1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

need help with possible virus included hijack log

Discussion in 'Virus & Other Malware Removal' started by coach2, Jan 23, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    I have win xp,I run avg and ad-aware frequently. Last night my daughter clicked on something and now I know I have a bug. It changes her AIM away messages and also stole her password to facebook(directory for college students). Something is stopping me from running ad-aware,avg quarantined 2 trojans last night. Spybot found and fixed 2 entries. I've included a log so hopefully someone take a look and help.

    Logfile of HijackThis v1.99.1
    Scan saved at 7:37:13 PM, on 1/23/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\MSHTHA.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\1125156963\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1125156963\ee\AOLServiceHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/vzn.dsl/welcome.htm?ver=26734
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Microsoft Hyptertext Helper] MSHTHA.EXE
    O4 - HKCU\..\RunServices: [The Intranet] intranet.exe
    O4 - HKCU\..\RunOnce: [Microsoft Hyptertext Helper] MSHTHA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/31c9ffea/enter.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Intranet Service (IntranetService) - Unknown owner - intranet.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Fix these with HJT – mark them, close IE, click fix checked

    O4 - HKLM\..\Run: [Microsoft Hyptertext Helper] MSHTHA.EXE

    O4 - HKCU\..\RunServices: [The Intranet] intranet.exe

    O4 - HKCU\..\RunOnce: [Microsoft Hyptertext Helper] MSHTHA.EXE

    O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} - http://www.20x2p.com/31c9ffea/enter.cab

    O23 - Service: Intranet Service (IntranetService) - Unknown owner - intranet.exe (file missing)
    ================
    Click Start > Run > and type in:

    services.msc

    Click OK.

    In the services window find this exact name

    Intranet Service

    Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.



    DownLoad http://www.downloads.subratam.org/KillBox.zip

    Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

    Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

    C:\WINDOWS\system32\MSHTHA.EXE

    Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

    START – RUN – type in %temp% OK - Edit – Select all – File – Delete

    Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

    Empty the recycle bin
    Boot and post a new log from normal NOT safe mode

    Please give feedback on what worked/didn’t work and the current status of your system
     
  3. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    Hi,thanks for helping me,but I'm stuck. I got to the point in safe mode when I have to paste the lines in killbox,are you talking about the entries we fixed in the hijack list. If so I can't seem to find them,and in safe mode I can't access the hijack list. Please help
     
  4. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Run killbox in normal mode - post a new log
     
  5. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    Hi, can you please tell me how to start killbox in normal mode. Is there something that needs to be clicked on. Never used this before do not want to make any mistakes.

    Thanks
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Follow the instructions in #2 just forget the safe mode part
     
  7. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    The problem is I do not have any files to enter,On one of your replies you did post a file as an example. But it needs file typed in so it can delete.

    Hope I'm not causing any problems.
     
  8. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Here is the file

    C:\WINDOWS\system32\MSHTHA.EXE
     
  9. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    Logfile of HijackThis v1.99.1
    Scan saved at 4:43:04 PM, on 1/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\AOL\1125156963\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1125156963\ee\AOLServiceHost.exe
    C:\Program Files\AIM95\aim.exe
    C:\Program Files\Common Files\AOL\1125156963\ee\AOLServiceHost.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 4 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/vzn.dsl/welcome.htm?ver=26734
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
     
  10. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Clean [​IMG] - If you feel it is fixed, mark it solved via thread tools above - if not what is the current situation?
     
  11. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    I think something is still here cause we can't access e-mail (verizon dsl),and my daughter still cannot get on the college forum called facebook. When she enters her password,it takes her to the registration page same as our e-mail homepage.

    Thanks for all your help so far.

    Bill
     
  12. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    OK lets go deeper

    Go to the link below and download the trial version of SpySweeper:

    SpySweeper http://www.webroot.com/consumer/products/spysweeper/index.html?acode=af1&rc=4129&ac=tsg

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.
    Also post a new Hijack This log.
     
  13. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    7:09 PM: | Start of Session, Tuesday, January 24, 2006 |
    7:09 PM: Spy Sweeper started
    7:09 PM: Sweep initiated using definitions version 605
    7:09 PM: Starting Memory Sweep
    7:12 PM: Memory Sweep Complete, Elapsed Time: 00:03:16
    7:12 PM: Starting Registry Sweep
    7:12 PM: Found Adware: adultlinks
    7:12 PM: HKCR\interface\{d1320cbb-403d-483d-ae9a-688960a96977}\ (8 subtraces) (ID = 103273)
    7:12 PM: HKLM\software\classes\interface\{d1320cbb-403d-483d-ae9a-688960a96977}\ (8 subtraces) (ID = 103290)
    7:12 PM: Found Adware: delfin
    7:12 PM: HKLM\software\delfin\ (2 subtraces) (ID = 124849)
    7:12 PM: HKLM\software\delfin\promulgate\ (1 subtraces) (ID = 124850)
    7:12 PM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\delfin media viewer\ (2 subtraces) (ID = 124859)
    7:12 PM: HKLM\software\microsoft\windows\currentversion\uninstall\delfin media viewer\ (2 subtraces) (ID = 124878)
    7:12 PM: Found Adware: keenvalue/perfectnav
    7:12 PM: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
    7:12 PM: Found Adware: whenu
    7:12 PM: HKLM\software\microsoft\shared tools\msconfig\startupreg\whenusave\ (5 subtraces) (ID = 140437)
    7:12 PM: Found Adware: searchrelevancy
    7:12 PM: HKLM\software\searchrelevancy\ (3 subtraces) (ID = 141300)
    7:12 PM: Found Adware: wildmedia
    7:12 PM: HKCR\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146695)
    7:12 PM: HKLM\software\classes\interface\{851f86c9-d3cc-4574-93f5-40e2d65159e4}\ (8 subtraces) (ID = 146709)
    7:12 PM: Found Adware: 180search assistant/zango
    7:12 PM: HKCR\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792270)
    7:12 PM: HKLM\software\classes\clsid\{d676f999-4608-4dc5-a135-4f51f4212739}\ (1 subtraces) (ID = 792320)
    7:12 PM: HKU\S-1-5-21-2070620897-939620716-568186159-1003\software\delfin\ (3 subtraces) (ID = 124848)
    7:12 PM: Found Adware: great net downloadware
    7:12 PM: HKU\S-1-5-21-2070620897-939620716-568186159-1003\software\medialoads\ (4 subtraces) (ID = 125355)
    7:12 PM: Found Adware: bho_sep
    7:12 PM: HKU\S-1-5-21-2070620897-939620716-568186159-1003\software\sep\ (9 subtraces) (ID = 141642)
    7:12 PM: HKU\S-1-5-21-2070620897-939620716-568186159-1003\software\microsoft\internet explorer\main\ || updater2 (ID = 146720)
    7:12 PM: HKU\S-1-5-21-2070620897-939620716-568186159-1003\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango\ (1 subtraces) (ID = 554173)
    7:12 PM: Registry Sweep Complete, Elapsed Time:00:00:13
    7:12 PM: Starting Cookie Sweep
    7:12 PM: Found Spy Cookie: atwola cookie
    7:12 PM: [email protected][2].txt (ID = 2256)
    7:12 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
    7:12 PM: Starting File Sweep
    7:12 PM: Found Adware: winad
    7:12 PM: c:\program files\media gateway (ID = -2147477127)
    7:12 PM: Found Adware: squire webhelper
    7:12 PM: c:\program files\common files\sq (ID = -2147480239)
    7:12 PM: c:\documents and settings\all users\start menu\programs\delfin media viewer (1 subtraces) (ID = -2147481130)
    7:12 PM: c:\program files\delfin (ID = -2147481128)
    7:13 PM: Found Adware: cws_tiny0
    7:13 PM: q326830.log:zemvme (ID = 56997)
    7:14 PM: odbc.ini:hihdli (ID = 56935)
    7:15 PM: kb867282.log:hfadjn (ID = 56935)
    7:15 PM: ocmsn.log:qorkb (ID = 57016)
    7:15 PM: q328310.log:slxqnw (ID = 56887)
    7:16 PM: _fty0.231:cjrezk (ID = 56887)
    7:16 PM: _fty0.231:vpuht (ID = 57016)
    7:16 PM: _fty0.231:yrqxr (ID = 56935)
    7:17 PM: kb834707.log:edentq (ID = 56997)
    7:23 PM: q318138.log:eek:djkpr (ID = 57016)
    7:24 PM: kb835732.log:wmiygg (ID = 56997)
    7:24 PM: kb888113.log:wqync (ID = 56935)
    7:27 PM: prairie wind.bmp:kpbje (ID = 57016)
    7:28 PM: q309521.log:saxpc (ID = 56935)
    7:29 PM: mcafee_hp_xp.ico:haeldw (ID = 56887)
    7:29 PM: pstudio.ini:mrgnu (ID = 56935)
    7:29 PM: pstudio.ini:tgyuyc (ID = 56997)
    7:29 PM: dtcinstall.log:dubanw (ID = 57016)
    7:29 PM: q317277uninst.log:fkpmx (ID = 56935)
    7:29 PM: orun32.ini:jpkpd (ID = 57016)
    7:29 PM: dahotfix.log:kuivt (ID = 57016)
    7:29 PM: wt61ce.uwl:hankav (ID = 56935)
    7:32 PM: kb839645.log:eek:nbdbi (ID = 56935)
    7:33 PM: Found Adware: purityscan
    7:33 PM: ?hkdsk.exe (ID = 73231)
    7:35 PM: q314147.log:eek:fyzsc (ID = 56887)
    7:35 PM: faxsetup.log:eek:wetjj (ID = 56997)
    7:36 PM: Found Adware: ezula ilookup
    7:36 PM: woinstall.exe (ID = 60700)
    7:37 PM: music store.ico:hsnxzr (ID = 56997)
    7:37 PM: Found Trojan Horse: trojan-downloader-lowzones
    7:37 PM: kansup.reg (ID = 90368)
    7:38 PM: pfpjobpr.{pb:pzueg (ID = 57016)
    7:40 PM: Found Adware: wild media - minigolf
    7:40 PM: wildapp.inf (ID = 69911)
    7:40 PM: sepsd.bin (ID = 75367)
    7:40 PM: Found Trojan Horse: downloadul
    7:40 PM: atrwzpca.inf (ID = 59201)
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:40 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: Warning: Invalid file - not a PKZip file
    7:42 PM: File Sweep Complete, Elapsed Time: 00:29:41
    7:42 PM: Full Sweep has completed. Elapsed time 00:33:17
    7:42 PM: Traces Found: 124
    7:53 PM: Removal process initiated
    7:53 PM: Quarantining All Traces: 180search assistant/zango
    7:53 PM: Quarantining All Traces: purityscan
    7:53 PM: Quarantining All Traces: wildmedia
    7:53 PM: Quarantining All Traces: adultlinks
    7:53 PM: Quarantining All Traces: cws_tiny0
    7:54 PM: Quarantining All Traces: delfin
    7:54 PM: Quarantining All Traces: downloadul
    7:54 PM: Quarantining All Traces: squire webhelper
    7:54 PM: Quarantining All Traces: trojan-downloader-lowzones
    7:54 PM: Quarantining All Traces: winad
    7:54 PM: Quarantining All Traces: bho_sep
    7:54 PM: Quarantining All Traces: ezula ilookup
    7:54 PM: Quarantining All Traces: great net downloadware
    7:54 PM: Quarantining All Traces: keenvalue/perfectnav
    7:54 PM: Quarantining All Traces: searchrelevancy
    7:54 PM: Quarantining All Traces: wild media - minigolf
    7:54 PM: Quarantining All Traces: atwola cookie
    7:54 PM: Quarantining All Traces: whenu
    7:55 PM: Removal process completed. Elapsed time 00:01:29
    ********
    7:06 PM: | Start of Session, Tuesday, January 24, 2006 |
    7:06 PM: Spy Sweeper started
    7:07 PM: Your spyware definitions have been updated.
    7:09 PM: | End of Session, Tuesday, January 24, 2006 |
     
  14. coach2

    coach2 Thread Starter

    Joined:
    Jan 17, 2005
    Messages:
    12
    This list is post spysweeper;Logfile of HijackThis v1.99.1
    Scan saved at 7:59:13 PM, on 1/24/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Common Files\AOL\1125156963\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1125156963\ee\AOLServiceHost.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 5 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dslstart.verizon.net/vzn.dsl/welcome.htm?ver=26734
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
     
  15. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    how is it now?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/436662

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice