1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: isnotify help

Discussion in 'Virus & Other Malware Removal' started by qwkphkr05, Aug 4, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    I had this stupid spyware on my computer. I followed a few things on here and it seem to work. I wanna post my hijackthis log to see if I missed anything.

    This is the OLD one:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:58:53 PM, on 8/1/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
    C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\ishost.exe
    C:\WINNT\system32\issearch.exe
    C:\WINNT\system32\isnotify.exe
    C:\WINNT\system32\ismon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINNT\system32\hkcmd.exe
    C:\WINNT\system32\igfxpers.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\WINNT\system32\taskmgr.exe
    C:\Program Files\mobile PhoneTools\WatchDog.exe
    C:\Program Files\Common Files\{2460A03B-0AE9-1033-0517-040416200001}\Update.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Documents and Settings\Administrator\My Documents\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINNT\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.3.15/activex/AMC.cab
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O20 - AppInit_DLLs: C:\WINNT\system32\ati2evxx.dll
    O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINNT\system32\urroxtl.dll (file missing)
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: AxisCameraStation - - c:\program files\axis communications\axis camera station\axiscamerastation.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)



    This is the NEW one:


    Well heck!! now I can't get hijackthis to save the log.....

    Any ideas??
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  3. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    I did these things already. I can't get hijackthis to save a log file and I think I still have something going on. I wanna post a new log but can't.
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  5. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    SmitFraudFix v2.79

    Scan done at 22:14:44.37, Fri 08/04/2006
    Run from C:\Documents and Settings\Administrator\My Documents\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

    C:\WINNT\system32\ot.ico FOUND !
    C:\WINNT\system32\ts.ico FOUND !
    C:\WINNT\system32\components\flx?.dll FOUND !
    C:\WINNT\system32\components\flx??.dll FOUND !
    C:\WINNT\system32\components\flx???.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\FAVORI~1

    C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    C:\Program Files\Safety Bar\ FOUND !
    C:\Program Files\SpyQuake2.com\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.

    The report can also be found at the root of the system drive, usually at C:\rapport.txt

    Warning: running option #2 on a non infected computer will remove your Desktop background.
     
  7. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    thanks, brb
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    (y)
    See if you can post a new HJT log afterwards
     
  9. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    Can't get HJT to save a log file. When I hit the save button it shuts down HJT. But here is the other log.




    SmitFraudFix v2.79

    Scan done at 22:26:15.35, Fri 08/04/2006
    Run from C:\Documents and Settings\Administrator\My Documents\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINNT\system32\ot.ico Deleted
    C:\WINNT\system32\ts.ico Deleted
    C:\WINNT\system32\components\flx?.dll Deleted
    C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted
    C:\Program Files\Safety Bar\ Deleted
    C:\Program Files\SpyQuake2.com\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  10. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    Got this to work but I had an error and it blows out HJT.

    Here is the error:

    The instruction at "0x10051283" reference memory at "0x00000000". The memory could not be "read".


    Here is the log file it did save:



    Logfile of HijackThis v1.99.1
    Scan saved at 10:52:14 PM, on 8/4/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
    C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\mobile PhoneTools\WatchDog.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINNT\system32\mshta.exe
    C:\WINNT\system32\NOTEPAD.EXE
    C:\Documents and Settings\Administrator\My Documents\HijackThis_2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.3.15/activex/AMC.cab
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O20 - AppInit_DLLs: C:\WINNT\system32\ati2evxx.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: AxisCameraStation - - c:\program files\axis communications\axis camera station\axiscamerastation.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)
     
  11. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
  12. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  13. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    Here is the sweeper log:



    10:12 AM: Deletion from quarantine completed. Elapsed time 00:00:00
    10:12 AM: Processing: tradedoubler cookie
    10:12 AM: Processing: atlas dmt cookie
    10:12 AM: Processing: statcounter cookie
    10:12 AM: Processing: reliablestats cookie
    10:12 AM: Processing: 2o7.net cookie
    10:12 AM: Processing: 2o7.net cookie
    10:12 AM: Processing: tribalfusion cookie
    10:12 AM: Processing: trafficmp cookie
    10:12 AM: Processing: falkag cookie
    10:12 AM: Processing: casalemedia cookie
    10:12 AM: Processing: advertising cookie
    10:12 AM: Processing: fastclick cookie
    10:12 AM: Processing: mediaplex cookie
    10:12 AM: Processing: realmedia cookie
    10:12 AM: Processing: dialerplatform
    10:12 AM: Processing: dialerplatform
    10:12 AM: Processing: maxifiles
    10:12 AM: Processing: virtumonde
    10:12 AM: Processing: virtumonde
    10:12 AM: Processing: virtumonde
    10:12 AM: Processing: virtumonde
    10:12 AM: Processing: trojan agent winlogonhook
    10:12 AM: Processing: 180search assistant/zango
    10:12 AM: Deletion from quarantine initiated
    9:51 AM: None
    9:51 AM: Traces Found: 0
    9:51 AM: Full Sweep has completed. Elapsed time 00:25:06
    9:51 AM: File Sweep Complete, Elapsed Time: 00:23:17
    9:45 AM: Warning: Failed to access drive D:
    9:28 AM: Starting File Sweep
    9:28 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    9:28 AM: Starting Cookie Sweep
    9:28 AM: Registry Sweep Complete, Elapsed Time:00:00:11
    9:28 AM: Starting Registry Sweep
    9:28 AM: Memory Sweep Complete, Elapsed Time: 00:01:24
    9:27 AM: Starting Memory Sweep
    9:26 AM: Sweep initiated using definitions version 734
    9:26 AM: Spy Sweeper 5.0.5.1286 started
    9:26 AM: | Start of Session, Saturday, August 05, 2006 |
    ********
    9:26 AM: | End of Session, Saturday, August 05, 2006 |
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:26 AM: Shield States
    9:26 AM: Spyware Definitions: 734
    9:26 AM: Spy Sweeper 5.0.5.1286 started
    11:47 PM: | End of Session, Friday, August 04, 2006 |
    11:44 PM: Your spyware definitions have been updated.
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    11:43 PM: Shield States
    11:42 PM: Spyware Definitions: 691
    11:42 PM: Spy Sweeper 5.0.5.1286 started
    11:42 PM: Spy Sweeper 5.0.5.1286 started
    11:42 PM: | Start of Session, Friday, August 04, 2006 |
    ********
    3:05 AM: Removal process completed. Elapsed time 00:00:55
    3:05 AM: Preparing to restart your computer. Please wait...
    3:04 AM: Quarantining All Traces: tribalfusion cookie
    3:04 AM: Quarantining All Traces: trafficmp cookie
    3:04 AM: Quarantining All Traces: tradedoubler cookie
    3:04 AM: Quarantining All Traces: realmedia cookie
    3:04 AM: Quarantining All Traces: mediaplex cookie
    3:04 AM: Quarantining All Traces: fastclick cookie
    3:04 AM: Quarantining All Traces: casalemedia cookie
    3:04 AM: Quarantining All Traces: atlas dmt cookie
    3:04 AM: Quarantining All Traces: falkag cookie
    3:04 AM: Quarantining All Traces: advertising cookie
    3:04 AM: Quarantining All Traces: reliablestats cookie
    3:04 AM: Quarantining All Traces: statcounter cookie
    3:04 AM: Quarantining All Traces: 2o7.net cookie
    3:04 AM: Quarantining All Traces: dialerplatform
    3:04 AM: Quarantining All Traces: maxifiles
    3:04 AM: Quarantining All Traces: 180search assistant/zango
    3:04 AM: Quarantining All Traces: trojan agent winlogonhook
    3:04 AM: C:\WINNT\SYSTEM32\pmkjk.dll is in use. It will be removed on reboot.
    3:04 AM: virtumonde is in use. It will be removed on reboot.
    3:04 AM: Quarantining All Traces: virtumonde
    3:04 AM: Removal process initiated
    12:29 AM: Traces Found: 20
    12:29 AM: Full Sweep has completed. Elapsed time 00:41:59
    12:29 AM: File Sweep Complete, Elapsed Time: 00:40:12
    12:08 AM: Warning: DDAFileExists failed to resolve the MFT number for: c:\winnt\security\tmp.edb.
    12:07 AM: Warning: Failed to access drive D:
    12:03 AM: c:\winnt\downloaded program files\gdnus2339.exe (ID = 322697)
    12:02 AM: c:\winnt\downloaded program files\conflict.1\gdnus2339.exe (ID = 322697)
    12:02 AM: Found Adware: dialerplatform
    11:49 PM: Starting File Sweep
    11:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][2].txt (ID = 3589)
    11:49 PM: Found Spy Cookie: tribalfusion cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][2].txt (ID = 3581)
    11:49 PM: Found Spy Cookie: trafficmp cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][1].txt (ID = 3575)
    11:49 PM: Found Spy Cookie: tradedoubler cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][1].txt (ID = 3235)
    11:49 PM: Found Spy Cookie: realmedia cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][1].txt (ID = 6442)
    11:49 PM: Found Spy Cookie: mediaplex cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][2].txt (ID = 2651)
    11:49 PM: Found Spy Cookie: fastclick cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][1].txt (ID = 2354)
    11:49 PM: Found Spy Cookie: casalemedia cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][2].txt (ID = 2253)
    11:49 PM: Found Spy Cookie: atlas dmt cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][1].txt (ID = 2650)
    11:49 PM: Found Spy Cookie: falkag cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][1].txt (ID = 2175)
    11:49 PM: Found Spy Cookie: advertising cookie
    11:49 PM: c:\documents and settings\blake\cookies\[email protected][2].txt (ID = 1957)
    11:49 PM: c:\documents and settings\sweetthang\cookies\[email protected][2].txt (ID = 3254)
    11:49 PM: Found Spy Cookie: reliablestats cookie
    11:49 PM: c:\documents and settings\administrator\cookies\[email protected][2].txt (ID = 3447)
    11:49 PM: Found Spy Cookie: statcounter cookie
    11:49 PM: c:\documents and settings\administrator\cookies\[email protected][1].txt (ID = 1958)
    11:49 PM: Found Spy Cookie: 2o7.net cookie
    11:49 PM: Starting Cookie Sweep
    11:49 PM: Registry Sweep Complete, Elapsed Time:00:00:12
    11:49 PM: HKU\S-1-5-21-387493385-309520269-3436655239-500\software\microsoft\internet explorer\toolbar\webbrowser\ || {cbcc61fa-0221-4ccc-b409-cee865caca3a} (ID = 1530952)
    11:49 PM: Found Adware: maxifiles
    11:49 PM: HKU\S-1-5-21-387493385-309520269-3436655239-500\software\microsoft\windows\currentversion\explorer\menuorder\start menu\programs\zango\ (ID = 554173)
    11:49 PM: Found Adware: 180search assistant/zango
    11:48 PM: HKLM\software\microsoft\mssmgr\ (ID = 937101)
    11:48 PM: Found Trojan Horse: trojan agent winlogonhook
    11:48 PM: Starting Registry Sweep
    11:48 PM: Memory Sweep Complete, Elapsed Time: 00:01:26
    11:47 PM: Detected running threat: C:\WINNT\SYSTEM32\pmkjk.dll (ID = 394)
    11:47 PM: Found Adware: virtumonde
    11:47 PM: Starting Memory Sweep
    11:47 PM: Sweep initiated using definitions version 734
    11:47 PM: Spy Sweeper 5.0.5.1286 started
    11:47 PM: | Start of Session, Friday, August 04, 2006 |
    ********





    Here is HJT log:


    Logfile of HijackThis v1.99.1
    Scan saved at 10:17:23 AM, on 8/5/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
    C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\mobile PhoneTools\WatchDog.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\My Documents\HijackThis_2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.3.15/activex/AMC.cab
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O20 - AppInit_DLLs: C:\WINNT\system32\ati2evxx.dll
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: AxisCameraStation - - c:\program files\axis communications\axis camera station\axiscamerastation.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)
     
  14. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

    O20 - Winlogon Notify: winbug32 - winbug32.dll (file missing)


    Reboot, post a new log
     
  15. qwkphkr05

    qwkphkr05 It's My Birthday! Thread Starter

    Joined:
    Aug 4, 2006
    Messages:
    18
    Logfile of HijackThis v1.99.1
    Scan saved at 9:29:28 PM, on 8/5/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINNT\system32\regsvc.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\WINNT\system32\MSTask.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\WUSB11 WLAN Monitor\WLService.exe
    C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\PROGRA~1\SYMANT~1\VPTray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\WINNT\system32\igfxpers.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\mobile PhoneTools\WatchDog.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\My Documents\HijackThis_2\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
    O4 - HKLM\..\Run: [Synchronization Manager] "mobsync.exe" /logon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [igfxtray] C:\WINNT\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINNT\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [WatchDog] "C:\Program Files\mobile PhoneTools\WatchDog.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.3.15/activex/AMC.cab
    O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cadillacjackgames.local
    O20 - AppInit_DLLs: C:\WINNT\system32\ati2evxx.dll
    O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
    O23 - Service: AxisCameraStation - - c:\program files\axis communications\axis camera station\axiscamerastation.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: WUSB28SVC - Unknown owner - C:\Program Files\WUSB11 WLAN Monitor\WLService.exe" "WUSB11B.exe (file missing)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/489515

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice