Post by: erikiholloman on October 28, 2006, 10:28:53 AM
Scan saved at 11:26:51 PM, on 10/28/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Kg\command.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\WINDOWS\System32\svchosts.exe
C:\Documents and Settings\admin\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soccernet.com/ (http://\"http://soccernet.com/\")
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [SVC Hosts] svchosts.exe
O4 - HKLM\..\RunServices: [SVC Hosts] svchosts.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SVC Hosts] svchosts.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab\")
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by122fd.bay122.Email (http://\"http://by122fd.bay122.Email\") Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143655911453 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143655911453\")
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1143655827765 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143655827765\")
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab\")
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll\")
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab (http://\"http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DD342EF-B430-47D4-A63F-828B3E350433}: NameServer = 85.255.116.157 85.255.112.166
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\WINDOWS\System32\textwareilluminatorbaseProtocol.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Kg\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Windows Task Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
Post by: guestolo on October 29, 2006, 10:32:34 AM
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
Also, supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Post by: erikiholloman on October 31, 2006, 12:12:31 PM
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.8
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.0
Advanced MP3 Converter 2.18
Advanced Networking Pack for Windows XP
ASUSDVD XP
BitComet 0.70
BitTorrent 3.4.2
Cambridge Advanced Learner's Dictionary
Chinese Star XP
CM 03-04
Cooolsoft Power MP3 WMA Convertor v1.03
Disc2Phone
DivX Player
DivX Web Player
EA.com Matchup
EA.com Update
Football Manager 2005
Football Manager 2006
GameSpy Arcade
Google Earth
Google Toolbar for Internet Explorer
GunboundWC
Hexic Deluxe
HijackThis 1.99.1
hp deskjet 3420 series (Remove only)
ICQ
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
Kaspersky Anti-Virus Personal
Kaspersky Online Scanner
Macromedia Authorware 7.0
Macromedia Extension Manager
Macromedia Flash MX
Macromedia Flash Player 8
Macromedia Flash Remoting MX for Java
Macromedia Shockwave Player
Mailinfo for Outlook
MediaTickets by OIN
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office FrontPage 2003
Microsoft Office OneNote 2003
Microsoft Office Professional Edition 2003
Microsoft Office Project Professional 2003
Microsoft Office Visio Professional 2003
Microsoft Office XP Web Components
Mozilla Firefox (1.5)
Mozilla Thunderbird (1.0)
MSN Add-in for Windows Messenger
MSN Music Assistant
MSN Search Toolbar
Nero Suite
NVIDIA Drivers
NVIDIA WDM Drivers
QuickTime
RealArcade
RealPlayer
Remove DivX Pro Codec
Science Year 1 MyCD
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905495)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Shockwave
Skype 2.5
SoundMAX
Spybot - Search & Destroy 1.3
Sunbelt Kerio Personal Firewall
UEFA EURO 2004 (tm) POR Screensaver
UEFA EURO 2004 CRO Live Wallpaper
UEFA EURO 2004 CZE Live Wallpaper
UEFA EURO 2004 ESP Live Wallpaper
UEFA EURO 2004 ITA Live Wallpaper
UEFA EURO 2004 NED Live Wallpaper
UEFA EURO 2004 POR Live Wallpaper
Update for Windows XP (KB835409)
Update for Windows XP (KB898461)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
WinAce Archiver
Winamp (remove only)
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Safety scanner
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB820291
Windows XP Hotfix - KB821253
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB826942
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB833987
Windows XP Hotfix - KB833998
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB840987
Windows XP Hotfix - KB841356
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB871250
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB873376
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889293
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891711
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB896688
Windows XP Hotfix - KB897715
Windows XP Hotfix - KB905915
Windows XP Hotfix - KB911567
Windows XP Hotfix - KB916281
Windows XP Hotfix - KB918439
Windows XP Hotfix - KB918899
WinRAR archiver
WinZip
Yahoo! Address AutoComplete
Yahoo! Anti-Spy
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Toolbar for Internet Explorer
Yahoo! Widget Engine
Post by: guestolo on October 31, 2006, 12:37:07 PM
You didn't even post the combofix log
/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' /> Can you redo the steps I asked for
Quote
Download this file - Combofix.exe (http://\"http://download.bleepingcomputer.com/sUBs/combofix.exe\") and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from combofix please
Also, supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
I'll just hold tight till both new logs are posted
Post by: erikiholloman on November 01, 2006, 03:52:40 AM
'16 bit MS-DOS Subsystem' C:\sUBs\TSF\ntp.exe C:\PROGRA~1\Symantec\S32EVNT1.DLL. An installable Virtual Device Driver failed Dll initialization.choose 'close' to terminate tha application.
so i cannot finish the scan n get the combofix log
Post by: guestolo on November 01, 2006, 09:40:18 PM
Let's do some cleaning
Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop.
We'll need it later
download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe (http://\"http://downloads.subratam.org/Fixwareout.exe\")
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe (http://\"http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe\")
Save it to your desktop
We'll need it later
Download>>Install [color=\"#000099\"]AVG Anti-Spyware 7.5[/color] (http://\"http://www.ewido.net/en/download/\") from Ewido networks
- Load AVG-antispyware and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Close it afterwards, as we will need it later
- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to, click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C:) or whatever your primary drive is
- Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
Save it then transfer to the
same folder you made earlier (c:\BFU).
We should update your version of Sun Java to plug up security holes that malware can exploit
==Download the latest version of Java Runtime Environment (JRE) 5.0 Update 9 (http://\"http://java.sun.com/javase/downloads/index.jsp\")
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement[/i]".
- The page will refresh.
- Click on the link to download Windows Offline Installation Multi-language
Don't install it yet
Print the rest of these instructions or save them too a text file on your desktop
Access your Add/remove programs via Control Panel
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )
eg..J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
They should have the following icon next to it: (http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif)
Select it and click Remove on any found
Stay in add/remove programs
Remove the next ones also
MediaTickets by OIN
Then finally remove
Spybot - Search & Destroy 1.3
Spybot isn't malicious, but terribly out of date
Reboot the computer
Back in Windows
Do a "System scan only" with Hijackthis and put a check next to these entries:
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [SVC Hosts] svchosts.exe
O4 - HKLM\..\RunServices: [SVC Hosts] svchosts.exe
O4 - HKCU\..\Run: [SVC Hosts] svchosts.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DD342EF-B430-47D4-A63F-828B3E350433}: NameServer = 85.255.116.157 85.255.112.166
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Kg\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Remote Plugin Service - Unknown owner - C:\WINDOWS\system32\lsyss.exe (file missing)
O23 - Service: Windows Task Manager - Unknown owner - C:\WINDOWS\system32\vcmon.exe (file missing)
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
FixWareout
Double click on Fixwareout.exe to run it
Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads a text file will open
(report.txt)
Can you save it somewhere you will remember, like on the desktop
Then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
* Clean your Cache and Cookies in IE:
- Go to Control Panel > Internet Options > General tab
- Click the "Delete Cookies" button
- Next to it, Click the "Delete Files" button
- When prompted, place a check in: "Delete all offline content", click OK
- Go to Tools > Options.
- Click Privacy in the menu on the left side of the Options window.
- Click the Clear button located to the right of each option (History, Cookies, Cache).
- Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
[/list]* Clean other Temporary files + Recycle bin
- Go to start > run and type:
- Let it scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
- Press OK to remove them.
- Start the Brute Force Uninstaller by doubleclicking BFU.exe
- Next to the scriptline to execute field click the folder icon (http://metallica.geekstogo.com/foldericon.png)
and select alcanshorty.bfu - Press Execute and let it do it's job. (You ought to see a progress bar if you did this correctly.)
- Wait for the complete script execution box to pop up and press OK.
- Press exit to terminate the BFU program.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- ALLOW the computer to reboot back to Normal Windows
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
I'll need to see it later
AVG-AntiSpyware Scan
- Load AVG-Antispyware and Select the "Scanner" tab
- Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected
- Click back to the "Scan" tab and then click on Complete System Scan.
- Let this scan complete, let it run uninterrupted
- AVG will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
Go ahead and install the latest version of Sun java from the installer on your desktop
After installation you can delete the installer
Let's update your version of Spybot
Download and Install Spybot 1.4 from
HERE (http://\"http://fileforum.betanews.com/detail/Spybot_Search_and_Destroy/1043809773/1\")
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
After update is complete
Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
FIX all selected promblems in RED
RESTART the computer to finish any cleaning process
Back in Windows, can you please post back all the following
Even if it takes more than one reply to do so
If you get stuck on any of the above instructions, skip it and carry on, let me know what you
couldn't accomplish afterwards
1. Post a fresh hijackthis log
2. Post the log from Fixwareout>>Report.txt on desktop
3. Post the log from SDFix>>Report.txt in the SDFix folder
4. Post the whole report from AVG-Antispyware
Could you also try running combofix again, If you get the same error message as before
If the option is available, IGNORE it and let it run and post it's log too, thanks
Post by: erikiholloman on November 17, 2006, 03:57:44 AM
[font=\"Arial Black\"]hijackthis log[/font]
Logfile of HijackThis v1.99.1
Scan saved at 4:55:02 PM, on 11/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{305264CE-31E7-4124-9F21-EF563D1B239D}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Post by: guestolo on November 18, 2006, 05:15:48 PM
Any problems now?
Post by: erikiholloman on November 18, 2006, 11:16:26 PM