1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.
Thread Status:
Not open for further replies.
Advertisement
  1. foomycoomy

    foomycoomy Thread Starter

    Joined:
    Feb 4, 2007
    Messages:
    3
    I ran the scan and this is what I got, any suggetions as to what to delete or what to do next??

    Logfile of HijackThis v1.99.1
    Scan saved at 11:18:16 PM, on 2/4/2007
    Platform: Windows 2003 SP1 (WinNT 5.02.3790)
    MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

    Running processes:
    C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragService.exe
    C:\Program Files (x86)\Video ActiveX Object\isamntr.exe
    C:\Program Files (x86)\Video ActiveX Object\pmsnrr.exe
    C:\Program Files (x86)\Video ActiveX Object\pmmnt.exe
    C:\Program Files (x86)\Video ActiveX Object\isamini.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\PROGRA~2\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\Program Files (x86)\Spyware Doctor\swdoctor.exe
    C:\PROGRA~2\DEFEND~2\DEFEND~1\PopUpKiller.exe
    C:\Program Files (x86)\Defender Pro Anti Spam\dpantispam.exe
    C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragCtrl.exe
    C:\Program Files (x86)\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files (x86)\Audio Deck\EnMixCPL.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files (x86)\iPod\bin\iPodService.exe
    C:\Program Files (x86)\DefenderPro AntiSpy\DPASNT.exe
    C:\Program Files (x86)\Defender Pro Anti Spam\admin.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\Video ActiveX Object\isamini.exe
    C:\Program Files (x86)\Video ActiveX Object\isamini.exe
    C:\Program Files (x86)\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
    C:\Program Files (x86)\Java\jre1.5.0_09\bin\jucheck.exe
    C:\Documents and Settings\Administrator\Desktop\IEXPLORE.EXE
    C:\Documents and Settings\Administrator\Desktop\IEXPLORE.EXE
    C:\Program Files (x86)\WinRAR\WinRAR.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.203\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bowsite.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=userinit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~2\DEFEND~2\DEFEND~1\PopUp.dll
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files (x86)\Video ActiveX Object\isadd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files (x86)\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files (x86)\Video ActiveX Object\iesplugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe
    O4 - HKLM\..\Run: [EnvyHFCPL] "C:\Program Files (x86)\Audio Deck\EnMixCPL.exe" 1
    O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [DPAS] "C:\Program Files (x86)\DefenderPro AntiSpy\DPASNT.exe"
    O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files (x86)\DefenderPro AntiSpy\DPASAutUpdate.exe"
    O4 - HKLM\..\Run: [103] "C:\Program Files (x86)\Defender Pro Anti Spam\admin" "-hide"
    O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files (x86)\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [ares] "G:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files (x86)\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~2\DEFEND~2\DEFEND~1\PopUpKiller.exe
    O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files (x86)\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files (x86)\Defender Pro Anti Spam\conf"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: BitTorrent.lnk = C:\Program Files (x86)\BitTorrent\bittorrent.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Defender Pro Defrag.lnk = C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragCtrl.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files (x86)\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
    O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files (x86)\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
    O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
    O21 - SSODL: exemplars - {2acf3add-34a1-4f2f-99cf-cc69785d1e90} - C:\WINDOWS\SysWow64\cwgppb.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: defenderProDefragService - - C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
     
  2. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    I will not guarantee this will work on W2003 64 bit as I have never tried it and I don't know if it even runs on 64 bit windows

    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

    Next, please reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, a menu with options should appear;
    • Select the first option, to run Windows in Safe Mode, then press "Enter".
    • Choose your usual account.
    Once in Safe Mode, open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

    You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

    The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

    The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
    A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
    The report can also be found at the root of the system drive, usually at C:\rapport.txt along with a fresh HJT log

    For additional help read:
    the Engish Tutorial
    the French Tutorial (Tutorial Français)
    the German Tutorial (Deutsche Anleitung)
     
  3. foomycoomy

    foomycoomy Thread Starter

    Joined:
    Feb 4, 2007
    Messages:
    3
    Here is what I got after running SmitfraudFix...My homepage is still hijacked but I'm not getting the constant message popping up from the right corner of the page saying I have aquired a trojan horse...


    SmitFraudFix v2.139

    Scan done at 14:12:23.89, Mon 02/05/2007
    Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
    OS: Microsoft Windows [Version 5.2.3790] - Windows_NT
    The filesystem type is NTFS
    Fix run in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{2acf3add-34a1-4f2f-99cf-cc69785d1e90}"="exemplars"

    [HKEY_CLASSES_ROOT\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]
    @="C:\WINDOWS\SysWow64\cwgppb.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2acf3add-34a1-4f2f-99cf-cc69785d1e90}\InProcServer32]
    @="C:\WINDOWS\SysWow64\cwgppb.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\SysWow64\cwgppb.dll -> Hoax.Win32.Renos.gen.i
    C:\WINDOWS\SysWow64\cwgppb.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"="lsass.exe"


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    lets have a new HJT log please
     
  5. foomycoomy

    foomycoomy Thread Starter

    Joined:
    Feb 4, 2007
    Messages:
    3
    Sorry forgot


    Logfile of HijackThis v1.99.1
    Scan saved at 4:03:45 PM, on 2/5/2007
    Platform: Windows 2003 SP1 (WinNT 5.02.3790)
    MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

    Running processes:
    C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragService.exe
    C:\Program Files (x86)\Video ActiveX Object\isamntr.exe
    C:\Program Files (x86)\Video ActiveX Object\pmsnrr.exe
    C:\Program Files (x86)\Video ActiveX Object\pmmnt.exe
    C:\Program Files (x86)\Video ActiveX Object\isamini.exe
    C:\Program Files (x86)\AIM\aim.exe
    C:\PROGRA~2\Ahead\Ahead\data\Xtras\mssysmgr.exe
    C:\Program Files (x86)\Spyware Doctor\swdoctor.exe
    C:\PROGRA~2\DEFEND~2\DEFEND~1\PopUpKiller.exe
    C:\Program Files (x86)\Defender Pro Anti Spam\dpantispam.exe
    C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragCtrl.exe
    C:\Program Files (x86)\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files (x86)\Audio Deck\EnMixCPL.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    C:\Program Files (x86)\DefenderPro AntiSpy\DPASNT.exe
    C:\Program Files (x86)\Defender Pro Anti Spam\admin.exe
    C:\Program Files (x86)\iPod\bin\iPodService.exe
    C:\Program Files (x86)\iTunes\iTunes.exe
    C:\Program Files (x86)\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Java\jre1.5.0_09\bin\jucheck.exe
    C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.906\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bowsite.com/menu.cfm?State=Pennsylvania
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - Default URLSearchHook is missing
    F2 - REG:system.ini: UserInit=userinit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~2\DEFEND~2\DEFEND~1\PopUp.dll
    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files (x86)\Video ActiveX Object\isadd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
    O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files (x86)\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
    O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\ViewBar.dll
    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files (x86)\Video ActiveX Object\iesplugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\SysWow64\NeroCheck.exe
    O4 - HKLM\..\Run: [EnvyHFCPL] "C:\Program Files (x86)\Audio Deck\EnMixCPL.exe" 1
    O4 - HKLM\..\Run: [TrayComm] TrayComm.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files (x86)\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
    O4 - HKLM\..\Run: [DPAS] "C:\Program Files (x86)\DefenderPro AntiSpy\DPASNT.exe"
    O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files (x86)\DefenderPro AntiSpy\DPASAutUpdate.exe"
    O4 - HKLM\..\Run: [103] "C:\Program Files (x86)\Defender Pro Anti Spam\admin" "-hide"
    O4 - HKLM\..\Run: [SpyHunter] "C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [AIM] C:\Program Files (x86)\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~2\Ahead\Ahead\data\Xtras\mssysmgr.exe
    O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
    O4 - HKCU\..\Run: [ares] "G:\Ares\Ares.exe" -h
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files (x86)\Spyware Doctor\swdoctor.exe" /Q
    O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRA~2\DEFEND~2\DEFEND~1\PopUpKiller.exe
    O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files (x86)\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files (x86)\Defender Pro Anti Spam\conf"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: BitTorrent.lnk = C:\Program Files (x86)\BitTorrent\bittorrent.exe
    O4 - Startup: PowerReg Scheduler.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Defender Pro Defrag.lnk = C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragCtrl.exe
    O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files (x86)\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
    O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files (x86)\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files (x86)\AIM\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
    O20 - Winlogon Notify: EFS - C:\WINDOWS\SYSTEM32\sclgntfy.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: defenderProDefragService - - C:\Program Files (x86)\Defender Pro\Defender Pro Defrag\bin\defenderProDefragService.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    Download pocket killbox from http://www.thespykiller.co.uk/files/killbox.exe & put it on the desktop where you can find it easily


    Run hijackthis, put a tick in the box beside any of these entries listed below that still exist and ONLY these entries, double check to make sure, then make sure all browser & email windows are closed and press fix checked


    O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Program Files (x86)\Video ActiveX Object\isadd.dll

    O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files (x86)\Video ActiveX Object\iesplugin.dll
    O4 - Startup: PowerReg Scheduler.exe


    now Start killbox, paste the first file listed below into the full pathname and file to delete box

    The file name will appear in the window, select delete on reboot , press the red X button, say yes to the prompt and NOto reboot now

    C:\Program Files (x86)\Video ActiveX Object\

    [Note: Killbox makes backups of all deleted files & folders in a folder called C:\!killbox ] If Killbox tells you any files are missing don't worry but make a note and let us know in your next reply

    Then on killbox top bar press tools/delete temp files, in the pop up box towards the middle is a drop down box containing a list of all user accounts on this drop down user account box, select your account, select ALL options it will allow you to, then then press delete selected temp files , then repeat for every user account listed in that drop down box

    now reboot

    then tell us how it is and if problems have stopped
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,236
    First Name:
    Derek
    you do need an antivirus urgently

    try

    try the trial version of Kaspersky 6

    select Free trial, Fill in the required email address & click submit

    folow download instructions then install it & run a full system scan and see what it finds
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541399

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice