Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Buffer overrun problems with AIM

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Buffer overrun problems with AIM

Unread postby fortserious » July 27th, 2006, 7:41 pm

Hi all

Last night my AIM crashed with a buffer overrun error. When I uninstalled and reinstalled it, I got the same error doing installation when it tries to copy "Sysfiles\imagehlp.dll", referencing a .tmp file in "Local Settings\Temp" that always starts with a G.

I ran Ad-aware, Spybot S&D, and ewido but the problem persists - I'm not sure if this is malware but if it is I know you guys would know.

Here's my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 19:41:09 PM, on 7/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\LcdStudio\LcdStudio.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Clipomatic\Clipomatic.exe
C:\WINDOWS\system32\oodag.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\My Downloads\trayit\trayit!.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\apps\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LcdStudio] C:\Program Files\LcdStudio\LcdStudio.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Clipomatic] C:\Program Files\Clipomatic\Clipomatic.exe
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Shortcut to winamp.lnk = C:\Program Files\Winamp\winamp.exe
O4 - Startup: TrayIt!.lnk = D:\My Downloads\trayit\trayit!.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6173585359
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/securedelivery/omn/kdx.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Thanks in advance!
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm
Advertisement
Register to Remove

Unread postby bamajim » July 28th, 2006, 5:40 pm

fortserious

I am currently looking at your log and will have a reply soon.

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby bamajim » July 28th, 2006, 9:11 pm

fortserious

First

Download CCleaner from here to clean temp files from your computer.

    Double click on the file to start the installation of the program.
    Select your language and click OK, then next.
    Read the license agreement and click I Agree.
    Click next to use the default install location. Click Install then finish to complete installation

Double click the CCleaner shortcut on the desktop to start the program.
    On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
    Click on the "Options" icon at the left side of the window, then click on "Advanced."
    deselect "Only delete files in Windows Temp folders older than 48 hours."
    Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program

Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.

    After CCleaner has completed its process, click Exit
Next

Run an online virus scan called Kapersky from HERE.
    1. Click on "Kapersky Online Scanner"
    2. A new smaller window will pop up. Press on "Accept". After reading the contents.
    3. Now Kapersky will update the anti-virus database. Let it run.
    4. Click on "Next">"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
    5. Then click on "My Computer". And the scan will start.
    6. Once finished, save a log as ".txt" to the desktop.
Next Rerun Hijackthis and post a fresh log

Your reply should include
    your online scan log from Kapersky
    A fresh Hijackthis log

Thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby fortserious » July 29th, 2006, 2:08 am

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, July 29, 2006 1:55:46 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/07/2006
Kaspersky Anti-Virus database records: 209742
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
J:\

Scan Statistics:
Total number of scanned objects: 171907
Number of viruses found: 19
Number of infected objects: 64 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:19:41

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\history.dat Object is locked skipped
C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\parent.lock Object is locked skipped
C:\Documents and Settings\Ross\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ross\Desktop\aimfix_quarantine\22399_Data.bak Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\Documents and Settings\Ross\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.pln\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.pln\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.pln\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.pln\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\History\History.IE5\MSHist012006072820060729\index.dat Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Temp\hsperfdata_Ross\1400 Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Temp\Perflib_Perfdata_1ec.dat Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Temp\Perflib_Perfdata_5c0.dat Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Temp\Perflib_Perfdata_650.dat Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Temp\Perflib_Perfdata_b74.dat Object is locked skipped
C:\Documents and Settings\Ross\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ross\My Documents\AIM Logs\Dash012\MessageMarketer\2005-01-14 [Friday]\HomeKeyLogger-setup.exe/data0006 Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.162 skipped
C:\Documents and Settings\Ross\My Documents\AIM Logs\Dash012\MessageMarketer\2005-01-14 [Friday]\HomeKeyLogger-setup.exe/data0007 Infected: not-a-virus:Monitor.Win32.HomeKeyLogger.170 skipped
C:\Documents and Settings\Ross\My Documents\AIM Logs\Dash012\MessageMarketer\2005-01-14 [Friday]\HomeKeyLogger-setup.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Ross\My Documents\misc exe\actmon-setup.exe/actmon.exe Infected: not-a-virus:Monitor.Win32.ActMon.503 skipped
C:\Documents and Settings\Ross\My Documents\misc exe\actmon-setup.exe/wskrnla.exe Infected: not-a-virus:Monitor.Win32.ActMon.511 skipped
C:\Documents and Settings\Ross\My Documents\misc exe\actmon-setup.exe ZIP: infected - 2 skipped
C:\Documents and Settings\Ross\My Documents\misc exe\overnet0.52.exe/data0014/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Documents and Settings\Ross\My Documents\misc exe\overnet0.52.exe/data0014 Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Documents and Settings\Ross\My Documents\misc exe\overnet0.52.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Ross\My Documents\RANDOM CRAP GOES HERE\dashdrive\OTHER\BSINSTALL.exe/WISE0038.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bx skipped
C:\Documents and Settings\Ross\My Documents\RANDOM CRAP GOES HERE\dashdrive\OTHER\BSINSTALL.exe WiseSFX: infected - 1 skipped
C:\Documents and Settings\Ross\My Documents\RANDOM CRAP GOES HERE\dashdrive\OTHER\BSINSTALL.exe WiseSFX Dropper: infected - 1 skipped
C:\Documents and Settings\Ross\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ross\NTUSER.DAT.LOG Object is locked skipped
C:\LimeWire.4.07.Pro.Win.Eng\LimeWireWin.exe Object is locked skipped
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll Object is locked skipped
C:\Program Files\Easy MP3 Alarm Clock\25wu47rd.exe Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped
C:\Program Files\Easy MP3 Alarm Clock\TopTextiLookup.exe Infected: not-a-virus:AdWare.Win32.EZula.o skipped
C:\Program Files\Easy MP3 Alarm Clock\whCC-ELIDA.exe/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\Easy MP3 Alarm Clock\whCC-ELIDA.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\Easy MP3 Alarm Clock\whCC-ELIDA.exe/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\Easy MP3 Alarm Clock\whCC-ELIDA.exe/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\Easy MP3 Alarm Clock\whCC-ELIDA.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\Easy MP3 Alarm Clock\whCC-ELIDA.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\Program Files\Easy MP3 Alarm Clock\whCC-ELIDA.exe RarSFX: infected - 6 skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\ILG054BA.NQF Infected: Worm.Win32.Ranker.a skipped
C:\Program Files\ESET\infected\UPS2FFBA.NQF/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Program Files\ESET\infected\UPS2FFBA.NQF WiseSFX: infected - 1 skipped
C:\Program Files\ESET\infected\UPS2FFBA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\Winamp\Plugins\AudioScrobbler.log.txt Object is locked skipped
C:\RECYCLER\NPROTECT\00000029.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00000030.dll Object is locked skipped
C:\RECYCLER\NPROTECT\00000031.OCX Object is locked skipped
C:\RECYCLER\NPROTECT\00000032.INF Object is locked skipped
C:\RECYCLER\NPROTECT\00000044.isu Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0153224.exe/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
C:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0153224.exe Thinstall: infected - 1 skipped
C:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0153224.exe PE_Patch: infected - 1 skipped
C:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0153285.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
C:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0153292.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
C:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0153842.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
C:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP726\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_7a4.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0155703.exe/WISE0018.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0155703.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0155703.exe WiseSFX: infected - 2 skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0005/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0005/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0005/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0005/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0005/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0005/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula.o skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0155930.exe Inno: infected - 8 skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156017.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156017.exe mIRC: infected - 1 skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0005/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0005/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0005/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0005/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0005/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0005/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula.o skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe/data0007 Infected: not-a-virus:AdWare.Win32.F1Organizer.h skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP666\A0156029.exe Inno: infected - 9 skipped
D:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP726\change.log Object is locked skipped
J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0152711.exe Infected: Flooder.Win32.VB.aq skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0154262.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0154269.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.603 skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0154802.exe/fatovernet.exe Infected: not-a-virus:Server-Proxy.Win32.Overnet skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0154802.exe Thinstall: infected - 1 skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0154802.exe PE_Patch: infected - 1 skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP664\A0155307.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv skipped
J:\System Volume Information\_restore{3A472F1A-6454-4EED-BCF5-C23C957BC4CA}\RP726\change.log Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 2:03:18 AM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Clipomatic\Clipomatic.exe
C:\WINDOWS\system32\oodag.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\My Downloads\trayit\trayit!.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\apps\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://red.clientapps.yahoo.com/customi ... earch/sear

ch.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program

Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program

Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software

Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common

Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop

Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe"

/SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe

-startup
O4 - HKLM\..\Run: [LcdStudio] C:\Program Files\LcdStudio\LcdStudio.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Clipomatic] C:\Program Files\Clipomatic\Clipomatic.exe
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Shortcut to winamp.lnk = C:\Program Files\Winamp\winamp.exe
O4 - Startup: TrayIt!.lnk = D:\My Downloads\trayit\trayit!.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF

Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program

Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program

Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} -

C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program

Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} -

C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program

Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupda ... 6173585359
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) -

http://kdx.omn.org/securedelivery/omn/kdx.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common

Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive

Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido

anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program

Files\Nortel Networks\Extranet_serv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner -

%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH -

C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Kaspersky had a field day with this old old machine.
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

Unread postby bamajim » July 29th, 2006, 11:17 pm

fortserious

Sorry for the delay in my reply.

Your Kapersky scan is actually quite short compared to most we have seen.

Some of the infected files the scan found were in applications you have

Re Run Hijackthis
    At the Main window select "Open the misc tool section"
    Then select "Open uninstall manager"
    Then "save list" and save it to your desktop


Copy and paste that list as a reply to this thread

Are you still getiing your error?
And you have a keylogger program, did you install this on purpose?

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby fortserious » July 30th, 2006, 12:52 am

4U AVI MPEG Converter (version 3.2.0)
7-Zip 4.32
AC3Filter (remove only)
Ace Media Player
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Download Manager 2.0 (Remove Only)
Adobe Help Center 1.0
Adobe Illustrator CS
Adobe Photoshop CS2
Adobe Premiere Pro
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Alarm Master Plus v 4.7
Alcohol 120%
AnalogX Vocal Remover
Anvil Studio
AOL Instant Messenger
Archives Plugin for Google Desktop Search 1.1
Armadillo Run Version 1.0.1
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.3
AVIcodec (remove only)
Azureus
Babarosa Gif Animator 3.5
balldroppings
BCM V.92 56K Modem
Belarc Advisor 6.1
Bontago
BSPlayer
Bulk Rename Utility
Camtasia Studio 2
Canon CanoScan Toolbox 4.5
Canon iP90
CCleaner (remove only)
CDisplay 1.8
Celestia 1.3.1
Citrus Alarm Clock 1.0.5
Clipomatic
Codec Pack - All In 1 6.0.2.2
COH Character Creator
Cool Edit Pro 2.0
Corel Painter IX
Creative EAX Console
Creative Jukebox Driver
Creative MediaSource
Creative NOMAD Jukebox Zen Xtra
Creative Speaker Settings
CustomBar Registered Version
Cypress USB Mass Storage Driver Installation
DAEMON Tools
dBpowerAMP Music Converter
DC++ (remove only)
DeadAIM
Device Control
Diskeeper Professional Edition
DivX
DivX Player
DivX Player
dMC Power Pack
dMC SPA Sveta Rio Driver
dMC Sveta Portable Audio
Dr. DivX 1.0.4
Dynamic Library v1.03
Easy CD & DVD Creator 6
Easy MP3 Alarm Clock 1.0
ewido anti-spyware 4.0
eXeem 0.27
FadeToBlack
ffdshow (remove only)
FL Studio 5
FlashGet(JetCar)
Fontographer 4.1
Fraps (remove only)
Free CD-DA Extractor 4.8
Game Cam
Game Maker 5.3A
GCFScape 1.2.5
Gish Demo
GLtron version 0.70
GoldWave v5.08
Google Desktop
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Grand Theft Auto: San Andreas
GSpot Codec Information Appliance
GTK+ Runtime 2.4.7 rev a (remove only)
Guitar Pro 4
HalfMoon Calendar version 1.1
Hamachi 0.9.9.9
HijackThis 1.99.1
HP Deskjet 6800
HP Deskjet 6800
HP Software Update
InterActual Player
IrfanView (remove only)
IsoBuster 1.6
iZotope Ozone 1.0 for Winamp2 and Winamp3
iZotope Ozone 3
J2SE Runtime Environment 5.0 Update 6
Kaspersky Online Scanner
Last.fm Player 1.0.4
LcdStudio 2.0 build 655
LEGO Island
LimeWire
LimeWire PRO 4.11.0
LiveUpdate 1.90 (Symantec Corporation)
Logitech G-series Keyboard Software
Logitech SetPoint
Macromedia Extension Manager
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Macromedia Flash Player 8
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Macromedia Shockwave Player
Marble Blast Gold Demo (remove only)
MaxBlast 4
Meetro 0.92 beta
MemMAX v1.1 (1.1.1.2)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office XP Small Business
mIRC
ModPlug Player
Morpher
Mozilla Firefox (1.5.0.5)
Mozilla Thunderbird (1.5)
MSN Messenger 6.2
MTA: Race for San Andreas R1.1
MTA: San Andreas Server R1.03
Music Visualizer Library 1.4.00
Myst for Windows 95
Myst IV - Revelation
Nalsoft AIM Log Manager v16301
Napster
Narbacular Drop version 1.4
Nero Digital
Net MD Simple Burner
Network Stumbler 0.4.0 (remove only)
NOD32 antivirus system
NOD32 FiX v2.1
Nortel Networks Contivity VPN Client
Notepad++
O&O Defrag Professional Edition
OMN
OmniPage SE 2.0
OpenMG Limited Patch 3.1-02-10-22-01
OpenMG Limited Patch 3.1-02-10-22-02
OpenMG Limited Patch 3.1-02-12-04-01
OpenMG Secure Module 3.1
Pdf995
PE Builder 3.1.9
PeerGuardian v1.99 pr14
PHP 5.0.4
Pintar VirtuaLab Mechanics 2.0 (Lite) - Remove Only
POD2_0
PowerDVD
PowerISO
Project64 1.6
QuickTime
Real Alternative 1.22
RealPlayer
Red Alert
Remove DivX Pro Codec
Riva FLV Encoder 2.0
Riven
RM2K Font Utility 1.1
Roxio Burn Engine
RPG Maker 2000 1.03
RTP for RM2K (Png, Wav, Midi, Fonts)
ShellUploader
SHOUTcast Source DSP 1.8.2 (remove only)
SiS 900 PCI Fast Ethernet Adapter Driver
Skype 2.0
SmartFTP
SnagIt 7
Sonic DVDit Pro
Sonic Express Labeler
Sonic Update Manager
Sony USB Driver
Sothink SWF Decompiler
SoulSeek Client 156c
SpeechRedist
Spybot - Search & Destroy 1.2
StartupMonitor
StationRipper 2.05B
Steam
TDK Launcher
TES Construction Set
The Longest Journey
The Typing of The Dead US
The Way - Episode 5
TMPGEnc 3.0 XPress
TuneUp Utilities 2004
Tweak UI
UltraMon
Update for Windows XP (KB898461)
USB Storage Adapter FX (SM1)
Ventrilo Client
VideoLAN VLC media player 0.8.5
Videosoft H.264 Decoder 2.2 BETA
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Visual C# 2005 Express Edition Beta - English
VTFEdit 1.2.0
WhatPulse
WildTangent Web Driver
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Service Pack 2
WinHTTrack Website Copier 3.32-2
WinMPG Video Convert 5.6
WinPcap 3.1 beta3
WinRAR archiver
WinZip
Within a Deep Forest 1.0.2
WordBiz version 1.8
Words That Follow
Worms Armageddon
XviD MPEG4 Video Codec (remove only)
Yahoo! Messenger
Yahoo! Toolbar
Zap! (remove only)
ZD-spc


Yes, I'm still getting the error.

Also, I'm aware of the keylogger's setup file existence but you implied that it was installed. If this is the case, it's hiding from me and I'd prefer removal instructions for that too if you would.

Thanks so far! Hopefully we can figure this out.
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

Unread postby bamajim » July 31st, 2006, 12:39 pm

fortserious

Go to Add/Remove programs and uninstall the following programs
    Easy MP3 Alarm Clock 1.0 <<-This object is infected with adware->>
    Nalsoft AIM Log Manager v16301 <<-This is the keylogger we discussed->>
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player <<- This Article->>
We need to make sure we can see hidden files and folders
    Click Start.
    Click My Computer.
    Select the Tools menu and click Folder Options.
    Select the View Tab.
    Under the Hidden files and folders heading select Show hidden files and folders.
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.
    Uncheck the Hide file extensions for known file types.
    Click OK.
Next Using Windows Explorer
Locate and delete the following file
    C:\Documents and Settings\Ross\My Documents\misc exe\overnet0.52.exe

Exit Windows Explorer

Reboot your PC, rerun Hijackthis and post a fresh Hijackthis log

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby fortserious » August 1st, 2006, 3:13 am

Logfile of HijackThis v1.99.1
Scan saved at 3:12:35 AM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\LcdStudio\LcdStudio.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Clipomatic\Clipomatic.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Winamp\winamp.exe
D:\My Downloads\trayit\trayit!.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\CTPdeSrv.exe
D:\apps\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... earch.html
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LcdStudio] C:\Program Files\LcdStudio\LcdStudio.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Clipomatic] C:\Program Files\Clipomatic\Clipomatic.exe
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Shortcut to winamp.lnk = C:\Program Files\Winamp\winamp.exe
O4 - Startup: TrayIt!.lnk = D:\My Downloads\trayit\trayit!.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6173585359
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/securedelivery/omn/kdx.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

I intentionally have Nalsoft installed. I thought you were referring to something else.
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

Unread postby bamajim » August 1st, 2006, 12:28 pm

fortserious

First Rerun Hijackthis(scan only)
Place a check beside the following entries
Close all open windows, except Hijackthis and select "Fix checked"

Next Reboot into Safe Mode
This can be done by
    Restarting your PC, after it starts, but before you see the Windows splash screen
    Begin tapping the F8 key twice a second until another menu screen appears (black screen with white menu choices)
    Using your arrow keys ->> Select Safe Mode->> Enter
Once in safe mode

Run Ewido
    Click scanner
    Select Complete system scan
Once the scan finishes
    Select Apply all actions (The items found will be quarantined)
    Click save report as (Another window will open)
    Save it to your desktop
    (By default It will be saved in the Ewido folder as)
    C:\Program Files\ewido anti-spyware 4.0\Reports
Exit Ewido

Reboot your PC in Normal Mode

    Double click the report-scan txt. you saved to your desktop
    It will open in Notepad
    Copy and paste that report as a reply to this thread
Your reply should include
    your report_scan.txt from Ewido
    A fresh Hijackthis log

Thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby fortserious » August 3rd, 2006, 2:21 pm

Just letting you know I am leaving on vacation until the 12th. I ran the scan through the c drive, but had to cancel it prematurely. I didn't think to see if I could save a report after cancelling it, but when I return I'll post a new report-scan after re-running it.

Sorry about the wait.
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

Unread postby bamajim » August 3rd, 2006, 4:41 pm

fortserious

No problem, just reply when your ready. And have a good time. :)
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby fortserious » August 13th, 2006, 2:51 pm

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:34:17 PM 8/13/2006

+ Scan result:



C:\Documents and Settings\Ross\My Documents\misc exe\actmon-setup.exe/wskrnlae.dll -> Not-A-Virus.Monitor.Win32.Iopus.A : No action taken.
:mozilla.55:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.87:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.88:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.89:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.75:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.95:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.96:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.68:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.102:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.103:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.104:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.105:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.76:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.77:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.79:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.80:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.70:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.56:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.57:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.58:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.59:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.60:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.90:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.91:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.92:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.93:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.94:C:\Documents and Settings\Ross\Application Data\Mozilla\Firefox\Profiles\default.pln\cookies.txt -> TrackingCookie.Zedo : No action taken.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 14:50:48 PM, on 8/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\StartupMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Clipomatic\Clipomatic.exe
C:\FRAPS\FRAPS.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Winamp\winamp.exe
D:\My Downloads\trayit\trayit!.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\CTPdeSrv.exe
D:\pictures\Sin City\#01 Sin City\cover art.{D3E34B21-9D75-101A-8C3D-00AA001A1652}\etc\porntorrent\utorrent.exe
D:\apps\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\apps\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCaptureBho Object - {7c1ce531-09e9-4fc5-9803-1c2956615786} - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [LcdStudio] C:\Program Files\LcdStudio\LcdStudio.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Clipomatic] C:\Program Files\Clipomatic\Clipomatic.exe
O4 - HKCU\..\Run: [AIM Logger] C:\PROGRA~1\Nalsoft\AIMLOG~1\nalgr.exe /start /minimize
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - Startup: Shortcut to winamp.lnk = C:\Program Files\Winamp\winamp.exe
O4 - Startup: TrayIt!.lnk = D:\My Downloads\trayit\trayit!.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6173585359
O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.omn.org/securedelivery/omn/kdx.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe
fortserious
Active Member
 
Posts: 13
Joined: June 29th, 2006, 6:14 pm

Unread postby bamajim » August 14th, 2006, 3:35 pm

fortserious

From your Ewido report, I think the settings must be off. Nothing was Quarantined. :)

Please review this portion of the previous post, and re run Ewido again

Once in safe mode

Run Ewido
    Click scanner
    Select Complete system scan
Once the scan finishes
    Select Apply all actions (The items found will be quarantined)
    Click save report as (Another window will open)
    Save it to your desktop
    (By default It will be saved in the Ewido folder as)
    C:\Program Files\ewido anti-spyware 4.0\Reports

Exit Ewido

Then repost the Ewido log

thanks bamajim
User avatar
bamajim
Visiting Staff
 
Posts: 1138
Joined: February 3rd, 2006, 11:09 am

Unread postby agrarianmonk » September 5th, 2006, 9:55 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware