hey..can you help me remove these threats from my computer please...here is the log !!!
Logfile of HijackThis v1.99.1
Scan saved at 3:22:39 PM, on 24/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\cbwmkd.exe
C:\WINDOWS\System32\rkoqk.exe
C:\WINDOWS\System32\rkoqk.exe
C:\WINDOWS\System32\rkoqk.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sahish\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\rkoqk.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,dfuuuic.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [brbekb] C:\WINDOWS\System32\cbwmkd.exe reg_run
O4 - HKLM\..\Run: [brbekb] C:\WINDOWS\System32\cbwmkd.exe reg_run
O4 - Global Startup: ZDWlan.lnk = ?
O4 - Global Startup: tijnq.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: Win32 Classes -
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll
O21 - SSODL: ptOoMSC - {262B15F8-8C81-BF52-3CD3-F5705CAB8DCE} - C:\WINDOWS\System32\cscchc.dll (file missing)
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
Full Version: My computer is INFECTED !!! Need Help PLease
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hello,
I actually don't understand, when you say that your computer is infected, that you don't do any effort to install an antivirus and decent antispywaretools.
It doesn't make any sense that we try to clean up your system if nothing is preventing your system from malware being installed again. No wonder that your system is infected like that.
And I also see that your windows isn't up to date.
You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems... and that is the reason why you are now infected, because, when your windows was up to date, the securitypatches could prevent this.
So, what I want you to do right now is, please update your windows to SP1.
We'll get SP2 later when your system is clean again.
Visit http://windowsupdate.microsoft.com/ to update.
REBOOT afterwards.
When done, install an antivirus and firewall.
AVG, Bitdefender OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decreases the reliability of it seriously!
Zonealarm, Kerio OR Sygate are FREE firewalls.
Understanding and using firewalls
Update your antivirus and let it perform a full scan.
As a sidenote..
Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.
Once you've performed above, perform next..
I see you have the Imageshack Toolbar installed. I do not recommend this toolbar. Reason is, a lot of users already got infected using imageshack. And I am pretty sure that having this toolbar installed won't prevent you from that, on the contrary.
So please uninstall the Imageshack Toolbar and reboot.
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\rkoqk.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,dfuuuic.exe
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O4 - HKLM\..\Run: [brbekb] C:\WINDOWS\System32\cbwmkd.exe reg_run
O4 - HKLM\..\Run: [brbekb] C:\WINDOWS\System32\cbwmkd.exe reg_run
O4 - Global Startup: tijnq.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll
O21 - SSODL: ptOoMSC - {262B15F8-8C81-BF52-3CD3-F5705CAB8DCE} - C:\WINDOWS\System32\cscchc.dll (file missing)
Check next entries if you decided to uninstall the Imageshack toolbar:
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
REBOOT!!
* Clean your Cache and Cookies in IE:
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
I actually don't understand, when you say that your computer is infected, that you don't do any effort to install an antivirus and decent antispywaretools.
It doesn't make any sense that we try to clean up your system if nothing is preventing your system from malware being installed again. No wonder that your system is infected like that.
And I also see that your windows isn't up to date.
You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems... and that is the reason why you are now infected, because, when your windows was up to date, the securitypatches could prevent this.
So, what I want you to do right now is, please update your windows to SP1.
We'll get SP2 later when your system is clean again.
Visit http://windowsupdate.microsoft.com/ to update.
REBOOT afterwards.
When done, install an antivirus and firewall.
AVG, Bitdefender OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decreases the reliability of it seriously!
Zonealarm, Kerio OR Sygate are FREE firewalls.
Understanding and using firewalls
Update your antivirus and let it perform a full scan.
As a sidenote..
Your system is terribly infected. Problem with these infections nowadays is, it causes a lot of damage. Even if we clean the malware off your system, I can't guarantee that your system will be clean afterwards, because these infections/bundles leave a lot of leftovers behind that most scanners won't even recognise and logs won't show.
Also, I can't promise you we can repair all the damage it caused... Even after cleaning the malware, you can still get errors afterwards because of the damage. Solving these is not always possible since it will be searching for a needle in a haystack to find the right cause and solution.
So, we can try to clean this up and do what we can, but keep in mind that we can't solve ALL problems this malware already caused.
Once you've performed above, perform next..
I see you have the Imageshack Toolbar installed. I do not recommend this toolbar. Reason is, a lot of users already got infected using imageshack. And I am pretty sure that having this toolbar installed won't prevent you from that, on the contrary.
So please uninstall the Imageshack Toolbar and reboot.
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\rkoqk.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,dfuuuic.exe
O2 - BHO: Acrobat IE Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE083} - C:\WINDOWS\system\ctldlg32.dll
O4 - HKLM\..\Run: [brbekb] C:\WINDOWS\System32\cbwmkd.exe reg_run
O4 - HKLM\..\Run: [brbekb] C:\WINDOWS\System32\cbwmkd.exe reg_run
O4 - Global Startup: tijnq.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {00000000-0000-0000-0000-000020050660} - http://207.234.185.217/ABoxInst_int15.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} - http://advnt01.com/dialer/int_ver34.CAB
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll
O21 - SSODL: ptOoMSC - {262B15F8-8C81-BF52-3CD3-F5705CAB8DCE} - C:\WINDOWS\System32\cscchc.dll (file missing)
Check next entries if you decided to uninstall the Imageshack toolbar:
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
REBOOT!!
* Clean your Cache and Cookies in IE:
- Close all instances of Outlook Express and Internet Explorer
- Go to Control Panel > Internet Options > General tab
- Click the "Delete Cookies" button
- Next to it, Click the "Delete Files" button
- When prompted, place a check in: "Delete all offline content", click OK
- Go to Tools > Options.
- Click Privacy in the menu on the left side of the Options window.
- Click the Clear button located to the right of each option (History, Cookies, Cache).
- Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.
- Go to start > run and type: cleanmgr and click ok.
- Let it scan your system for files to remove.
- Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
- Press OK to remove them.
- Load Ewido and then click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Then click on the Scanner tab at the top. Click the "Settings" tab and then change the recommended action to Quarantine and click Automatically generate report after every scan. Click back to the "Scan" tab and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
- Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
- Close Ewido and reboot!!
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished and after reboot, it should open a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog and the log from Ewido.
Hey once again....i did everything you told me...updated to sp1....scanned basically everything !!! However, i ran into a little problem when i was trying to run combofix...it runs i followed the instructions but then suddenly after few seconds the window disappears..i didn't click on the window either....so i do not have the log file for that !!! here is the log file for the other two you requested.
Logfile of HijackThis v1.99.1
Scan saved at 5:50:29 PM, on 25/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\sahish\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gbcjola.exe (file missing)
************
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:10:37 PM 25/07/2006
+ Scan result:
C:\WINDOWS\thiselt.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004276.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nsn56B.dll -> Adware.Ezula : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-1078145449-854245398-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-1078145449-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-1078145449-854245398-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\System32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lvnm0951e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004326.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004340.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004282.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004341.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004279.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004280.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004281.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP16\A0001721.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004288.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004332.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C3B5D7.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\D0F5D3.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E6C5D5.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E7C5D4.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\F5E5D6.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004272.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\System32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C0F560.tmp/bdpn.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C3B5D7.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\D0F5D3.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E6C5D5.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E7C5D4.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\F5E5D6.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004284.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004285.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\hvzead7v.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\i577.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\i57F.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004343.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004246.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004263.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004301.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004320.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004321.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004349.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP38\A0013774.DLL -> Backdoor.Agent.adr : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{0F1C0490-20F6-4CA9-A9FC-5265CC79FC7C}\RP79\A0028908.exe -> Backdoor.Iroffer.1228 : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{78E1496F-8143-4A95-B669-4D1DFFA27345}\RP8\A0000288.exe -> Backdoor.Iroffer.1228 : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dlh9jkdq7.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP24\A0010857.exe -> Downloader.Tibs.gc : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx -> Dropper.PurityScan.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004257.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP24\A0013086.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C0F560.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\ICD1.tmp\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP18\A0002878.exe -> Not-A-Virus.HackTool.Win32.Xray.a : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{0F1C0490-20F6-4CA9-A9FC-5265CC79FC7C}\RP79\A0028900.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{78E1496F-8143-4A95-B669-4D1DFFA27345}\RP8\A0000293.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{0F1C0490-20F6-4CA9-A9FC-5265CC79FC7C}\RP79\A0028904.bat -> Trojan.NoShare.q : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C0F560.tmp/xd7ehbkw.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 5:50:29 PM, on 25/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\sahish\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\gbcjola.exe (file missing)
************
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:10:37 PM 25/07/2006
+ Scan result:
C:\WINDOWS\thiselt.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004276.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nsn56B.dll -> Adware.Ezula : Cleaned with backup (quarantined).
C:\Program Files\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-1078145449-854245398-1003\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-1078145449-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-1606980848-1078145449-854245398-1003\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\System32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lvnm0951e.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004326.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004340.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\SHNT288.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004282.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004341.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004279.DLL -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004280.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004281.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP16\A0001721.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004288.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004332.exe -> Adware.RK : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C3B5D7.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\D0F5D3.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E6C5D5.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E7C5D4.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\F5E5D6.tmp/mptft.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004272.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\System32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C0F560.tmp/bdpn.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C3B5D7.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\D0F5D3.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E6C5D5.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\E7C5D4.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\F5E5D6.tmp/ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004284.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004285.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ahnciup.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\hvzead7v.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\i577.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\i57F.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004343.dll -> Adware.SurfSide : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004246.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004263.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004301.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004320.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004321.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004349.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP38\A0013774.DLL -> Backdoor.Agent.adr : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{0F1C0490-20F6-4CA9-A9FC-5265CC79FC7C}\RP79\A0028908.exe -> Backdoor.Iroffer.1228 : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{78E1496F-8143-4A95-B669-4D1DFFA27345}\RP8\A0000288.exe -> Backdoor.Iroffer.1228 : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dlh9jkdq7.exe -> Downloader.Small.dht : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP24\A0010857.exe -> Downloader.Tibs.gc : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MediaTicketsInstaller.ocx -> Dropper.PurityScan.ae : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP20\A0004257.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP24\A0013086.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C0F560.tmp/mptft.exe -> Hijacker.StartPage.ajj : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\ICD1.tmp\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{5A552F0B-C1DE-4F6F-A34D-DB1C4DD11042}\RP18\A0002878.exe -> Not-A-Virus.HackTool.Win32.Xray.a : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{0F1C0490-20F6-4CA9-A9FC-5265CC79FC7C}\RP79\A0028900.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{78E1496F-8143-4A95-B669-4D1DFFA27345}\RP8\A0000293.exe -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{0F1C0490-20F6-4CA9-A9FC-5265CC79FC7C}\RP79\A0028904.bat -> Trojan.NoShare.q : Cleaned with backup (quarantined).
C:\Documents and Settings\sahish\Local Settings\Temp\C0F560.tmp/xd7ehbkw.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
::Report end
Hello,
Unfortunately I can't see you updated to SP1 as you said in your previous post..
Concerning combofix, can you look if there's a combofix.txt on your C:\ ?
Also perform next...
Go to start > run and copy and paste next command in the field:
sc delete "Windows Overlay Components"
Hit enter.
Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
I need that log later.
Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply together with the combofix log, a new hijackthislog and the log from blacklight
Unfortunately I can't see you updated to SP1 as you said in your previous post..
Concerning combofix, can you look if there's a combofix.txt on your C:\ ?
Also perform next...
Go to start > run and copy and paste next command in the field:
sc delete "Windows Overlay Components"
Hit enter.
Download and Save blacklight to your desktop.
F-Secure Blacklight: https://europe.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
I need that log later.
Please perform this online scan: Kaspersky Webscan
1. Read the Requirements and Privacy statement, then select "Accept"
2. A dialogue box will appearing asking "Do you want to install this software?" Name: kavwebscan_unicode.cab
3. Select "Install" to download the ActiveX controls that allows ActiveScan to run.
4. If running MSAS beta you may receive an alert that an IE ActiveX program requires your approval. Click "Allow"
5. When the download is complete it will say ready, click "Next"
6. Select a target to scan: Click on "My Computer"
7. When the scan is complete choose to save the results as "Save as Text"
8. Post the Kaspersky scan results in your next reply together with the combofix log, a new hijackthislog and the log from blacklight
hey..
when i try to run the backlight beta...i get an error message saying
F-secure Backlight could not acquire neccessary privileges (SeDebugPrivilege)
- your computer setting may prevent aquiring these Privileges
- A malicious program might have disabled these privileges.
I am not sure whats wrong here..but i did turn off/exited the anti-spyware programs :S
when i try to run the backlight beta...i get an error message saying
F-secure Backlight could not acquire neccessary privileges (SeDebugPrivilege)
- your computer setting may prevent aquiring these Privileges
- A malicious program might have disabled these privileges.
I am not sure whats wrong here..but i did turn off/exited the anti-spyware programs :S
Ok, perform next first..
Download next tool to your desktop:
http://download.bleepingcomputer.com/sUBs/...bug-Restore.exe
Doubleclick SeDebug-Restore.exe and let it run.
Reboot afterwards. Important.
Then try blacklight again.
Download next tool to your desktop:
http://download.bleepingcomputer.com/sUBs/...bug-Restore.exe
Doubleclick SeDebug-Restore.exe and let it run.
Reboot afterwards. Important.
Then try blacklight again.
Here are the logs from the backlight scan...highjackthis...combofix...and the Kaspersky Webscan i wasnt able to open the link therefore i couldnt give it a scan :S
Logfile of HijackThis v1.99.1
Scan saved at 11:12:38 AM, on 27/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sahish\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
************
07/27/06 11:08:36 [Info]: BlackLight Engine 1.0.42 initialized
07/27/06 11:08:36 [Info]: OS: 5.1 build 2600 ()
07/27/06 11:08:37 [Note]: 7019 4
07/27/06 11:08:37 [Note]: 7005 0
07/27/06 11:08:41 [Note]: 7006 0
07/27/06 11:08:41 [Note]: 7011 1964
07/27/06 11:08:41 [Note]: 7026 0
07/27/06 11:08:41 [Note]: 7026 0
07/27/06 11:08:57 [Note]: FSRAW library version 1.7.1019
07/27/06 11:09:39 [Note]: 7007 0
*********
for combofix i found the txt in c: like you said but the results seem wierd...!!! I only got 2 lines in the results
Start Time= 25/07/2006 17:32:22.07
Running from: C:\Documents and Settings\sahish\Desktop
Logfile of HijackThis v1.99.1
Scan saved at 11:12:38 AM, on 27/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ZyDAS\ZD1211 802.11g Utility\ZDWlan.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sahish\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: ZDWlan.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
************
07/27/06 11:08:36 [Info]: BlackLight Engine 1.0.42 initialized
07/27/06 11:08:36 [Info]: OS: 5.1 build 2600 ()
07/27/06 11:08:37 [Note]: 7019 4
07/27/06 11:08:37 [Note]: 7005 0
07/27/06 11:08:41 [Note]: 7006 0
07/27/06 11:08:41 [Note]: 7011 1964
07/27/06 11:08:41 [Note]: 7026 0
07/27/06 11:08:41 [Note]: 7026 0
07/27/06 11:08:57 [Note]: FSRAW library version 1.7.1019
07/27/06 11:09:39 [Note]: 7007 0
*********
for combofix i found the txt in c: like you said but the results seem wierd...!!! I only got 2 lines in the results
Start Time= 25/07/2006 17:32:22.07
Running from: C:\Documents and Settings\sahish\Desktop
Strange about combofix.
Your hijackthislog looks clean again, but I still want results from an online scan though, because since your Windows is unpatched, I guess there is a LOT more going on.
Perform next first..
* Download: Hoster
Unzip hoster to an own folder, eg C:\Hoster
Start Hoster.exe, click 'Restore Original Hosts' and click OK.
Then try the Kaspersky online scan again.
If that doesn't work, try the F-Secure online:
* Click here to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
Then run combofix again.
Your hijackthislog looks clean again, but I still want results from an online scan though, because since your Windows is unpatched, I guess there is a LOT more going on.
Perform next first..
* Download: Hoster
Unzip hoster to an own folder, eg C:\Hoster
Start Hoster.exe, click 'Restore Original Hosts' and click OK.
Then try the Kaspersky online scan again.
If that doesn't work, try the F-Secure online:
* Click here to use the F-Secure Online Scanner
It's explained there with images how to allow the ActiveX to start the scan, so read that first.
- Then click the F-Secure Online Scanner Next Generation Beta link.
- Once the ActiveX is installed, you should accept the License terms by clicking OK below to start the scan.
- Click the Full System Scan button.
- It will start to download scanner components and databases. This can take a while.
- The main scan will start.
- Once the scan finished scanning, click the Automatic cleaning (recommended) button
- It could be possible that your firewall gives an alert - allow it, because that's a connection you establish to submit infected files to F-Secure.
- The cleaning can take a while, so please be patient.
- Then click the Show report button and copy and paste what's present under results in your next reply.
Then run combofix again.
hello,
i recieve the following error everytime i try to open a program.Error: Windows cannot access the specified device path, or file.....it seems like most of the programs on my computer are infected...i am not able to open many of them...here is my log file
Logfile of HijackThis v1.99.1
Scan saved at 9:18:12 PM, on 8/7/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acesoft\Internet History Eraser\heraser.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Documents and Settings\Bhavu\Desktop\TheUpload[1].com_-_00047898_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Backup\EXEFIL~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Backup\EXEFIL~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\sbnet\ShowBehind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [History Clean - 2.0] D:\Backup\EXE Files\History Clean\HistoryClean.exe m
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet
O4 - HKCU\..\Run: [Steam] "D:\Backup\Steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] D:\Backup\EXEFIL~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet History Eraser] C:\Program Files\Acesoft\Internet History Eraser\heraser.exe min
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Startup: CommandLink Communicator.lnk = C:\Program Files\Quick Warehouse\Quick-Trak\Inventory Pro\Database\CommandLink Communicator\CLCommunicator.exe
O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: FriendFinder Messenger.lnk = D:\Backup\EXE Files\FFIMC.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Backup\EXEFIL~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150686359764
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
i recieve the following error everytime i try to open a program.Error: Windows cannot access the specified device path, or file.....it seems like most of the programs on my computer are infected...i am not able to open many of them...here is my log file
Logfile of HijackThis v1.99.1
Scan saved at 9:18:12 PM, on 8/7/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
C:\WINDOWS\System32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Acesoft\Internet History Eraser\heraser.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Documents and Settings\Bhavu\Desktop\TheUpload[1].com_-_00047898_HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ca.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\Backup\EXEFIL~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\Backup\EXEFIL~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ShowBehind] C:\WINDOWS\sbnet\ShowBehind.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [History Clean - 2.0] D:\Backup\EXE Files\History Clean\HistoryClean.exe m
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE -quiet
O4 - HKCU\..\Run: [Steam] "D:\Backup\Steam.exe" -silent
O4 - HKCU\..\Run: [Spyware Doctor] D:\Backup\EXEFIL~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet History Eraser] C:\Program Files\Acesoft\Internet History Eraser\heraser.exe min
O4 - HKCU\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE
O4 - Startup: CommandLink Communicator.lnk = C:\Program Files\Quick Warehouse\Quick-Trak\Inventory Pro\Database\CommandLink Communicator\CLCommunicator.exe
O4 - Startup: Corel Registration.lnk = C:\Program Files\Corel\Graphics9\Register\Remind32.exe
O4 - Startup: FriendFinder Messenger.lnk = D:\Backup\EXE Files\FFIMC.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Reader\reader_sl.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\Backup\EXEFIL~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesca.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.2.0.84.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1150686359764
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: Pml Driver HPZ12 - Unknown owner - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Everstrike Software\Universal Shield 3.1\US30Service.exe
hello my computer is infected with multiple viruses please help me remove them...i had created a post a while back but there was no reply....here is my log file !!
Logfile of HijackThis v1.99.1
Scan saved at 5:26:48 PM, on 8/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Backup\Steam.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Documents and Settings\Bhavu\Desktop\virus tools\TheUpload[1].com_-_00047898_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Steam] "C:\Backup\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155414299030
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:26:48 PM, on 8/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Backup\Steam.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Documents and Settings\Bhavu\Desktop\virus tools\TheUpload[1].com_-_00047898_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Steam] "C:\Backup\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155414299030
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
Click here: http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.
hey i already have sp1 installed :S...i tried to update it again to make sure and i get an error saying service pack 1 setup canceled...some netsetup.exe if being used by another program .... neways here is my logfile
Logfile of HijackThis v1.99.1
Scan saved at 12:04:47 AM, on 8/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bhavu\Desktop\virus tools\TheUpload[1].com_-_00047898_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Steam] "C:\Backup\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155414299030
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:04:47 AM, on 8/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\LogMeIn\RaMaint.exe
C:\Program Files\LogMeIn\LogMeIn.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Bhavu\Desktop\virus tools\TheUpload[1].com_-_00047898_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Steam] "C:\Backup\Steam.exe" -silent
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155414299030
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\LogMeIn.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
SP1 is not installed... 
hi my computer is infected really badly...i have sp1 installed not sp2 because i have pirated version....and norton antivirus sucks just freezes the computer...i really need your help...here is the log...
Logfile of HijackThis v1.99.1
Scan saved at 5:32:40 PM, on 9/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\LogMeIn\RaMaint.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acesoft\Internet History Eraser\heraser.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Documents and Settings\Bhavu\Desktop\virus tools\TheUpload[1].com_-_00047898_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:32:40 PM, on 9/11/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\LogMeIn\RaMaint.exe
D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Acesoft\Internet History Eraser\heraser.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Program Files\LogMeIn\LogMeInSystray.exe
C:\Program Files\LogMeIn\LogMeIn.exe
C:\Documents and Settings\Bhavu\Desktop\virus tools\TheUpload[1].com_-_00047898_HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Acesoft - C:\Program Files\Acesoft\Internet History Eraser\delautocomp.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\RaMaint.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - D:\Backup\EXE Files\Spyware Doctor\sdhelp.exe
This is the 4th topic you have started now wanting someone to look at your Hijackthis Log and fix your computer. I don't mean to sound ugly, but we really can't do that anymore because without the Windows Critical Security Updates, you are going to just keep getting your PC infected. That is because today's nasties use the latest exploits against unpatched systems. If you can't secure your operating system, then we can't keep trying to fix it.
I'm going to merge all of these threads into one and put them in the archive (read only). If you are able to get a legal copy of Windows installed and get all the critical security updates, you should not have a problem.
Thanks for understanding. There is not much we can do when you have a leaky boat that can't be patched and it continues to sink. Please do not post any more HijackThis logs.
I'm going to merge all of these threads into one and put them in the archive (read only). If you are able to get a legal copy of Windows installed and get all the critical security updates, you should not have a problem.
Thanks for understanding. There is not much we can do when you have a leaky boat that can't be patched and it continues to sink. Please do not post any more HijackThis logs.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.