Recently I picked up some malware - every now and then the message box would come up saying "WARNING: Windows Firewall detected suspicious network activity on your computer. Malicious software codes try to steal your privacy information, such as credit card numbers, electronic mail accounts, financial data or passwords.
Do you want to learn how to protect your computer?"
Could someone tell me how to get rid of it? This is my hijackthis log:
Logfile of HijackThis v1.99.0
Scan saved at 6:51:55 PM, on 6/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programs\Inet\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programs\Music\Audio Sliders 2\volume.exe
C:\Programs\Utilities\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Programs\Utilities\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programs\Image\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
C:\Programs\Image\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Programs\Inet\ICQ\ICQ.exe
C:\Programs\Image\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Programs\Image\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Programs\Music\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Programs\Utilities\Far\Far.exe
F:\System\Utilz\Spyware Removal Stuff\HijackThis.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Programs\UTILIT~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programs\Image\Acrobat 6.0 Writer\Acrobat\AcroIEFavClient.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Programs\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Internet Explorer Hot Fix - {F1B11C5A-0DD9-49FC-A91F-05114CA4E4CC} - C:\WINDOWS\System32\grmhg.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programs\Image\Acrobat 6.0 Writer\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programs\Inet\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Audio Sliders Launch] "c:\Programs\Music\Audio Sliders 2\volume.exe" /s
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Programs\Inet\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Programs\Utilities\TrueImage\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programs\Utilities\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programs\Utilities\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: HPAiODevice(hp officejet d series) - 1.lnk = C:\Programs\Image\Hewlett-Packard\AiO\hp officejet d series\Bin\hpoojd07.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Programs\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Programs\UTILIT~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programs\Inet\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programs\Inet\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programs\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programs\Inet\YAHOO!~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programs\Inet\YAHOO!~1\YPager.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{37CA1866-B2B5-44B3-BAB0-F146EB898EBD}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{4445E147-ACD6-421A-AA05-5959F607536E}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B4EA2E1-9A50-4FED-A5C3-F97FE4DCB0DF}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{A396273E-8FA3-4539-9CFB-F17ECBF9C028}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD5A70D4-B560-4E13-B7F1-289745C21FCC}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS1\Services\Tcpip\..\{37CA1866-B2B5-44B3-BAB0-F146EB898EBD}: NameServer = 69.50.184.84,195.225.176.37
O17 - HKLM\System\CS2\Services\Tcpip\..\{37CA1866-B2B5-44B3-BAB0-F146EB898EBD}: NameServer = 69.50.184.84,195.225.176.37
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programs\Utilities\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Kodak Camera Connection Software - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Thanks everyone!