• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
Chris Z

WinAntivirusPro removal

15 posts in this topic

I'll just skip all of my frustration and just post my HijackThis Log.

 

Edit: Log removed, updated log below. If you want to see the older one, just ask and I'll repost it.

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Here's my updated HijackThis Logfile:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 12:51:46 PM, on 6/8/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

F:\Program Files\xampp\apache\bin\apache.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

F:\Program Files\xampp\apache\bin\apache.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Link\Air Utility\AirCFG.exe

C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\PHP Designer 2007\phpdesigner2007.exe

E:\Program Files\FileZilla\FileZilla.exe

c:\program files\aim6\anotify.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

F:\Software Installed on Computer on and after May 20\HiJackThis_v2(2).exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {B5A2FE0A-844B-4EE9-A3D1-474B44E0496C} - C:\WINDOWS\system32\iifcdby.dll

O2 - BHO: (no name) - {BAC93631-C81A-446B-9D05-35DF556CD7C4} - C:\WINDOWS\system32\ddccb.dll

O2 - BHO: (no name) - {E12BFF69-38A7-406e-A8EF-2738107A7831} - C:\WINDOWS\system32\ipcaklin.dll

O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe

O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\ugsfebft.dll",realset

O4 - HKLM\..\Run: [j9291834] rundll32 C:\WINDOWS\system32\j9291834.dll sook

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll

O20 - Winlogon Notify: iifcdby - C:\WINDOWS\SYSTEM32\iifcdby.dll

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apache2 - Apache Software Foundation - F:\Program Files\xampp\apache\bin\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - F:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 8532 bytes

Share this post


Link to post
Share on other sites

Hi,

 

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt.

Next:

 

1. Download this file - ComboFix

2. Double click combofix.exe & follow the prompts.

3. When finished, it will produce a log for you. Post that log in your next reply

 

Note:

Do not mouseclick combofix's window whilst it's running. That may cause it to stall

 

jedi

Share this post


Link to post
Share on other sites

VundoFix's Log:

VundoFix V6.5.0

 

Checking Java version...

 

Java version is 1.5.0.3

Old versions of java are exploitable and should be removed.

 

Scan started at 10:10:30 PM 6/10/2007

 

Listing files found while scanning....

 

C:\windows\system32\bccdd.bak1

C:\WINDOWS\system32\bccdd.bak2

C:\WINDOWS\system32\bccdd.ini

C:\WINDOWS\system32\ddccb.dll

C:\windows\system32\ghhkj.ini

C:\WINDOWS\system32\iifcdby.dll

C:\windows\system32\jkhhg.dll

C:\WINDOWS\system32\jtvjfynf.dll

C:\WINDOWS\system32\qrvhntlb.dll

C:\WINDOWS\system32\ugsfebft.dll

C:\windows\system32\vturr.dll

 

Beginning removal...

 

Attempting to delete C:\windows\system32\bccdd.bak1

C:\windows\system32\bccdd.bak1 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bccdd.bak2

C:\WINDOWS\system32\bccdd.bak2 Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\bccdd.ini

C:\WINDOWS\system32\bccdd.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\ddccb.dll

C:\WINDOWS\system32\ddccb.dll Has been deleted!

 

Attempting to delete C:\windows\system32\ghhkj.ini

C:\windows\system32\ghhkj.ini Has been deleted!

 

Attempting to delete C:\WINDOWS\system32\iifcdby.dll

C:\WINDOWS\system32\iifcdby.dll Could not be deleted.

 

Attempting to delete C:\windows\system32\jkhhg.dll

C:\windows\system32\jkhhg.dll Has been deleted!

 

Attempting to delete C:\windows\system32\vturr.dll

C:\windows\system32\vturr.dll Has been deleted!

 

Performing Repairs to the registry.

Done!

 

ComboFix's Log:

ComboFix 07-06-11.3 - F:\Software Installed on Computer on and after May 20\ComboFix.exe

"Owner" - 2007-06-10 22:51:50 - Service Pack 2 NTFS

 

 

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

C:\WINDOWS\system32\iifcdby.dll

C:\WINDOWS\system32\qpqss.bak1

C:\WINDOWS\system32\qpqss.bak2

C:\WINDOWS\system32\qpqss.ini

 

 

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

 

 

((((((((((((((((((((((((( Files Created from 2007-05-11 to 2007-06-11 )))))))))))))))))))))))))))))))

 

 

2007-06-10 22:51 49,152 --a------ C:\WINDOWS\nircmd.exe

2007-06-10 22:21 <DIR> d-------- C:\Program Files\VundoFix

2007-06-10 22:10 <DIR> d-------- C:\VundoFix Backups

2007-06-09 06:01 <DIR> d-------- C:\WINDOWS\system32\LogFiles

2007-06-08 15:53 <DIR> d-------- C:\Program Files\Last.fm

2007-06-06 22:45 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Joost

2007-06-06 22:44 <DIR> d-------- C:\Program Files\Joost

2007-06-05 21:12 <DIR> d-------- C:\Program Files\FileZilla Password Recovery

2007-06-04 20:44 <DIR> d-------- C:\WINDOWS\pss

2007-06-04 15:01 <DIR> d-------- C:\Program Files\SpywareBlaster

2007-06-04 10:42 <DIR> d-------- C:\Program Files\Lavasoft

2007-06-04 10:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft

2007-06-04 10:30 <DIR> d-------- C:\Program Files\Viewpoint

2007-06-03 17:58 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\com.arpitonline.DiggGraphrDesktop

2007-06-03 17:57 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DLite

2007-06-03 17:27 <DIR> d-------- C:\DOCUME~1\Owner\Program Files

2007-06-03 17:26 <DIR> d-------- C:\Program Files\Common Files\Adobe Apollo

2007-05-29 10:00 <DIR> d-------- C:\Program Files\WUSB11 WLAN Monitor

2007-05-29 09:49 61,440 --a------ C:\WINDOWS\system32\W32N50.DLL

2007-05-29 09:49 40,960 --a------ C:\WINDOWS\system32\IsUser11b.dll

2007-05-29 09:49 16,292 --a------ C:\WINDOWS\system32\PCANDIS5.SYS

2007-05-29 09:49 16,112 --a------ C:\WINDOWS\system32\PCANDIS4.SYS

2007-05-29 09:42 72,576 -ra------ C:\WINDOWS\system32\drivers\netusbxp.sys

2007-05-28 21:52 <DIR> d-------- C:\WINDOWS\vbSkinner

2007-05-28 21:51 <DIR> d-------- C:\Program Files\PFConfig

2007-05-28 19:35 <DIR> d-------- C:\Program Files\No-IP

2007-05-28 16:40 <DIR> d-------- C:\Program Files\DynDNS Updater

2007-05-28 16:40 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Kana Solution

2007-05-28 09:22 178,408 --a------ C:\WINDOWS\system32\muweb.dll

2007-05-28 09:22 127,208 --a------ C:\WINDOWS\system32\mucltui.dll

2007-05-27 22:41 <DIR> d-------- C:\Program Files\AOL Games

2007-05-27 22:41 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia

2007-05-27 19:50 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll

2007-05-27 19:50 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll

2007-05-27 19:50 450,336 --a------ C:\WINDOWS\system32\drivers\A3AB.sys

2007-05-27 19:50 368,640 --a------ C:\WINDOWS\system32\ANIWZCS2.dll

2007-05-27 19:50 24,576 --a------ C:\WINDOWS\system32\DWLInst.dll

2007-05-27 19:50 221,184 --a------ C:\WINDOWS\system32\wlanapi.dll

2007-05-27 19:50 212,992 --a------ C:\WINDOWS\system32\aIPH.dll

2007-05-27 19:50 143,360 --a------ C:\WINDOWS\system32\WlanApp.dll

2007-05-27 19:50 1,323,095 --a------ C:\WINDOWS\system32\odSupp_M.dll

2007-05-27 19:50 <DIR> d-------- C:\Program Files\ANI

2007-05-27 16:56 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys

2007-05-27 15:57 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller

2007-05-27 15:55 <DIR> d-------- C:\Program Files\Windows Live

2007-05-27 15:55 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

2007-05-27 08:13 <DIR> d-------- C:\DOCUME~1\Owner\.housecall6.6

2007-05-26 14:39 <DIR> d-------- C:\Program Files\Common Files\xing shared

2007-05-26 14:38 <DIR> d-------- C:\Program Files\Real

2007-05-26 14:38 <DIR> d-------- C:\Program Files\Common Files\Real

2007-05-26 14:35 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\Real

2007-05-24 06:42 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!

2007-05-23 16:16 <DIR> d-------- C:\WINDOWS\Performance

2007-05-23 16:16 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor

2007-05-23 16:16 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation

2007-05-23 15:42 <DIR> d-------- C:\Program Files\Messenger Plus! Live

2007-05-22 15:37 <DIR> d-------- C:\Program Files\CCleaner

2007-05-22 14:32 69,632 -ra------ C:\WINDOWS\Alcmtr.exe

2007-05-19 15:48 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy

2007-05-17 13:09 51,568 --a------ C:\WINDOWS\system32\sirenacm.dll

2007-05-15 21:29 <DIR> d--h----- C:\WINDOWS\PIF

2007-05-15 07:48 <DIR> d-------- C:\Program Files\Paint.NET

2007-05-14 17:37 112,384 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys

2007-05-14 12:49 9,472 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2007-05-14 11:26 6,272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys

 

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

 

2007-06-08 21:57:33 -------- d-----w C:\Program Files\PHP Designer 2007

2007-06-06 17:57:13 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Canon

2007-06-04 15:30:40 -------- d-----w C:\Program Files\AIM6

2007-05-29 15:00:53 -------- d--h--w C:\Program Files\InstallShield Installation Information

2007-05-28 00:50:01 -------- d-----w C:\Program Files\D-Link

2007-05-27 21:04:22 -------- d-----w C:\Program Files\MSN Messenger

2007-05-27 12:27:04 -------- d-----w C:\Program Files\Microsoft IntelliPoint

2007-05-26 19:44:40 1,326 ----a-w C:\WINDOWS\mozver.dat

2007-05-23 21:26:40 -------- d-----w C:\Program Files\SpeedFan

2007-05-22 19:54:39 -------- d--h--w C:\DOCUME~1\Owner\APPLIC~1\Move Networks

2007-05-22 19:32:06 -------- d-----w C:\Program Files\Realtek

2007-05-17 21:52:42 -------- d-----w C:\Program Files\7-Zip

2007-05-06 21:43:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\ScanSoft

2007-05-06 21:43:09 -------- d-----w C:\Program Files\Common Files\ScanSoft Shared

2007-05-06 21:42:42 -------- d-----w C:\Program Files\ScanSoft

2007-05-06 21:36:31 -------- d-----w C:\Program Files\ArcSoft

2007-05-06 21:35:30 -------- d-----w C:\Program Files\Canon

2007-05-06 19:44:20 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\PHP Designer 2007

2007-05-06 18:46:23 -------- d-----w C:\Program Files\PrintKey2000

2007-05-06 18:29:10 45,672 ----a-w C:\WINDOWS\uptime.exe

2007-05-06 03:33:55 -------- d-----w C:\Program Files\Common Files\Macrovision Shared

2007-05-06 03:33:10 -------- d-----w C:\Program Files\Bonjour

2007-05-02 11:04:10 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Viewpoint

2007-05-02 00:27:57 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Apple Computer

2007-05-02 00:22:09 -------- d-----w C:\Program Files\QuickTime

2007-05-02 00:21:21 -------- d-----w C:\Program Files\Apple Software Update

2007-05-01 21:58:27 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\stardevelop.com

2007-05-01 21:54:55 -------- d-----w C:\Program Files\Live Help Messenger

2007-04-30 01:21:17 -------- d-----w C:\Program Files\KMPlayer

2007-04-30 00:38:03 -------- d-----w C:\Program Files\DivX

2007-04-30 00:35:02 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\DivX

2007-04-30 00:33:37 -------- d-----w C:\Program Files\Google

2007-04-26 03:24:37 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\Azureus

2007-04-25 21:32:11 -------- d-----w C:\Program Files\Windows Media Connect 2

2007-04-24 12:18:59 -------- d-----w C:\Program Files\Messenger

2007-04-24 12:11:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll

2007-04-24 12:11:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll

2007-04-23 22:35:08 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\acccore

2007-04-23 22:32:20 -------- d-----w C:\Program Files\Common Files\AOL

2007-04-23 22:18:04 -------- d-----w C:\Program Files\Microsoft IntelliType Pro

2007-04-23 22:13:14 -------- d-----w C:\Program Files\Microsoft ActiveSync

2007-04-23 21:20:34 335 ----a-w C:\WINDOWS\nsreg.dat

2007-04-23 21:16:01 315,392 ----a-w C:\WINDOWS\HideWin.exe

2007-04-23 21:15:46 -------- d-----w C:\Program Files\Movie Maker

2007-04-23 21:13:52 -------- d-----w C:\Program Files\Windows NT

2007-04-23 21:12:07 -------- d-----w C:\Program Files\S3

2007-04-23 21:11:28 -------- d-----w C:\Program Files\Common Files\InstallShield

2007-04-23 21:08:16 -------- d-----w C:\DOCUME~1\Owner\APPLIC~1\MSN6

2007-04-23 21:07:08 -------- d-----w C:\Program Files\Alpha Networks

2007-04-23 20:57:14 -------- d-----w C:\Program Files\microsoft frontpage

2007-04-23 20:57:10 0 --sha-r C:\MSDOS.SYS

2007-04-23 20:57:10 0 --sha-r C:\IO.SYS

2007-04-23 20:57:10 0 ----a-w C:\CONFIG.SYS

2007-04-23 20:57:10 0 ----a-w C:\AUTOEXEC.BAT

2007-04-23 20:56:15 -------- d-----w C:\Program Files\Online Services

2007-04-23 20:55:33 -------- d-----w C:\Program Files\Common Files\MSSoap

2007-04-23 20:55:16 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat

2007-04-23 20:54:47 -------- d--h--w C:\Program Files\WindowsUpdate

2007-04-23 20:54:39 -------- d-----w C:\Program Files\MSN Gaming Zone

2007-04-23 07:58:05 -------- d-----w C:\Program Files\Common Files\ODBC

2007-04-23 07:58:03 -------- d-----w C:\Program Files\Common Files\SpeechEngines

2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll

2007-04-13 20:19:52 7,680 ----a-w C:\WINDOWS\system32\lsdelete.exe

2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll

 

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

 

 

*Note* empty entries & legit default entries are not shown

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

{53707962-6F74-2D53-2644-206D7942484F}=C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 01:04]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 20:33]

{C3E75524-BACC-4102-9D8E-1B307944379E}=C:\WINDOWS\system32\ddccb.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"D-Link Air Utility"="C:\Program Files\D-Link\Air Utility\AirCFG.exe" [2003-09-23 18:04]

"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12]

"VTTimer"="VTTimer.exe" [2006-08-03 15:53 C:\WINDOWS\system32\VTTimer.exe]

"S3Trayp"="S3trayp.exe" [2006-07-11 03:33 C:\WINDOWS\system32\S3Trayp.exe]

"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 03:51]

"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 03:50]

"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 15:03 C:\WINDOWS\RTHDCPL.exe]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-04-24 15:43]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]

"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 11:00]

"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-26 14:38]

"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-03-18 04:34]

"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 17:49]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-05-17 13:11]

"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 16:17]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"NoDispAppearancePage"=0 (0x0)

"NoColorChoice"=0 (0x0)

"NoSizeChoice"=0 (0x0)

"NoDispBackgroundPage"=0 (0x0)

"NoDispScrSavPage"=0 (0x0)

"NoDispCPL"=0 (0x0)

"NoVisualStyleChoice"=0 (0x0)

"NoDispSettingsPage"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoActiveDesktopChanges"=0 (0x0)

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSaveSettings"=0 (0x0)

"NoThemesTab"=0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SkyTel"=SkyTel.EXE

"Alcmtr"=ALCMTR.EXE

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

AutoRun\command- K:\Setup.exe

 

 

Contents of the 'Scheduled Tasks' folder

2007-05-26 22:26:01 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

 

**************************************************************************

 

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net

Rootkit scan 2007-06-10 22:57:56

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

**************************************************************************

 

Completion time: 2007-06-10 22:59:40 - machine was rebooted

C:\ComboFix-quarantined-files.txt ... 2007-06-10 22:59

 

--- E O F ---

Share this post


Link to post
Share on other sites

Hi again,

 

Good, that looks better, can you please post a fresh HiJackThis log. (No need to put it in a quote box, just paste the log straight into 'Add Reply', it's easier to read that way. Thanks).

 

jedi

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 7:58:38 AM, on 6/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

F:\Program Files\xampp\apache\bin\apache.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

F:\Program Files\xampp\apache\bin\apache.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Link\Air Utility\AirCFG.exe

C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\msiexec.exe

F:\Software Installed on Computer on and after May 20\HiJackThis_v2(2).exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {C3E75524-BACC-4102-9D8E-1B307944379E} - C:\WINDOWS\system32\ddccb.dll (file missing)

O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe

O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apache2 - Apache Software Foundation - F:\Program Files\xampp\apache\bin\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - F:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 7947 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

Scan with HiJackThis and put a check in the box next to the following items;

 

O2 - BHO: (no name) - {C3E75524-BACC-4102-9D8E-1B307944379E} - C:\WINDOWS\system32\ddccb.dll (file missing)

 

Close all browsers and windows, click on ‘fix selected’ and allow HJT to fix these entries.

 

Restart.

 

Scan again with HJT, (with all browsers and windows closed) and post the new log in this thread.

 

jedi

Share this post


Link to post
Share on other sites

All right, so I did what you asked me to and here are the results:

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 9:50:15 AM, on 6/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

F:\Program Files\xampp\apache\bin\apache.exe

C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

F:\Program Files\xampp\apache\bin\apache.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\D-Link\Air Utility\AirCFG.exe

C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Microsoft IntelliType Pro\type32.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\PROGRA~1\Grisoft\AVG7\avgw.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

E:\Program Files\FileZilla\FileZilla.exe

C:\Program Files\PHP Designer 2007\phpdesigner2007.exe

C:\WINDOWS\system32\msiexec.exe

F:\Software Installed on Computer on and after May 20\HiJackThis_v2(2).exe

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe

O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe

O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe

O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab57176.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe

O23 - Service: Apache2 - Apache Software Foundation - F:\Program Files\xampp\apache\bin\apache.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe

O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - F:\Program Files\xampp\FileZillaFTP\FileZillaServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 8050 bytes

Share this post


Link to post
Share on other sites

Hi again,

 

OK, your log looks clean. How's your PC running now?

 

jedi

Share this post


Link to post
Share on other sites

Well I haven't seen any popups today, so I think I'm good for now. :) What anti-malware/adware/spyware, etc. programs do you think I should have? I've got (so far) AdAware 2007 beta, AVG 7.5, Spyware Blaster, Spybot S&D, and AdWatch 2007 Beta. Anything else I should have or anything that should be removed?

Share this post


Link to post
Share on other sites

I can't see a firewall on your PC. Windows firewall is of limited use, it only blocks incoming, not outgoing. This article has a selection of free firewalls and how to install them.

http://www.pcworld.com/howto/article/0,aid,112920,00.asp

 

Apart from that also install the MVPS hosts file:

http://www.mvps.org/winhelp2002/hosts.htm

which blocks innocent looking sites that are not so innocent.

 

Also see

How did I get Infected?

 

Finally, it is best to update your system regularly, to ensure you have the latest security patches from Microsoft. Update by clicking

here http://v4.windowsupdate.microsoft.com/

and following the prompts.

 

jedi

Share this post


Link to post
Share on other sites

All right, thank you so much for your help! I have just downloaded and installed Comodo Firewall Pro. I haven't restarted yet, but it looks like it's a very highly rated Free Firewall Software. I also did the hosts file thing that you suggested. And I have automatic Updates enabled with Windows/Microsoft Update, so there's no problem there.

Share this post


Link to post
Share on other sites

You're welcome. :D

 

Take care, happy surfing.

 

jedi :wave:

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0