Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Hijack This Log Attached

Reply
1 2

Join Date: Feb 2004
Posts: 10,025
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 759
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Hijack This Log Attached

 
0
  #11
Aug 14th, 2006
They certainly can cause crashes etc., but if the fan is not turning on your psu, I would have to suspect that first .
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Apr 2005
Posts: 29
Reputation: labber is an unknown quantity at this point 
Solved Threads: 1
labber labber is offline Offline
Light Poster

Re: Hijack This Log Attached

 
0
  #12
Aug 22nd, 2006
Well I needed a new power supply. Here's the results of everything you advised. ( Now how do I restore the Administrative Tools missing?)
Results of Jottis and HijackThis:
Online Malware scanJottis Malwarescan 2.99-TRANSITION_TO_3.00-R1

Datei, die hochgeladen und gescannt werden soll:
Dienst
Auslastung: 0% 100%

Status: Bitte warten...
Powered by

Disclaimer
Durch das Hochladen von Dateien auf diesen Server stimmen Sie zu, dass
ihre Dateien lokal gespeichert werden.

Ferner: Dieser Dienst ist keineswegs hundertprozentig sicher. Falls der
Scanner ein 'OK' gibt, bedeutet das nicht notwendigerweise, dass die Datei
sauber ist. Es könnte ein völlig neuer Virus auf freiem Fuß sein!
Verlassen Sie sich niemals auf ein einzelnes Produkt alleine, selbst auf
diesen Dienst nicht, obwohl er mehrere Produkte einsetzt. Für Schäden, die
durch diesen nichtkommerziellen Online-Dienst verursacht wurden, bin ich
daher nicht verantwortlich, noch kann ich dafür verantwortlich gemacht
werden.

Ich bin mir auch über die Folgen einer Einrichtung wie dieser im klaren.
Ich bin mir sicher, dass diese ganze Geschichte keinesfalls
wissenschaftlich korrekt ist, da dies ein vollautomatischer Dienst ist
(obwohl eine manuelle Korrektur möglich ist). Ich bin mir zum Beispiel
bewußt, dass "False Positives" (ein Fehlalarm, bei dem eine saubere Datei
irrtümlich als Virus detektiert wird) auftreten könnten, trotz der
Anstrengungen, diesen proaktiv zu begegnen. Ich halte das nicht für eine
große Sache, also schicken Sie mir bitte keine Emails über solche
Vorkommnisse. Dies ist ein einfacher Onlinescanner, und nicht die
Universität von Magdeburg.

Die Virensignaturen werden jede Stunde aktualisiert. Das Dateigrößenlimit
beträgt 15 MB pro Datei.
DIE MISSBRÄUCHLICHE NUTZUNG DIESES DIENSTES (EINSCHLIESSLICH DES
HOCHLADENS ABSICHTLICH MODIFIZIERTER
-GEPACKTER/VERSCHLÜSSELTER/BYTESWAPPED- VERSIONEN DER GLEICHEN DATEI) HAT
ZUR FOLGE, DASS IHRE IP GESPERRT WIRD.

Bitte fordern Sie keine dieser Viren an, wenn Sie nicht für Hersteller von
Anti-Viren-Software arbeiten. Viren sind nicht zum Tauschen da.

Das Scannen kann eine Weile dauern, da mehrere Scanner benutzt werden.
Zudem nutzen einige Scanner eine sehr hohe Heuristikstufe (was
zeitaufwendig ist). Die benutzten Scanner sind Linuxversionen, und es
können sich (oder auch nicht) Unterschiede zu Windowsscannern ergeben.
Noch eine Anmerkung: manche Scanner detektieren nur einen Virus, wenn
Archive mit mehreren Malwaredateien gescannt werden.

Gefördert durch Spenden (in willkürlicher Reihenfolge) von: Stormbyte
Technologies LLC, The ClamAV project, James Love, Gideon Pertzov, Malcolm
Murray, Nigel Thomas, Wendy Dickerson, Anthony Midmore, "ethereal", Mark
Rubins, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders
Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks,
und einigen Leuten, die es vorziehen, anonym zu bleiben... Vielen Dank an
alle!

Statistik
Zuletzt gefundene Malware war SearchBar.dll, gefunden von:

Scanner Name der Malware
AntiVir Adware-Spyware/Eztrack.C adware
ArcaVir X
Avast Win32pyware-gen.
AVG Antivirus Generic.KDL
BitDefender X
ClamAV X
Dr.Web Adware.Softomate
F-Prot Antivirus X
Fortinet X
Kaspersky Anti-Virus not-a-virus:AdWare.Win32.Eztracks.b
NOD32 X
Norman Virus Control X
UNA Adware.Eztracks
VirusBuster X
VBA32 X


Es steht Ihnen frei, diese automatisch generierten, ungültigen Statistiken
(falsch) zu interpretieren. Für Vergleichstests von Anti-Viren Software,
besuchen Sie AV comparatives.



Häufig gestellte Fragen (FAQ) - Feedback/Kommentare/Fragen/Fehlalarme (bitte
ausschließlich auf Englisch)



Logfile of HijackThis v1.99.1
Scan saved at 11:53:31 PM, on 8/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\khooker.exe
C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\mqsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Linda Beres\Local Settings\Temp\wzcbb1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: (no name) - {3895E11E-CE70-4177-8748-744999544856} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {3B24C46B-5E6A-49D6-97C7-82CF8AF7A244} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40A30527-56E4-4187-A60A-6E64FBC3A660} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {4FC26B6B-9FE8-4FFB-85E6-A3C44D65AA2D} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {54B3101D-8128-4FA3-8C78-5FBE8C68C0E3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {621C0B59-885F-44CB-B663-96815DBF6722} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {75BBAF6C-83D3-4DCC-BE70-8C57A0100C14} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7B6E631B-CE92-4353-BA92-74F8C65D49D2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {A3778469-65F2-4512-8C27-5EB8882174B5} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {AF22A86B-58C7-48EC-8B10-28C5B59862FE} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {C5912007-7F7D-4C63-89E9-8AE32A2B9DF3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {C9E1BFED-F228-460A-9398-6532325FD4A7} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {D170BD9E-5D5B-4DDA-A869-F9B25AFB3710} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {D24E9E89-EB57-45E4-B971-93303F1A16FD} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {D531A7CE-A0D5-43AD-88C3-80264EA73B8C} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINNT\system32\ubbv.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,025
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 759
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Hijack This Log Attached

 
0
  #13
Aug 22nd, 2006
Please disable Ewido before going on with the following. Open Task Manager to make certain it has stopped.

Can you please do the following.

===============

You are still running hijackthis from a temp folder. so let's move HiJackThis to it's own folder; like c:\HJT. When we're done 'cleaning' off your system, we're going to 'flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.

Also move the "Backups" folder, for HiJackThis, if present.

===============

Scan with HijackThis and then place a check next to all the following, if present:


O2 - BHO: (no name) - {3895E11E-CE70-4177-8748-744999544856} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {3B24C46B-5E6A-49D6-97C7-82CF8AF7A244} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {40A30527-56E4-4187-A60A-6E64FBC3A660} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {4FC26B6B-9FE8-4FFB-85E6-A3C44D65AA2D} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {54B3101D-8128-4FA3-8C78-5FBE8C68C0E3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {621C0B59-885F-44CB-B663-96815DBF6722} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {75BBAF6C-83D3-4DCC-BE70-8C57A0100C14} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {7B6E631B-CE92-4353-BA92-74F8C65D49D2} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {A3778469-65F2-4512-8C27-5EB8882174B5} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {AF22A86B-58C7-48EC-8B10-28C5B59862FE} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {C5912007-7F7D-4C63-89E9-8AE32A2B9DF3} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {C9E1BFED-F228-460A-9398-6532325FD4A7} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {D170BD9E-5D5B-4DDA-A869-F9B25AFB3710} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {D24E9E89-EB57-45E4-B971-93303F1A16FD} - C:\Program Files\Accessories\horejoruj.dll (file missing)
O2 - BHO: (no name) - {D531A7CE-A0D5-43AD-88C3-80264EA73B8C} - C:\Program Files\Accessories\horejoruj.dll (file missing)

O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Filter: text/html - {F8D76886-FA88-4DF6-8FBD-C02CF8C91C94} - C:\WINNT\system32\ubbv.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

files...

C:\WINNT\system32\ubbv.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear.
Select the first option to run Windows in Safe Mode hit enter.

-

Reboot.

===============

Download VirtumundoBeGone by secured2k
  1. Save the file to your desktop
  2. Close all running programs (including your Internet Browser)
  3. Double-click VirtumundoBeGone.exe on the desktop
  4. Read the introductory information, and then click Continue
  5. Click Start
  6. When asked if you want to continue, click Yes to run the fix
  7. Click "Save Log"

==

Please post that log and a log from Hijackthis.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Apr 2005
Posts: 29
Reputation: labber is an unknown quantity at this point 
Solved Threads: 1
labber labber is offline Offline
Light Poster

Re: Hijack This Log Attached

 
0
  #14
Aug 22nd, 2006
Here's the logs for VirtumundoBeGone and HijackThis.


[08/22/2006, 20:14:02] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Linda Beres\Desktop\VirtumundoBeGone.exe" )
[08/22/2006, 20:14:04] - Detected System Information:
[08/22/2006, 20:14:04] - Windows Version: 5.0.2195, Service Pack 4
[08/22/2006, 20:14:04] - Current Username: Linda Beres (Admin)
[08/22/2006, 20:14:04] - Windows is in NORMAL mode.
[08/22/2006, 20:14:04] - Searching for Browser Helper Objects:
[08/22/2006, 20:14:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[08/22/2006, 20:14:04] - BHO 2: {0CF0B8EE-6596-11D5-A98E-0003470BB48E} (CCHelper Class)
[08/22/2006, 20:14:04] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/22/2006, 20:14:04] - Finished Searching Browser Helper Objects
[08/22/2006, 20:14:04] - Finishing up...
[08/22/2006, 20:14:04] - Nothing found! Exiting...

Logfile of HijackThis v1.99.1
Scan saved at 8:17:18 PM, on 8/22/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\snmp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\khooker.exe
C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\system32\mqsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\cidaemon.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Linda Beres\Local Settings\Temp\wz46f9\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Pro\CCHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Pa&nicware Pop-Up Stopper Pro - {B1E741E7-1E77-40D4-9FD8-51949B9CCBD0} - C:\Program Files\Panicware\Pop-Up Stopper Pro\popuppro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINNT\system32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1141787050\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
O9 - Extra button: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O12 - Plugin for .bmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin8.dll
O12 - Plugin for .m4v: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} (DiameterTransfer Control) - http://www.sis.com/download/SISTransfer.cab
O16 - DPF: {2F003D51-39FD-4D18-9016-95CF70B92ABE} - http://download.movienetworks.com/in...altpmtscab.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {A0EAC162-A012-4AD8-B2E1-D5A0BBBCDA51} (PopupSh Control) - http://206.222.26.90/images/PopupSh.ocx
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,025
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 759
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Hijack This Log Attached

 
0
  #15
Aug 23rd, 2006
Try this please.

Right-click the Start button, and then click Properties. On the Start Menu tab, click Customize. On the Advanced tab, under Start menu items, click System Administrative Tools. Click to select either the Display on the All Programs menu or the Display on the All Programs menu and the Start menu option. Click OK , and OK again to save the change.

If that does not work and if you have your installation disc available, put the CD in the drive then go to Start|Run and type in sfc /scannow and hit ok. This will replace any corrupt files.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Apr 2005
Posts: 29
Reputation: labber is an unknown quantity at this point 
Solved Threads: 1
labber labber is offline Offline
Light Poster

Re: Hijack This Log Attached

 
0
  #16
Aug 23rd, 2006
When I right click the Start button there is no Properties selection???
I tried your 2nd option by inserting my installation CD and click start/run and typed in sfc/scannow and i get the following error: Cannot find the file sfc/scannow (or one of its components). Make sure the path and filename are correct and that all required libraries are available.

Now what do you think? Thanks!!!
Reply With Quote Quick reply to this message  
Join Date: Apr 2005
Posts: 29
Reputation: labber is an unknown quantity at this point 
Solved Threads: 1
labber labber is offline Offline
Light Poster

Re: Hijack This Log Attached

 
0
  #17
Aug 29th, 2006
I'm not sure if you saw my latest post from about a week ago, but here it is again. Any help you can give is always appreciated. I did get a suggestion to do a Slip Stream to restore any corrupt files, but I was hoping there was an easier solution. Any suggestions?

When I right click the Start button there is no Properties selection???
I tried your 2nd option by inserting my installation CD and click start/run and typed in sfc/scannow and i get the following error: Cannot find the file sfc/scannow (or one of its components). Make sure the path and filename are correct and that all required libraries are available.

Now what do you think? Thanks!!!
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,025
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 759
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: Hijack This Log Attached

 
0
  #18
Aug 30th, 2006
Did you include the space before the switch? Like this; sfc /scannow not this; sfc/scannow how you showed it above.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply
1 2

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn news obama paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC