Silent Runners.vbs", revision 43, http://www.silentrunners.org/ (http://\"http://www.silentrunners.org/\")
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"WebCamRT.exe" = (empty string)
"Utopia Angel" = ""C:\Utopia\Angel\Angel.exe"" [null data]
"msnmsgr" = ""C:\Program Files\MSN Messenger\msnmsgr.exe" /background" [MS]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Apoint" = "C:\Program Files\Apoint\Apoint.exe" ["Alps Electric Co., Ltd."]
"(Default)" = (empty string)
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"DVDLauncher" = ""C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"" ["CyberLink Corp."]
"PCMService" = ""C:\Program Files\Dell\Media Experience\PCMService.exe"" ["CyberLink Corp."]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"LVCOMS" = "C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" ["Logitech Inc."]
"LogitechGalleryRepair" = "C:\Program Files\Logitech\ImageStudio\ISStart.exe" ["Logitech Inc."]
"LogitechImageStudioTray" = "C:\Program Files\Logitech\ImageStudio\LogiTray.exe" ["Logitech Inc."]
"AVG7_CC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP" ["GRISOFT, s.r.o."]
"AVG7_EMC" = "C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe" ["GRISOFT, s.r.o."]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" ["Sun Microsystems, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
"{B446400D-0030-457b-8F64-422A19605186}" = "Logitech Gallery"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Logitech\ImageStudio\NameSpc.dll" ["Logitech Inc."]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}" = "AVG7 Find Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
"{B8323370-FF27-11D2-97B6-204C4F4F5020}" = "SmartFTP Shell Extension DLL"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\SmartFTP\smarthook.dll" [file not found]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]
HKLM\Software\Classes\PROTOCOLS\Filter\
INFECTION WARNING! text/html\CLSID = "{C342E0D7-E333-42D5-89C6-47B734C359C6}"
-> {CLSID}\InProcServer32\(Default) = "C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat" [null data]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
AVG7 Shell Extension\(Default) = "{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Free\avgse.dll" ["GRISOFT, s.r.o."]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\WinZip\WZSHLSTB.DLL" ["WinZip Computing, Inc."]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Active Desktop web content:
HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\0\
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"
Startup items in "Jennifer" & "All Users" startup folders:
----------------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Gamma Loader.exe" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"D-Link AirPlus" -> shortcut to: "C:\Program Files\D-Link AirPlus\AirPlus.exe" ["D-Link"]
"M8Clips" -> shortcut to: "C:\Program Files\ClipM8\ClipM8.exe" ["M8 Software"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]
"TabUserW.exe" -> shortcut to: "C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe" ["Wacom Technology, Corp."]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 21
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll" ["Sun Microsystems, Inc."]
{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
AVG7 Alert Manager Server, Avg7Alrt, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe" ["GRISOFT, s.r.o."]
AVG7 Update Service, Avg7UpdSvc, "C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe" ["GRISOFT, s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
TabletService, TabletService, "C:\WINDOWS\system32\Tablet.exe" ["Wacom Technology, Corp."]
Print Monitors:
---------------
HKLM\System\CurrentControlSet\Control\Print\Monitors\
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 12 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 10 seconds.
---------- (total run time: 40 seconds)
Post by: jenseeka on January 17, 2006, 08:49:43 AM
/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' /> This is the scan results from Jotti's Online Malware scan. Do you know what to do with this? /unsure.gif\' class=\'bbc_emoticon\' alt=\':unsure:\' /> -----------------------------------
Last file scanned at least one scanner reported something about: msg.zip, detected by:
Scanner Malware name
AntiVir Worm/Feebs.Gen.C
ArcaVir X
Avast X
AVG Antivirus X
BitDefender X
ClamAV JS.Feebs.B
Dr.Web Win32.HLLM.Graz
F-Prot Antivirus X
Fortinet JS/Feebs.A-tr
Kaspersky Anti-Virus Worm.Win32.Feebs.e
NOD32 X
Norman Virus Control X
UNA X
VBA32 X
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
--------------------
On a side note... there were several files in that list you told me to check in the Ewido to "fix checked" that was just not there... even the p2esocks_1045.dll one which was the file that I was getting popups about. I kept a list of those files that weren't in the ewido list to be fixed so if you want that I can post that.
Post by: guestolo on January 17, 2006, 10:02:21 AM
Quote
Last file scanned at least one scanner reported something about: msg.zip, detected by:That's a result of someone else's scan
Can you do this again please
Can you go to this site
Jotti's Online Malware scan (http://\"http://virusscan.jotti.org/\")
Give this site time to load if busy
Use the browse button and navigate to this file on your hard drive
C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat <-this file
Right click on it and choose Select
Then use the Submit button
Let it finish scanning<---Again, You must wait until it has finished uploading the file from your computer and scanning it
Could you post back the results of the scans back here please>>Your results of the V0.39.dat file
Quote
there were several files in that list you told me to check in the Ewido to "fix checked" that was just not there... even the p2esocks_1045.dll one which was the file that I was getting popups about.That's ok, Metallica's EGDACCESS script would of taken care of some files for you
Post by: jenseeka on January 17, 2006, 10:51:39 AM
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found Trojan-Downloader.Win32.Small.bdl
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found Downloader.Small.19 (probable variant)
not bad but still I'd like to be rid of it.
Post by: guestolo on January 17, 2006, 11:01:03 AM
Quote
not bad but still I'd like to be rid of it.Yup, me too
Can you do the following please
Open Hijackthis>>Open Misc tools section>>Open Delete File on Reboot
In the File name open field
Copy and paste the below in bold to the full path of the file name
C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat
Then Click the OPEN button, hijackthis should prompt that the file will be deleted and to reboot the computer
Don't reboot yet
Instead, in Hijackthis>>Click the Back button
Then click SCAN
Put a tick next to this entry:
O18 - Filter: text/html - {C342E0D7-E333-42D5-89C6-47B734C359C6} - C:\Documents and Settings\Jennifer\Local Settings\Application Data\microsoft\internet explorer\V0.39.dat
After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
Back in Windows, make sure that V0.39.dat is gone
Post a fresh hijackthis log
Post by: jenseeka on January 17, 2006, 07:58:19 PM
Scan saved at 8:54:58 AM, on 1/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Utopia\Angel\Angel.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\D-Link AirPlus\AirPlus.exe
C:\Program Files\ClipM8\ClipM8.exe
C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
C:\WINDOWS\System32\svchost.exe
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com (http://\"http://www.dell.com\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Jennifer/My%20Documents/My%20Webs/navigate.html
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Utopia Angel] "C:\Utopia\Angel\Angel.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: D-Link AirPlus.lnk = ?
O4 - Global Startup: M8Clips.lnk = C:\Program Files\ClipM8\ClipM8.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\SYSTEM32\Wtablet\TabUserW.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab (http://\"http://spaces.msn.com//PhotoUpload/MsnPUpld.cab\")
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab (http://\"http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab\")
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab (http://\"http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1AE995D2-BB1F-4719-B3D3-090C4944978E}: NameServer = 192.168.0.1,4.2.2.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Post by: guestolo on January 17, 2006, 08:19:45 PM
*If everything is running better
We should clear all your restore points to ensure you don't restore any nasties that may be residing in the
restore folders
Go to START>>RUN>>In the open field
type in msconfig
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
Back in Windows, Go back and take the check out of Turn off system restore
This will reenable the System Restore feature and creates a new restore point
[indent]===========================[/indent]
*For added protections against future attacks
You should install this free tool
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
Check for updates every couple of weeks
after every update just simply click the "enable protection on all unprotected items"
[/list]*Check for updates with your anti-spyware programs and run a check on a regular basis
About every couple of weeks
In addition to Ad-Aware, you should also include this next tool
Spybot 1.4, can be downloaded from HERE (http://\"http://www.download.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button\")
or HERE (http://\"http://www.safer-networking.org/en/download/index.html\")
- *After installation--Click the
*SEARCH FOR UPDATES on the right
*Check, and then download all updates
After update is complete
*Click the "Immunize" button on the left>>>OK at the prompt>>Immunzine at the top green cross
*Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
*FIX all selected problems in RED
[/list]RESTART the computer if any RED items were fixed
Do the above after every update
[indent]===========================[/indent]
I would opt to hold onto CleanUp! <--can be ran once a week
and Ewido<--check for updates once a month and run a scan
[indent]===========================[/indent]
You appear to be up to date on Windows updates
Just a reminder, if you are not set to Autoupdate, make a habit of visiting Windows Updates
and check for High Priority updates a couple times a month
This is important in keeping your system secure
Stay safe
/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: jenseeka on January 18, 2006, 01:24:13 AM
/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' /> I really appreciate it! and it was interesting to see how everything worked... thanks! /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Post by: guestolo on January 18, 2006, 01:50:51 AM
take care
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />