1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

red cirle with white cross

Discussion in 'Virus & Other Malware Removal' started by Ian Price, Dec 26, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    yes, it looks like I've got the spyware on my machine aswell!
    Please could anyone help?
    here's my hijack list...


    Logfile of HijackThis v1.97.7
    Scan saved at 11:15:13, on 26/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Xerox One Touch\OneTouchMon.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Time Sync\time.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\MightyFax\MFNTCTL.EXE
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Speech Synthesizer\Speech50.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\IANPRICE\LOCALS~1\Temp\8814.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\IANPRICE\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [Time Sync] C:\Program Files\Time Sync\time.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\System32\wintsvtr.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Startup: winupdate07214747[1].exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.nwales-traffic.co.uk/files/activex/camera.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A944E029-F2FD-4D8D-AD23-97960FAE25A5}: NameServer = 194.106.56.6 194.106.33.42
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    that is an old version of HHT so

    go to here and download 'Hijack This!' self installer. Save it to the desktop or other suitable place. DO NOT just press run from the website Double click on the file and it will install to C:\program files\hijackthis and create an entry in the start menu and an optional shortcut on desktop.
    Click on the entry in start menu or on the desktop to run HijackThis
    Click the "Scan" button, when the scan is finished the scan button will become "Save Log" click that and save the log.
    Go to where you saved the log and click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.
    It will possibly show issues deserving our attention, but most of what it lists will be harmless or even required,
    so do NOT fix anything yet.
    Someone here will be happy to help you analyze the results.
     
  3. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    Logfile of HijackThis v1.99.1
    Scan saved at 11:51:33, on 26/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Xerox One Touch\OneTouchMon.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Time Sync\time.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\winstall.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\MightyFax\MFNTCTL.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [Time Sync] C:\Program Files\Time Sync\time.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\System32\wintsvtr.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Startup: winupdate07214747[1].exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.nwales-traffic.co.uk/files/activex/camera.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A944E029-F2FD-4D8D-AD23-97960FAE25A5}: NameServer = 194.106.56.6 194.106.33.42
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    * Download the Trial/Demo version of Ewido Security Suite here


    EWIDO DOWNLOAD

    * Install ewido.
    * During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    * Launch ewido
    * It will prompt you to update click the OK button and it will go to the main screen
    * On the left side of the main screen click update
    * Click on Start and let it update.
    * DO NOT run a scan yet. You will do that later in safe mode.


    * Click here for info on how to boot to safe mode if you don't already know
    how.


    How to boot to safe mode

    http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406


    * Now copy these instructions to notepad and save them to your desktop. You
    will need them to refer to in safe mode.


    * Restart your computer into safe mode now. Perform the following steps in
    safe mode:


    * Now run Ewido:

    * Click on scanner
    * Click the Start Scan button to start the scan.
    * During the scan it will prompt you to clean files, click OK
    * When the scan is finished, look at the bottom of the screen and click the Save report button.
    * Save the report to your desktop

    Post back with a fresh HJT log and the ewido scan log
     
  5. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    there is no red circle now. Hope it has been cleaned. thanks. Here are both logs...

    Logfile of HijackThis v1.99.1
    Scan saved at 14:09:28, on 26/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Xerox One Touch\OneTouchMon.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\MightyFax\MFNTCTL.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\wuauclt.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [Time Sync] C:\Program Files\Time Sync\time.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\System32\wintsvtr.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Startup: winupdate07214747[1].exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.nwales-traffic.co.uk/files/activex/camera.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  6. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 14:05:57, 26/12/2005
    + Report-Checksum: D79CA579

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
    HKU\S-1-5-21-2185805387-3576426591-1019091554-1005\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
    :mozilla.5:C:\Documents and Settings\IANPRICE\Application Data\Mozilla\Profiles\default\tb3z9s4u.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected]ure[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\ianp[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Popularix : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Cookies\[email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\11441.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\1797.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\24816.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\29472.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\30580.exe -> Downloader.Small.cah : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\7.tmp -> Downloader.WinShow.ay : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\8814.exe -> Not-A-Virus.Hoax.Win32.Renos.ad : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\IEXPLORE.exe -> Trojan.KillAV.eq : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\mute41.exe -> Downloader.Centim.an : Cleaned with backup
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\wh_cc.exe/wbhshare.dll -> Spyware.WebHancer : Error during cleaning
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\wh_cc.exe/Webhdll.dll -> Spyware.WebHancer : Error during cleaning
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\wh_cc.exe/WhAgent.exe -> Spyware.WebHancer : Error during cleaning
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\wh_cc.exe/whiehlpr.dll -> Spyware.WebHancer : Error during cleaning
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\wh_cc.exe/whieshm.dll -> Spyware.WebHancer : Error during cleaning
    C:\Documents and Settings\IANPRICE\Local Settings\Temp\wh_cc.exe/whInstaller.exe -> Spyware.WebHancer : Error during cleaning
    C:\Documents and Settings\IANPRICE\My Documents\Black_Magic_v2[1].8_www.lomalka.ru_.zip/dsa.exe -> Downloader.INService : Error during cleaning
    C:\Documents and Settings\IANPRICE\My Documents\cmb_243461.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    C:\Documents and Settings\IANPRICE\My Documents\file4.RB0/crack.exe -> Downloader.IstBar.er : Error during cleaning
    C:\Documents and Settings\IANPRICE\My Documents\keiser\dsa.exe -> Downloader.INService : Cleaned with backup
    C:\ms32.tmp -> Downloader.Small : Cleaned with backup
    C:\Program Files\FileSubmit\the ancient sea\NNEZTA388.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\Program Files\FileSubmit\the ancient sea\TBEZA127Q.exe -> Spyware.Quick : Cleaned with backup
    C:\Program Files\N-case -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Power Scan -> Spyware.PowerScan : Cleaned with backup
    C:\Program Files\Shareaza\Downloads4\Remove About Blank Buddy Crack.exe -> Worm.Tibick.d : Cleaned with backup
    C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\desktop.html -> Hijacker.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\dba1865.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\dba938.exe -> Dialer.Generic : Cleaned with backup
    C:\WINDOWS\msdfmap(2).ini:zhczb -> Downloader.Agent.kd : Cleaned with backup
    C:\WINDOWS\NDNuninstall6_30.exe -> Spyware.NewDotNet : Cleaned with backup
    C:\WINDOWS\n_kuvlhp.dat -> Trojan.Feat : Cleaned with backup
    C:\WINDOWS\pcdoc(2).hlp:ymtnr -> Downloader.Agent.bq : Cleaned with backup
    C:\WINDOWS\system32\bolae9.dll -> Downloader.Rameh.b : Cleaned with backup
    C:\WINDOWS\system32\hp60DC.tmp -> Trojan.Puper.bh : Cleaned with backup
    C:\WINDOWS\Tarma Installer.log:iwhiy -> Trojan.Feat : Cleaned with backup


    ::Report End
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    just afew left over pests
    Run hijackthis, put a tick in the box beside these entries listed below and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked

    O4 - HKLM\..\Run: [Time Sync] C:\Program Files\Time Sync\time.exe
    O4 - HKCU\..\Run: [WCPT] C:\WINDOWS\System32\wintsvtr.exe
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - Startup: winupdate07214747[1].exe

    now Start killbox, go to options on the top bar and make sure remove directories is enabled and remove duplicates is UNCHECKED paste the first file listed below into the full pathname and file to delete box

    The file name will appear in the window and if the file exists it will appear in blue under that window then select standard file kill, press the red X button, say yes to the prompt and once the file deleted message comes up then repeat for each file in turn

    [Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

    C:\winstall.exe
    C:\WINDOWS\System32\wintsvtr.exe
    C:\Program Files\Time Sync\time.exe

    Then on killbox top bar press tools/delete temp files, in the pop up box in the NT section select temp & temp internet & cookies only and in the 9x section select c:\windows\temp & c:\temp then on the drop down user account box, select your account, then repeat for every user account on the computer

    then rebot & post fresh HJT log please
     
  8. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    when I pasted them into the pathname in killbox, they did not appear in blue - so those files do not now exist. But I went on to delete the temp files in killbox.

    here is my log now..

    Logfile of HijackThis v1.99.1
    Scan saved at 11:25:13, on 27/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Xerox One Touch\OneTouchMon.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\Program Files\MightyFax\MFNTCTL.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Startup: winupdate07214747[1].exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.nwales-traffic.co.uk/files/activex/camera.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A944E029-F2FD-4D8D-AD23-97960FAE25A5}: NameServer = 194.106.56.6 194.106.33.42
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    download startdreck from http://www.niksoft.at/download/startdreck.htm

    UnZip the startdreck.zip file first. DoubleClick: 'StartDreck.exe'
    First click on the config button.
    Now click the Unmark all button
    Put a check by these boxes only:
    *Registry->run keys
    *Registry->Browser helper objects
    *System/drivers> Running processes
    hit >ok.

    Now click the Save button to save that log. Go to the StartDreck folder and find the Startdreck.log file.

    Copy and Paste the contents of that log back here and await further instructions.
     
  10. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    here's the log...

    StartDreck (build 2.1.7 public stable) - 2005-12-27 @ 15:42:51 (GMT +00:00)
    Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
    Internet Explorer: 6.0.2900.2180
    Logged in as IANPRICE at IAN

    »Registry
    »Run Keys
    »Current User
    »Run
    *SpyKiller=C:\Program Files\SpyKiller\spykiller.exe /startup
    *RemoteCenter=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    *ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
    *PcSync=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    »RunOnce
    »Default User
    »Run
    *NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    *CTFMON.EXE=C:\WINDOWS\System32\CTFMON.EXE
    »RunOnce
    »Local Machine
    »Run
    *VOBID=C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    *SBDrvDet=C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    *REGSHAVE=C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    *PinnacleDriverCheck=C:\WINDOWS\System32\PSDrvCheck.exe
    *nwiz=nwiz.exe /install
    *NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    *IW ControlCenter=C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    *IntelliType="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    *EPSON Stylus C44 Series=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    *CTSysVol=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    *CTHelper=CTHELPER.EXE
    *CTDVDDET=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    *CARPService=carpserv.exe
    *SpeedTouch USB Diagnostics="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    *WinampAgent=C:\Program Files\Winamp\winampa.exe
    *TkBellExe="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    *NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
    *QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
    *IndexSearch=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    *OneTouch Monitor="C:\Program Files\Xerox One Touch\OneTouchMon.exe"
    *InstantAccess=C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    *RegisterDropHandler=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    *PCSuiteTrayApplication=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    *DataLayer=C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    +OptionalComponents
    +MSFS
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    +MAPI
    *NoChange=1
    *Installed=1
    »RunOnce
    »RunServices
    *RegisterDropHandler=C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    »RunServicesOnce
    »RunOnceEx
    »RunServicesOnceEx
    »Browser Helper Objects (LM)
    *AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    `InprocServer32=C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    »Files
    »System/Drivers
    »Running Processes
    +0=<idle>
    +4=<system>
    +560=\SystemRoot\System32\smss.exe
    +636=\??\C:\WINDOWS\system32\csrss.exe
    +660=\??\C:\WINDOWS\system32\winlogon.exe
    +708=C:\WINDOWS\system32\services.exe
    +720=C:\WINDOWS\system32\lsass.exe
    +868=C:\WINDOWS\system32\svchost.exe
    +924=C:\WINDOWS\system32\svchost.exe
    +960=C:\WINDOWS\System32\svchost.exe
    +1020=C:\WINDOWS\System32\svchost.exe
    +1176=C:\WINDOWS\System32\svchost.exe
    +1316=C:\WINDOWS\Explorer.EXE
    +1408=C:\WINDOWS\system32\spoolsv.exe
    +1508=C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    +1524=C:\WINDOWS\System32\CTsvcCDA.exe
    +1552=C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    +1580=C:\Program Files\ewido anti-malware\ewidoctrl.exe
    +1600=C:\Program Files\ewido anti-malware\ewidoguard.exe
    +1664=C:\WINDOWS\System32\nvsvc32.exe
    +1732=C:\WINDOWS\System32\svchost.exe
    +1796=C:\WINDOWS\System32\wdfmgr.exe
    +1964=C:\WINDOWS\System32\MsPMSPSv.exe
    +228=C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    +312=C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    +392=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    +400=C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    +408=C:\WINDOWS\system32\CTHELPER.EXE
    +416=C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    +424=C:\WINDOWS\system32\carpserv.exe
    +832=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    +1244=C:\Program Files\Winamp\winampa.exe
    +1256=C:\Program Files\Internet Explorer\iexplore.exe
    +1296=C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    +1876=C:\Program Files\QuickTime\qttask.exe
    +1220=C:\Program Files\Xerox One Touch\OneTouchMon.exe
    +1660=C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    +1140=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    +1076=C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    +2060=C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    +2072=C:\WINDOWS\System32\alg.exe
    +2116=C:\WINDOWS\system32\ctfmon.exe
    +2144=C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    +2188=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    +2388=C:\Program Files\FinePixViewer\QuickDCF.exe
    +2488=C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    +2496=C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    +2584=C:\Program Files\MightyFax\MFNTCTL.EXE
    +3660=C:\WINDOWS\system32\wbem\wmiprvse.exe
    +3764=C:\Documents and Settings\IANPRICE\My Documents\Mixmag\StartDreck.exe
    »Application specific
     
  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I can't see the entry I'm looking for there

    please post a new HJT log
     
  12. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    Logfile of HijackThis v1.99.1
    Scan saved at 16:38:54, on 27/12/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Xerox One Touch\OneTouchMon.exe
    C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\MightyFax\MFNTCTL.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [VOBID] C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe /remount
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
    O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [OneTouch Monitor] "C:\Program Files\Xerox One Touch\OneTouchMon.exe"
    O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
    O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
    O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Startup: Registration-INSDVD.lnk = C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe
    O4 - Startup: winupdate07214747[1].exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - http://www.nwales-traffic.co.uk/files/activex/camera.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A944E029-F2FD-4D8D-AD23-97960FAE25A5}: NameServer = 194.106.56.6 194.106.33.42
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    go to start/run & type explorer
    press ok

    when it opens

    Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    then navigate to C:\Documents and Settings\ your user name\Start Menu\Programs\Startup

    look for winupdate07214747[1].exe right click it & select delete

    If it isn't there then look in C:\Documents and Settings\all users\Start Menu\Programs\Startup

    let us know how you get on
     
  14. Ian Price

    Ian Price Thread Starter

    Joined:
    Apr 27, 2003
    Messages:
    63
    I've now deleted that file.
     
  15. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    post hjt log to check please
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/428042

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice