MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: want to know if there is a virus on the this compu
March 29, 2020, 02:05:48 PM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
March 29, 2020, 02:05:48 PM

Login with username, password and session length
 Featured Sites:
News
Welcome to MyTechSupport.ca! - Registration is FREE, so why not join our friendly community today?
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: want to know if there is a virus on the this compu  (Read 1666 times)
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« on: November 27, 2005, 11:16:44 PM »

Logfile of HijackThis v1.99.0
Scan saved at 6:14:59 PM, on 11/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\Program Files\WinFixer_2005\uwfx5.exe
C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\DOCUME~1\AFSPEC~1.PRO\LOCALS~1\Temp\PMLSP.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\AF Spec. Productio\Desktop\spyware\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\jkhhi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockadeHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\jkklk.dll
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - (no file)
O2 - BHO: (no name) - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - (no file)
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [WinFixer_2005] C:\Program Files\WinFixer_2005\uwfx5.exe /scan
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe" /startup
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131429320751
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab
O23 - Service: AOL Connectivity Service - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service - Unknown - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager - Brother Industries, Ltd. - C:\WINDOWS\SYSTEM32\Brmfrmps.exe
O23 - Service: BrSplService - brother Industries Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Unknown - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Thank you for any help with this.
Logged

scheins
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #1 on: November 27, 2005, 11:28:53 PM »

since my last message i got a blue screen that said
stop:c000021a  the windows logon process system process terminated unexpectedly with a status of 0xc0000005 (0x00000000 0x00000000) The system has been shutdown.

i was running adware at the time and was just having the finding quartined when this happened.
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #2 on: November 28, 2005, 12:38:11 AM »

You have a bit of a mess here,a lot of nasties, and it may take a few hits to clean it all up...

Uninstall Winfixer 2005 from add/remove programs if it is listed there.

Download any of the required programs before attempting to start any of the fixes

Please print these instructions out for use in Safe Mode. If for some reason you cannot get into safe mode, run it in normal mode.

Download VirtumundoBegone  and save it to your desktop. When you have done this doubleclick on VirtumundoBeGone.exe and follow the instructions. When it has finished, reboot and post the log that is created on your desktop called VBG.TXT in your next reply. Do not worry if you see a BLUE SCREEN "Fatal Error" Message, it is normal and expected.
==============================

Download AboutBuster

Then unzip all files from the zip folder to a folder or your desktop. Start it and press the OK button. Then hit the update button and a new screen will appear. On that screen press the Check for Updates button..

To scan your machine, press the Start button and then press OK. The program should start scanning. When it is done, press the exit button and reboot. Once rebooted run About:Buster one more time.

This program is updated often so you should always use the built in update feature before you scan with it.
========================================

To help clean out Trusted Zones,download and run   DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.
=========================================

Reboot your computer

==================

Please start by putting your computer in SAFE MODE.  During reboot, tap the F8 key. Select Safe Mode and then run HJT.
--------------------------------------------------------------


Uninstall the following programs (if they still exist) Go into HijackThis->Config->Misc.Tools->Open Uninstall manager

C:\Program Files\WinFixer_2005

-----------------------------------------------------------------


Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click End Process for each one if they are still listed.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\jkhhi.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\jkklk.dll
O2 - BHO: OemjiSearchPlus - {D240DC29-C093-4388-B71F-A7103C796B0C} - (no file)
O2 - BHO: (no name) - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - (no file)
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKCU\..\Run: [WinFixer_2005] C:\Program Files\WinFixer_2005\uwfx5.exe /scan
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer_2005\uwfx5.exe" /min
O15 - Trusted Zone: http://*.billingnow.com
O15 - Trusted Zone: http://*.reliablestats.com
O15 - Trusted Zone: http://*.winantispyware.com
O15 - Trusted Zone: http://*.winantivirus.com
O15 - Trusted Zone: http://*.winantiviruspro.com
O15 - Trusted Zone: http://*.winfixer.com
O15 - Trusted Zone: http://*.winnanny.com
O15 - Trusted Zone: http://*.winsoftware.com
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?




-----------------------------------------------------------------


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.
========================================

For a final cleanup Run a full scan here with Ewido .During some scans  it may find cases of false positives so you will need to step through the process of cleaning files one-by-one.
 
Restart your computer and post a new HijackThis log
« Last Edit: November 28, 2005, 12:53:50 AM by Pancake » Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #3 on: November 28, 2005, 09:30:11 PM »

I did as you said here are the logs.  the only one i did not do anyhting with tis the ewido because i dont want to erase anything that i might need so i posted it so you should take a look and tell me anything that needs to be taken off. Thank you for your help in this matter.

HJT Log

Logfile of HijackThis v1.98.1
Scan saved at 4:27:47 PM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\AF Spec. Productio\Desktop\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockadeHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Oemji\Toolbar\PopupBlocker\PBHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DW4] "C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [AOLCC] "C:\PROGRA~1\AOLCOM~2\ACCAgnt.exe" /startup
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Startup: palmOne Registration.lnk = C:\Program Files\Palm\register.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: SmartUI.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1131429320751
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {E4DFABBD-F5F6-11D3-8421-0080C6F79C42} (SpeechControl Class) - http://www.directxtras.com/speaksforitself/download/speechplugin.cab




VBG.txt

[11/28/2005, 15:04:56] - Starting Process...
[11/28/2005, 15:04:56] - Looking for Browser Helper Object [MSEvents Object]
[11/28/2005, 15:04:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -
[11/28/2005, 15:04:56] - WARNING: 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - BHO Name is blank.
[11/28/2005, 15:04:56] - Checking for WinLogon Notify reference. (File: C:\WINDOWS\system32\jkhhi.dll)
[11/28/2005, 15:04:56] - Found a reference to C:\WINDOWS\system32\jkhhi.dll in Winlogon Notify! This is most likely Virtumundo!
[11/28/2005, 15:04:56] - Assigning {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} MSEvents Object
[11/28/2005, 15:04:56] - BHO list has been changed! Starting over...
[11/28/2005, 15:04:56] - 1: {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - MSEvents Object
[11/28/2005, 15:04:56] - Found MSEvents Object!
[11/28/2005, 15:04:56] - File location: C:\WINDOWS\system32\jkhhi.dll
[11/28/2005, 15:04:56] - Attempting to kill C:\WINDOWS\system32\jkhhi.dll
[11/28/2005, 15:04:56] - Terminating Process: RUNDLL32.EXE
[11/28/2005, 15:04:56] - Terminating Process: IEXPLORE.EXE
[11/28/2005, 15:04:57] - Disabling Automatic Shell Restart
[11/28/2005, 15:04:57] - Terminating Process: EXPLORER.EXE
[11/28/2005, 15:04:57] - Suspending the NT Session Manager System Service
[11/28/2005, 15:04:57] - Terminating Windows NT Logon/Logoff Manager
[11/28/2005, 15:04:58] - Re-enabling Automatic Shell Restart
[11/28/2005, 15:04:58] - Renaming C:\WINDOWS\system32\jkhhi.dll -> C:\WINDOWS\system32\jkhhi.dll.vir
[11/28/2005, 15:04:58] - File rename was unsucessful. Rename operation sent to SMSS for next reboot.
[11/28/2005, 15:04:58] - Removing Registry references to {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/28/2005, 15:04:58] - Adding Internet Explorer Protection (Kill ActiveX) for {00DBDAC8-4691-4797-8E6A-7C6AB89BC441}
[11/28/2005, 15:04:58] - Removing Winlogon Notify Entry: jkhhi
[11/28/2005, 15:04:58] - BHO list has been changed! Starting over...
[11/28/2005, 15:04:58] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/28/2005, 15:04:58] - 2: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - PBlockadeHelper Class
[11/28/2005, 15:04:58] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/28/2005, 15:04:58] - 4: {B313D637-F405-4052-AC37-E2119AB3C8F8} - MSEvents Object
[11/28/2005, 15:04:58] - Found MSEvents Object!
[11/28/2005, 15:04:58] - File location: C:\WINDOWS\system32\jkklk.dll
[11/28/2005, 15:04:58] - Attempting to kill C:\WINDOWS\system32\jkklk.dll
[11/28/2005, 15:04:58] - Terminating Process: RUNDLL32.EXE
[11/28/2005, 15:04:58] - Terminating Process: IEXPLORE.EXE
[11/28/2005, 15:04:58] - Disabling Automatic Shell Restart
[11/28/2005, 15:04:58] - Terminating Process: EXPLORER.EXE
[11/28/2005, 15:04:58] - Suspending the NT Session Manager System Service
[11/28/2005, 15:04:58] - Terminating Windows NT Logon/Logoff Manager
[11/28/2005, 15:04:58] - Re-enabling Automatic Shell Restart
[11/28/2005, 15:04:59] - Renaming C:\WINDOWS\system32\jkklk.dll -> C:\WINDOWS\system32\jkklk.dll.vir
[11/28/2005, 15:04:59] - File successfully renamed!
[11/28/2005, 15:04:59] - Removing Registry references to {B313D637-F405-4052-AC37-E2119AB3C8F8}
[11/28/2005, 15:04:59] - Adding Internet Explorer Protection (Kill ActiveX) for {B313D637-F405-4052-AC37-E2119AB3C8F8}
[11/28/2005, 15:04:59] - Removing Winlogon Notify Entry: jkklk
[11/28/2005, 15:04:59] - BHO list has been changed! Starting over...
[11/28/2005, 15:04:59] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/28/2005, 15:04:59] - 2: {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - PBlockadeHelper Class
[11/28/2005, 15:04:59] - 3: {AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper
[11/28/2005, 15:04:59] - 4: {D240DC29-C093-4388-B71F-A7103C796B0C} -
[11/28/2005, 15:04:59] - WARNING: 4: {D240DC29-C093-4388-B71F-A7103C796B0C} - BHO Name is blank.
[11/28/2005, 15:04:59] - Checking for WinLogon Notify reference. (File: )
[11/28/2005, 15:04:59] - Couldn't find  in Winlogon Notify. Ignoring {D240DC29-C093-4388-B71F-A7103C796B0C}.
[11/28/2005, 15:04:59] - 5: {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} -
[11/28/2005, 15:04:59] - WARNING: 5: {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - BHO Name is blank.
[11/28/2005, 15:04:59] - Checking for WinLogon Notify reference. (File: )
[11/28/2005, 15:04:59] - Couldn't find  in Winlogon Notify. Ignoring {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}.
[11/28/2005, 15:04:59] - Finished searching for [MSEvents Object]
[11/28/2005, 15:04:59] - Finishing up...
[11/28/2005, 15:04:59] - Enabling Automatic Reboot on STOP Error.
[11/28/2005, 15:04:59] - Attempting to Restart via STOP error (Blue Screen!)


About Buster

AboutBuster 5.1, reference file 33
Scan started on [11/28/2005] at [3:13:22 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:14:33 PM


AboutBuster 5.1, reference file 33
Scan started on [11/28/2005] at [3:16:27 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:18:35 PM

Ewido Log

Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@2o7[2].txt
Risk: Medium

Name: Spyware.Cookie.Fastclick
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@fastclick[1].txt
Risk: Medium

Name: Spyware.Cookie.Qksrv
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@qksrv[2].txt
Risk: Medium

Name: Spyware.Cookie.Statcounter
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@statcounter[1].txt
Risk: Medium

Name: Spyware.Cookie.Tribalfusion
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@tribalfusion[2].txt
Risk: Medium

Name: Spyware.CnsMin
Path: HKLM\SOFTWARE\Classes\Interface\{205FF73A-CA67-11D5-99DD-444553540006}
Risk: High

Name: Spyware.CnsMin
Path: HKLM\SOFTWARE\Classes\TypeLib\{205FF72E-CA67-11D5-99DD-444553540006}
Risk: High

Name: Spyware.WebRebates
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins
Risk: High

Name: Spyware.Delfin
Path: HKLM\SOFTWARE\motoin
Risk: High

Name: Spyware.SurfSide
Path: HKLM\SOFTWARE\SurfSideKick2
Risk: High

Name: Spyware.SurfSide
Path: HKLM\SOFTWARE\SurfSideKick2\Internet Explorer
Risk: High

Name: Spyware.Nomeh
Path: C:\Program Files\Oemji\Toolbar\PopupBlocker\OemjiPopupBlocker.exe
Risk: High

Name: Spyware.AzSearch
Path: C:\WINDOWS\SYSTEM32\azesearch4.ocx
Risk: High

Name: Spyware.AzSearch
Path: C:\WINDOWS\SYSTEM32\iasada.dll
Risk: High

Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #4 on: November 29, 2005, 12:21:21 AM »

All these can be removed by Ewido.All the rest of the log is clean and you should be fine now..well done,nice cleanup.


Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@2o7[2].txt
Risk: Medium

Name: Spyware.Cookie.Fastclick
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@fastclick[1].txt
Risk: Medium

Name: Spyware.Cookie.Qksrv
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@qksrv[2].txt
Risk: Medium

Name: Spyware.Cookie.Statcounter
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@statcounter[1].txt
Risk: Medium

Name: Spyware.Cookie.Tribalfusion
Path: C:\Documents and Settings\AF Spec. Productio\Cookies\af spec. productio@tribalfusion[2].txt
Risk: Medium

Name: Spyware.CnsMin
Path: HKLM\SOFTWARE\Classes\Interface\{205FF73A-CA67-11D5-99DD-444553540006}
Risk: High

Name: Spyware.CnsMin
Path: HKLM\SOFTWARE\Classes\TypeLib\{205FF72E-CA67-11D5-99DD-444553540006}
Risk: High

Name: Spyware.WebRebates
Path: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins
Risk: High

Name: Spyware.Delfin
Path: HKLM\SOFTWARE\motoin
Risk: High

Name: Spyware.SurfSide
Path: HKLM\SOFTWARE\SurfSideKick2
Risk: High

Name: Spyware.SurfSide
Path: HKLM\SOFTWARE\SurfSideKick2\Internet Explorer
Risk: High

Name: Spyware.Nomeh
Path: C:\Program Files\Oemji\Toolbar\PopupBlocker\OemjiPopupBlocker.exe
Risk: High

Name: Spyware.AzSearch
Path: C:\WINDOWS\SYSTEM32\azesearch4.ocx
Risk: High

Name: Spyware.AzSearch
Path: C:\WINDOWS\SYSTEM32\iasada.dll
Risk: High

Logged

An Australian Member of

EDDY
scheins
Full Member
***

Karma: +0/-0
Offline Offline

Gender: Female
Posts: 74


Bookmark and Share

View Profile
« Reply #5 on: November 29, 2005, 12:24:47 AM »

thank you for all your help
Logged

scheins
Pancake
Global Moderator
Hero Member
*****

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915


Bookmark and Share

View Profile
« Reply #6 on: November 29, 2005, 12:51:47 AM »

Your welcome.

This thread will now be locked.
Logged

An Australian Member of

EDDY
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page April 06, 2017, 01:17:28 PM