|
Note: The following is only a text archive!
To view the actual forum discussion, please visit our website at http://www.tech-forums.net
Pages:1
check my file please(Click here to view the original thread with full colors/images)
Posted by: canooten
Logfile of HijackThis v1.99.1
Scan saved at 10:45:17 AM, on 3/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Dufdwf.exe
C:\WINDOWS\ietwp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLHOS~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\COMMON~1\AOL\110080~1\EE\AOLServiceHos
t.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Scott\My Documents\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = [url]http://aflashcounter.com/?a=2[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = [url]http://aflashcounter.com/?a=2[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell4me.com/myway[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.yahoo.com/[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://aflashcounter.com/?a=2[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://aflashcounter.com/?a=2[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = [url]http://aflashcounter.com/?a=2[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = [url]http://aflashcounter.com/?a=2[/url]
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
O2 - BHO: (no name) - {1D7AF4DE-A7C7-8DBB-119C-93ED39479EEA} - C:\WINDOWS\System32\pnqagvzf.dll
O2 - BHO: (no name) - {67B5E8A5-2526-0467-B084-25ACE46BB05F} - C:\WINDOWS\System32\vyynlcdm.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {F28BA522-A301-B034-ED43-0E1DF3ACA10E} - C:\WINDOWS\System32\sbdkzewg.dll (file missing)
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [sySP32PE] C:\WINDOWS\sySP32PE.exe
O4 - HKLM\..\Run: [symsnt] C:\WINDOWS\symsnt.exe
O4 - HKLM\..\Run: [PE64oror] C:\WINDOWS\PE64oror.exe
O4 - HKLM\..\Run: [64hh64nt] C:\WINDOWS\64hh64nt.exe
O4 - HKLM\..\Run: [SPntor] C:\WINDOWS\system32\SPntor.exe
O4 - HKLM\..\Run: [orms64] C:\WINDOWS\system32\orms64.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1100800294\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [giulcax] c:\windows\system32\giulcax.exe
O4 - HKLM\..\Run: [bfuKtkb] C:\WINDOWS\ietwp.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Qbzvhp.exe
O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Dufdwf.exe
O4 - HKLM\..\Run: [¢‰¸u0–4C
�}ïÁz�î�[�8C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ietwp.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]_ú"�ü‰üžiC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ietwp.exe
O4 - HKLM\..\Run: [¢‰¸u0Ô@ÔÁß]_ú"�ü‰¸u0C:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ietwp.exe
O4 - HKLM\..\Run: [¢‰¸u0ÔÁß]_ú"�ü‰üžigÝC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\ietwp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareGuardPlus] C:\WINDOWS\system32\winmm64.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - [url]http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029[/url]
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab[/url]
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - [url]http://aolcc.aol.com/computercheckup/qdiagcc.cab[/url]
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - [url]http://software-dl.real.com/198e21ffde891c74dc02/netzip/RdxIE601.cab[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102094944623[/url]
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - [url]http://chat.yahoo.com/cab/yuplapp.cab[/url]
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - [url]http://web1.shutterfly.com/downloads/Uploader.cab[/url]
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll[/url]
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab[/url]
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Posted by: rstones12
Hello canooten,
Welcome to Tech-Forums,
I have outlined some preliminary steps that we need to address. [b]You may want to print out these intructions for reference.[/b] This process will take a few steps so please be patient and follow the provided directions.
[b]1.[/b] First Download [URL=http://cwshredder.net/bin/CWShredder.exe][color=blue]CWShredder[/color][/URL]
And save it to your desktop.
Close all open browser windows and any other open windows.
Install CWShredder, then:
Open CWS and click [b]Check for Updates[/b]
Then click [b]"FIX"[/b]
I suggest doing an online scan just as a secondary check.
[b]2.[/b] Please run this online scan, allow it to delete anything it finds:
You may have to select auto-fix prior to scanning, it should be a selection on the screen.[LIST][URL=http://www.pandasoftware.com/activescan/com/activescan_principal.htm][color=blue]Panda ActiveScan[/color][/URL]
[/LIST]Please make a note of anything that wasn't or couldn't be fixed.
Reboot your machine when finished.
[b]3.[/b] You may have run these programs already, make sure they are up to date and run per provided instructions.
Current Versions are:
[b]Spybot S&D Ver: 1.3[/b] [URL=http://www.safer-networking.org/en/download/index.html][color=blue]Download Here[/color][/URL]
[b]Ad-Aware SE Build 1.05[/b] [URL=http://www.majorgeeks.com/download506.html][color=blue]Download Here[/color][/URL]
Download and install both Spybot S&D and Ad-Aware SE.
Instructions:
[b]Spybot S&D:[/b]
Go to your Start Menu >> Programs >> Spybot S&D >> then choose Spybot S&D.
[b]*[/b]Close [b]ALL [/b]windows except Spybot S&D
[b]*[/b]Click the button to [b]"Search for Updates"[/b] and download and install the Updates.
[b]*[/b]Close Spybot then launch it again
[b]*[/b]Click the button [b]"Check for Problems" [/b]
[b]*[/b]When Spybot is done scanning, it will be showing "RED" (RED) entries, "BLACK" entries and "GREEN" (GREEN) entries in the window
[b]*[/b]Put a check mark beside the RED [color=red](RED) entries ONLY.[/color]
[b]*[/b]Choose "Fix Selected Problems" and allow Spybot to fix the RED [color=red](RED)[/color] entries.
[b]Ad-Aware SE FULL SCAN:[/b]
Go to your Start Menu >> Programs >> Lavasoft Ad-Aware SE >> then choose Ad-Aware SE Personal.
When the main window opens look in the bottom right corner and click on [b]Check For Updates Now[/b] then click Connect and download the latest reference files.
From main window:
[b]*[/b]Click Start then under Select a scan Mode check [b]Perform Full System Scan.[/b]
[b]*[/b]Next [color=red]deselect [/color]Search for negligible risk entries.
[b]*[/b]To scan just click the [b]Next[/b] button.
When the scan has finished [b]mark everything for removal [/b]and get rid of it.
[i](Right-click the window and choose [b]select all[/b] from the drop down menu and click Next)[/i]
The program will ask if you want to fix/delete selected items, choose yes/fix.
Empty Your Recycle Bin.
Reboot your machine and post a new HJT log, by clicking [b]"Post a Reply"[/b]
Thanks,
rstones12
Posted by: southernlady
Closed. Liz
vBulletin Copyright ©2000 - 2003, Jelsoft Enterprises Limited.
PPC Management
vB Easy Archive Final - Created by Xenon
|