My hijack this log... (keep getting weird things installed)

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

camrael

Thread Starter
Joined
Sep 12, 2003
Messages
10
My log... In a moment of weakness I installed some MP3 ripping shareware... :(


Logfile of HijackThis v1.97.1
Scan saved at 11:59:36 PM, on 9/11/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\TrayIcon.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\System32\CTHELPER.EXE
E:\Program Files\PestPatrol\PPControl.exe
E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\WINDOWS\System32\taskswitch.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\System32\rundll32.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\WINDOWS\System32\cisvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\System32\cidaemon.exe
E:\Documents and Settings\Cameron\Desktop\HijackThis.exe
E:\Program Files\Messenger\msmsgs.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {A85C4A1B-BD36-44E5-A70F-8EC347D9B24F} - E:\WINDOWS\bs3.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\windows\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\windows\googletoolbar.dll
O3 - Toolbar: (no name) - {E9407738-A996-421A-A309-5C93C699E10A} - (no file)
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DisplayTrayIcon] E:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] E:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Bsx3] RunDLL32.EXE E:\WINDOWS\bs3.dll,DllRun
O4 - HKLM\..\Run: [{2CF0B992-5EEB-4143-99C0-5297EF71F444}] rundll32.exe E:\WINDOWS\System32\stlbdist.DLL,DllRunMain
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://E:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://E:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://E:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://E:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E2} (ShowSetupObj2 Class) - http://invite.mshow.com/ShowSetup2.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0244a7e4cffdfe430500/netzip/RdxIE601.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37737.6631481481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A661826-AB2A-49DA-803E-FCB65F8C3C57}: NameServer = 192.168.1.1
 
Joined
Aug 10, 2003
Messages
401
The first thing I spotted seems to be the SOBIG.E virus I think?

Do an online scan here:
http://housecall.trendmicro.com/

See what it shows up and remove anything if necessary.
There's a bit to do so I hope you have some spare time!

Then Go here http://www.lavasoftusa.com/software/adaware/ and download Adaware 6

Install the program and launch it.

I strongly recommend that you read the help file to familiarize yourself with the program.

Before running the scan look at the top of the main window and you will see a Gear Icon. This is where you configure the settings. Click on that and then in the next window that pops up click on the "Scanning" tab on the left side. Under "Drives and Folders" put a check by "Scan within archives" and below that under "Memory and Registry" put a check by all the options there.
The click on the "Tweak" tab and under "Scanning engine" put a check by "Unload recognized processes during scanning" ...........then......under "Cleaning engine" put a ckeck by "Automatically try to unregister objects prior to deletion" and "Let windows remove files in use at next reboot" then click "Proceed"

Next in the main window look in the bottom right corner and click on "Check for updates now" and get the latest referencefiles.
After getting the latest referencefiles you are ready to scan.

Click "Start" and in the next window make sure "Active in depth scanning" is checked then click "Next" and the scan will begin.

When it is finished let it fix everything it finds.

Restart your computer.

Then go here http://spybot.eon.net.au/index.php?...p;page=download and download Spybot.

Install the program and launch it.

Before scanning press "Online" and "Search for Updates" .

Put a check mark at and install all updates.

Click "Check for Problems" and when the scan is finished let Spybot fix/remove all it finds.

Restart your computer.

Be sure and take advantage of the "Immunize" feature in Spybot.

Finally go here http://www.net-integration.net/cgi-...=ST;f=38;t=3051 for info on how this happens and how to prevent future attacks.
On this page you will find a link to Javacool's SpywareBlaster. Get it and check for updates frequently.
The Immunize feature in Spybot used in conjunction with SpywareBlaster and weekly scans with Spybot and Adaware will go a long way toward keeping you spyware free.

IMPORTANT!: Alwayds check for updated detections and referencefiles before scanning with Spybot and Adaware.


When you've finished with all that do another HT scan and post it back in this thread let us see if everything has worked out.
 

camrael

Thread Starter
Joined
Sep 12, 2003
Messages
10
Thank you!

I do run Anti-virus software with daily scans (I use Norton 2003) and daily updates, I also use Pest patrol.

My main problem is using kazaa lite and downloading from kazaa...

I think I may have to stop that, since I don't check email on this computer.

Anyways I am running a trend micro scan now, and also have installed adware for next step.
 

camrael

Thread Starter
Joined
Sep 12, 2003
Messages
10
Ok, I ran virus scan, several hijack this, cleaned a few things for Ezula, Bargain.exe etc, also purchased Ad-aware plus and scanned several times cleaning each time...

Here is both start up list and the latest Hijackthis report.

Thanks!


===========





StartupList report, 9/12/2003, 8:30:32 AM
StartupList version: 1.52
Started from : E:\Documents and Settings\Cameron\Desktop\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\TrayIcon.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\System32\CTHELPER.EXE
E:\Program Files\PestPatrol\PPControl.exe
E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\WINDOWS\System32\taskswitch.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\uptodate.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\PROGRA~1\ezula\mmod.exe
E:\WINDOWS\System32\cisvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\Documents and Settings\Cameron\Desktop\HijackThis.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\cidaemon.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = E:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

nForce Tray Options = sstray.exe /r
NvCplDaemon = RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
DisplayTrayIcon = E:\WINDOWS\System32\TrayIcon.exe
ccApp = "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check = E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
WINDVDPatch = CTHELPER.EXE
PestPatrol Control Center = E:\Program Files\PestPatrol\PPControl.exe
PPMemCheck = E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
CookiePatrol = E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
POINTER = point32.exe
QuickTime Task = "E:\Program Files\QuickTime\qttask.exe" -atboottime
NeroCheck = E:\WINDOWS\System32\NeroCheck.exe
CoolSwitch = E:\WINDOWS\System32\taskswitch.exe
CTHelper = CTHELPER.EXE
AsioReg = REGSVR32.EXE /S CTASIO.DLL
AdaptecDirectCD = E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
EbatesMoeMoneyMaker = javaw -cp "E:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "E:\Program Files\EbatesMoeMoneyMaker"
RunWindowsUpdate = E:\WINDOWS\uptodate.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

NvMediaCenter = RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
MsnMsgr = "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

--------------------------------------------------

Shell & screensaver key from E:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=E:\WINDOWS\System32\3DWIND~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - e:\windows\googletoolbar.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
NAV Helper - E:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[ShowSetupObj2 Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\ShowSetup2.dll
CODEBASE = http://invite.mshow.com/ShowSetup2.dll

[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE = http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe

[RdxIE Class]
InProcServer32 = E:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://207.188.7.150/0244a7e4cffdfe430500/netzip/RdxIE601.cab

[HouseCall Control]
InProcServer32 = E:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab

[{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}]
CODEBASE = http://toolbar.google.com/data/GoogleActivate.cab

[Update Class]
InProcServer32 = E:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37737.6631481481

[Shockwave Flash Object]
InProcServer32 = E:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: E:\WINDOWS\system32\SHELL32.dll
CDBurn: E:\WINDOWS\system32\SHELL32.dll
WebCheck: E:\WINDOWS\System32\webcheck.dll
SysTray: E:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 6,510 bytes
Report generated in 0.032 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
 

camrael

Thread Starter
Joined
Sep 12, 2003
Messages
10
Logfile of HijackThis v1.97.1
Scan saved at 8:31:30 AM, on 9/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\System32\TrayIcon.exe
E:\Program Files\Common Files\Symantec Shared\ccApp.exe
E:\WINDOWS\System32\CTHELPER.EXE
E:\Program Files\PestPatrol\PPControl.exe
E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\WINDOWS\System32\taskswitch.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\uptodate.exe
E:\WINDOWS\System32\RUNDLL32.EXE
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\PROGRA~1\ezula\mmod.exe
E:\WINDOWS\System32\cisvc.exe
E:\Program Files\Norton AntiVirus\navapsvc.exe
E:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
E:\WINDOWS\System32\nvsvc32.exe
E:\Documents and Settings\Cameron\Desktop\HijackThis.exe
E:\WINDOWS\System32\cidaemon.exe
E:\WINDOWS\System32\notepad.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\windows\googletoolbar.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\windows\googletoolbar.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DisplayTrayIcon] E:\WINDOWS\System32\TrayIcon.exe
O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "E:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] E:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] E:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] E:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] E:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CoolSwitch] E:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] javaw -cp "E:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "E:\Program Files\EbatesMoeMoneyMaker"
O4 - HKLM\..\Run: [RunWindowsUpdate] E:\WINDOWS\uptodate.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://E:\WINDOWS\GoogleToolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://E:\WINDOWS\GoogleToolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://E:\WINDOWS\GoogleToolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://E:\WINDOWS\GoogleToolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page - res://E:\WINDOWS\GoogleToolbar.dll/cmtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {11B2C0D3-DFFB-11D3-9253-00500498D7E2} (ShowSetupObj2 Class) - http://invite.mshow.com/ShowSetup2.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...ple.com/drakken/us/win/QuickTimeInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0244a7e4cffdfe430500/netzip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/0fb5e03023def1/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37737.6631481481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A661826-AB2A-49DA-803E-FCB65F8C3C57}: NameServer = 192.168.1.1
 
Joined
Aug 10, 2003
Messages
401
Although a lot of the rubbish has gone from your 2nd log that virus is still there. Although it's not the actual SoBig.E virus itself as I suspected, it is a virus related to it, and needs to be removed.
Use the removal tool I posted to be on the safe side.

I have also found a BrowserAid parasite.

Run Hijack This again and put a check by these. Close all browser windows and "Fix checked"

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] E:\WINDOWS\uptodate.exe

Then reboot in safe mode (press F8 during start-up) and delete items in bold:

c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
E:\WINDOWS\uptodate.exe


Here's some info on both items if you're interested:
mmtask.exe Added as a result of a VIRUS related to the SOBIG.E VIRUS!
RunWindowsUpdate uptodate.exe BrowserAid/BrowserPal foistware
 
Joined
Oct 4, 2002
Messages
76
BTW the way if you are using Kazaa then you will have also loaded all the other programs with it. Ad-aware will always find objects that you will have to Ignore.

You might want to try Winmx and Shareaza
 

camrael

Thread Starter
Joined
Sep 12, 2003
Messages
10
I am using Kazaa light which I thought was better... I get a lot of virus warnings when downloading various apps... I think I will simply stop this and uninstall file sharing apps.
 
Joined
Oct 9, 2001
Messages
9,396
add this one;
O4 - HKLM\..\Run: [EbatesMoeMoneyMaker] javaw -cp "E:\Program Files\EbatesMoeMoneyMaker\System\Code" Main lp: "E:\Program Files\EbatesMoeMoneyMaker"

and this one:
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/0244a7e4cffdfe...ip/RdxIE601.cab

nothing wrong with kazaalite.........i use it all the time and i wouldnt if there were any security risks.......scan all downloads for virii.

and i dont see a firewall running,you NEED one.
;)
 

camrael

Thread Starter
Joined
Sep 12, 2003
Messages
10
I use a hardware based firewall using NAT, should I also run something like the XP built in firewall or should I run something like Zonealarms etc?
 
Joined
Oct 9, 2001
Messages
9,396
no....the hardware firewall is fine.............the xp one is not much good.

is all ok now?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top