|
Donations |
|
 |
|
|
|
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
|
|
|
Survey |
|
|
|
|
|
|
|
|
Translate |
|
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
 Posted: Sat May 29, 2004 11:17 am Post subject: 3rd post... Can someone decipher my hijac log |
|
|
I believe all of my problems started when I downloade spykiller. Now my PC runs very slow, I can not print or open my outlook mail because it times out, and I have problems unistalling programs through add remove programs. I have ran adware spybot, cw shredder, and hijackthis. The one thing that I keep finding is DSO exploit.
Logfile of HijackThis v1.97.7
Scan saved at 10:06:03 AM, on 5/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\BullGuard\vsserv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\TrojanHunter 3.8\THGuard.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Scott\My Documents\Data\tools\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.rr.com/
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c...st0401.cab
What do I do now? |
|
| Back to top |
|
 |
bluedog
Security Expert
Joined: Dec 22, 2003
Posts: 360
Location: Australia
|
| Posted: Sat May 29, 2004 2:22 pm Post subject: |
|
|
Hi Scottielang,
Please only start one topic and please stay in that thread, don`t post new topics each time you post.
Remove Spykiller from Add/Remove, if you can.
Stick to Ad-aware and Spybot S+D, free and reliable.
Close ALL browser Windows, only have HijackThis running.
In HiJackThis, Check the boxes beside the below entries, then click on "Fix checked" .
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\3.bin\MYBAR.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
Reboot into Safe Mode.....( tap F8 key during reboot, until the boot menu appears...use the arrow keys to choose "Safe Mode" from the menu......,then press the "Enter" key)
Make sure you can see Hidden files and Folders:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Then delete the below files and Folders:
C:\Program Files\MyWay <--- delete the MyWay folder
C:\Program Files\SpyKiller <--- delete the SpyKiller folder
C:\WINDOWS\System32\toolbar.dll <--- delete the file
Reboot computer
If mail and programs still don`t work OK, goto "Start"--"Run". and type in:
sfc /scannow
more info for Scannow:
http://www.updatexp.com/scannow-sfc.html
The "DSO" mentioned by Spybot, may be for the auto download of unsigned ActiveX controls.
Download all critical Updates from Microsoft.
Best way to offset the ActiveX is to set IE security settings.,Then install SpyWareBlaster.
Learn to use SpywareBlaster to set safe IE settings,etc.
and then download all critical Updates from Microsoft.
Cheers.
So how did I get infected in the first place?
http://www.computercops.biz/postt7736.html
PLease goto:
http://windowsupdate.microsoft.com.
and download all critical updates.
If you found this site helpful, please consider a small donation via Paypal link in top LH corner.
. |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Sat May 29, 2004 11:26 pm Post subject: 4th Post still in dire need of help!! |
|
|
My pc is running really slow, I can not intall or uninstall any programs. I have ran Adware, spybot, hijackthis. I am flabergasted at this point on what to do.
Logfile of HijackThis v1.97.7
Scan saved at 10:21:53 PM, on 5/29/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\BullGuard\vsserv.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\TrojanHunter 3.8\THGuard.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\My Documents\Data\tools\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.rr.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c...st0401.cab
Please instruct on what to do next. |
|
| Back to top |
|
|
bluedog
Security Expert
Joined: Dec 22, 2003
Posts: 360
Location: Australia
|
| Posted: Sun May 30, 2004 12:03 am Post subject: |
|
|
Hi,
Did sfc /scannow run OK?
If you don`t use websearch.drsnsrch.com , use HJT to fix the below entries.
Close all open windows. Only have HJT running.
Check the box next to the below entries, and then click on "Fix Checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.rr.com/
Close HJT,
Reboot computer.
Now run Ad-aware, but read the below info on how to do a complete in-depth scan, after UPDATING adaware first.
please read :
HOW TO PERFORM A FULL SYSTEM SCAN With ...Build 181
Remove all that Ad-aware finds.
It is critical that you UPDATE Ad-aware, before scanning.
Cheers. |
|
| Back to top |
|
|
parputt
Forums Admin
Premium Member
Joined: Mar 08, 2002
Posts: 1082
Location: USA
|
| Posted: Sun May 30, 2004 2:52 pm Post subject: Scottie's latest post |
|
|
I found this in a brand new topic. 
Internet is running very slow, still can not add or remove any programs. However this time when I ran my virus scan it found a file called Trojan.Downloader.Stubby.A How do I get rid of this? I also ran TrojanHunter and it said I had about 13 different ports open. Hod do I close them? I am also providing my Hijackthis log and Adware log.
Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Sunday, May 30, 2004 10:26:33 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R312 30.05.2004
______________________________________________________
Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan within archives
Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result
5-30-2004 10:26:33 AM - Scan started. (Custom mode)
Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-30-2004 3:19:43 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:46 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:46 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:46 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:57:35 PM
Last modified : 8/23/2001 12:00:00 PM
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:46 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 8/23/2001 12:00:00 PM
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:47 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:57:35 PM
Last modified : 8/23/2001 12:00:00 PM
#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:19:47 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:57:35 PM
Last modified : 8/23/2001 12:00:00 PM
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:57:35 PM
Last modified : 8/23/2001 12:00:00 PM
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:57:35 PM
Last modified : 8/23/2001 12:00:00 PM
#:10 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 296 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : (C) 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
OriginalFilename : LexBceS.exe
ProductName : MarkVision for Windows (32 bit)
Created on : 2/28/2003 6:28:34 AM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 2/28/2003 6:28:34 AM
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 8/23/2001 12:00:00 PM
#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 309 KB
FileVersion : 1.05.2
ProductVersion : 1.05.2
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Event Manager
Created on : 2/21/2003 9:42:36 AM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 2/21/2003 9:42:36 AM
#:13 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 170 KB
FileVersion : 8.16
ProductVersion : 8.16
Copyright : (C) 1993 - 2003 Lexmark International, Inc.
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
OriginalFilename : LEXPPS.EXE
ProductName : MarkVision for Windows (32 bit)
Created on : 2/28/2003 6:25:59 AM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 2/28/2003 6:25:59 AM
#:14 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 8/23/2001 12:00:00 PM
#:15 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 9.10.1003
ProductVersion : 9.10.1003
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 3/3/2003 8:16:52 PM
Last accessed : 5/30/2004 2:57:16 PM
Last modified : 3/3/2003 8:16:52 PM
#:16 [nisum.exe]
FilePath : C:\Program Files\Norton Internet Security\
ThreadCreationTime : 5-30-2004 3:19:48 PM
BasePriority : Normal
FileSize : 137 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
OriginalFilename : NISUM.exe
ProductName : Norton Internet Security
Created on : 3/3/2003 8:06:36 PM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 3/3/2003 8:06:36 PM
#:17 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:19:49 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 2:57:35 PM
Last modified : 8/23/2001 12:00:00 PM
#:18 [xcommsvr.exe]
FilePath : C:\Program Files\Common Files\BullGuard\BullGuard Communicator\
ThreadCreationTime : 5-30-2004 3:19:49 PM
BasePriority : Normal
FileSize : 68 KB
FileVersion : 1, 7, 0, 6
ProductVersion : 1, 7, 0, 6
Copyright : Copyright
CompanyName : Softwin
FileDescription : BullGuard Communicator Server
InternalName : XCOMMSVR
OriginalFilename : xcommsvr.exe
ProductName : Softwin BullGuard Communicator Server
Created on : 3/1/2004 5:59:42 PM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 3/1/2004 5:59:42 PM
#:19 [bdss.exe]
FilePath : C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\
ThreadCreationTime : 5-30-2004 3:19:50 PM
BasePriority : Normal
FileSize : 56 KB
Created on : 11/11/2003 7:25:58 PM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 11/11/2003 7:25:58 PM
#:20 [vsserv.exe]
FilePath : C:\Program Files\BullGuard\
ThreadCreationTime : 5-30-2004 3:19:50 PM
BasePriority : Normal
FileSize : 72 KB
Created on : 2/20/2004 9:32:42 PM
Last accessed : 5/30/2004 2:59:05 PM
Last modified : 2/20/2004 9:32:42 PM
#:21 [ccpxysvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ThreadCreationTime : 5-30-2004 3:19:50 PM
BasePriority : Normal
FileSize : 33 KB
FileVersion : 6.02.2003
ProductVersion : 6.02.2003
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
OriginalFilename : ccPxySvc.exe
ProductName : Norton Internet Security
Created on : 3/3/2003 8:05:18 PM
Last accessed : 5/30/2004 2:57:36 PM
Last modified : 3/3/2003 8:05:18 PM
#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-30-2004 3:20:04 PM
BasePriority : Normal
FileSize : 977 KB
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/23/2001 12:00:00 PM
Last accessed : 5/30/2004 3:23:47 PM
Last modified : 8/23/2001 12:00:00 PM
#:23 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:20:15 PM
BasePriority : Normal
FileSize : 40 KB
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright (C) 2002 Easy Systems Japan Ltd.
CompanyName : Easy Systems Japan Ltd.
FileDescription : ezSP_Px MFC Application
InternalName : ezSP_Px
OriginalFilename : ezSP_Px.EXE
ProductName : ezSP_Px Application
Created on : 8/15/2003 7:23:15 PM
Last accessed : 5/30/2004 3:20:15 PM
Last modified : 8/20/2002 5:29:26 PM
#:24 [tgcmd.exe]
FilePath : C:\program files\support.com\client\bin\
ThreadCreationTime : 5-30-2004 3:20:20 PM
BasePriority : Normal
FileSize : 1376 KB
FileVersion : 5,0,433,0
ProductVersion : 5,0,433,0
Copyright : Copyright 1997-2069 Support.com
CompanyName : Support.com, Inc.
FileDescription : tgcmd Module
InternalName : TGCMD
OriginalFilename : TGCMD.DLL
ProductName : tgcmd Module
Created on : 4/12/2002 10:02:11 PM
Last accessed : 5/30/2004 3:20:20 PM
Last modified : 6/24/2003 12:32:54 AM
#:25 [igfxtray.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:20:25 PM
BasePriority : Normal
FileSize : 152 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
OriginalFilename : IGFXTRAY.EXE
ProductName : Intel(R) Common User Interface
Created on : 8/14/2003 3:00:02 AM
Last accessed : 5/30/2004 3:20:25 PM
Last modified : 4/7/2003 7:19:52 AM
#:26 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:20:27 PM
BasePriority : Normal
FileSize : 112 KB
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
Copyright : Copyright 1999-2003, Intel Corporation
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
OriginalFilename : HKCMD.EXE
ProductName : Intel(R) Common User Interface
Created on : 8/14/2003 2:59:46 AM
Last accessed : 5/30/2004 3:20:27 PM
Last modified : 4/7/2003 7:07:38 AM
#:27 [agrsmmsg.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-30-2004 3:20:29 PM
BasePriority : Normal
FileSize : 86 KB
FileVersion : 2.1.25 2.1.25 02/14/2003 11:58:58
ProductVersion : 2.1.25 2.1.25 02/14/2003 11:58:58
Copyright : Copyright
CompanyName : Agere Systems
FileDescription : SoftModem Messaging Applet
InternalName : smdmstat.exe
OriginalFilename : smdmstat.exe
ProductName : Agere SoftModem Messaging Applet
Created on : 8/14/2003 2:59:11 AM
Last accessed : 5/30/2004 3:20:29 PM
Last modified : 2/14/2003 7:59:00 PM
#:28 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 5-30-2004 3:20:30 PM
BasePriority : Normal
FileSize : 53 KB
FileVersion : 1.0.10.006
ProductVersion : 1.0.10.006
Copyright : Copyright (c) 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 2/19/2004 1:32:29 AM
Last accessed : 5/30/2004 3:20:30 PM
Last modified : 12/2/2003 10:11:04 PM
#:29 [winampa.exe]
FilePath : C:\Program Files\Winamp\
ThreadCreationTime : 5-30-2004 3:20:33 PM
BasePriority : Normal
FileSize : 10 KB
Created on : 10/1/2001 11:42:00 PM
Last accessed : 5/30/2004 3:20:33 PM
Last modified : 10/1/2001 11:42:00 PM
#:30 [sonytray.exe]
FilePath : C:\Program Files\Sony Corporation\Image Transfer\
ThreadCreationTime : 5-30-2004 3:20:39 PM
BasePriority : Normal
FileSize : 72 KB
Created on : 2/19/2004 12:55:06 AM
Last accessed : 5/30/2004 3:20:39 PM
Last modified : 10/17/2002 2:20:20 AM
#:31 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-30-2004 3:21:43 PM
BasePriority : Normal
FileSize : 145 KB
FileVersion : 5.4.3790.20 built by: lab04_n
ProductVersion : 5.4.3790.20
CompanyName : Microsoft Corporation
FileDescription : Windows Update AutoUpdate Client
InternalName : wuauclt.exe
OriginalFilename : wuauclt.exe
ProductName : Microsoft
Created on : 5/26/2004 11:46:14 PM
Last accessed : 5/30/2004 3:06:14 PM
Last modified : 2/10/2004 2:09:02 AM
#:32 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 5-30-2004 3:24:40 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 5/28/2004 1:19:26 AM
Last accessed : 5/30/2004 3:23:52 PM
Last modified : 7/13/2003 3:00:20 AM
#:33 [helpctr.exe]
FilePath : C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\
ThreadCreationTime : 5-30-2004 3:26:16 PM
BasePriority : Normal
FileSize : 710 KB
FileVersion : 5.1.2600.128 (xpclnt_qfe.021108-2107)
ProductVersion : 5.1.2600.128
CompanyName : Microsoft Corporation
FileDescription : Microsoft Help and Support Center
InternalName : HELPCTR.EXE
OriginalFilename : HELPCTR.EXE
ProductName : Microsoft
Created on : 5/28/2004 10:53:45 PM
Last accessed : 5/30/2004 3:24:00 PM
Last modified : 2/5/2004 10:14:57 PM
Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0
Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank
Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"
Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1
Deep scanning and examining files (C
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Tracking Cookie Object recognized!
Type : File
Data : administrator@cgi-bin[1].txt
Object : C:\Documents and Settings\Administrator\Cookies\
Created on : 5/29/2004 6:50:16 PM
Last accessed : 5/30/2004 3:30:02 PM
Last modified : 5/29/2004 6:50:16 PM
Tracking Cookie Object recognized!
Type : File
Data : [2].txt
Object : C:\Documents and Settings\Administrator\Cookies\
Created on : 5/29/2004 6:56:01 PM
Last accessed : 5/30/2004 3:30:02 PM
Last modified : 5/29/2004 6:56:01 PM
Tracking Cookie Object recognized!
Type : File
Data : administrator@hitbox[2].txt
Object : C:\Documents and Settings\Administrator\Cookies\
Created on : 5/29/2004 6:43:17 PM
Last accessed : 5/30/2004 3:30:02 PM
Last modified : 5/29/2004 6:56:01 PM
BroadCastPC Object recognized!
Type : File
Data : glcf.tmp
Object : C:\Documents and Settings\Scott\Local Settings\Temp\
FileSize : 161 KB
Created on : 5/30/2004 3:16:37 PM
Last accessed : 5/30/2004 3:16:53 PM
Last modified : 5/30/2004 3:16:53 PM
BroadCastPC Object recognized!
Type : File
Data : glk10.tmp
Object : C:\Documents and Settings\Scott\Local Settings\Temp\
FileSize : 33 KB
Created on : 5/30/2004 3:16:53 PM
Last accessed : 5/30/2004 3:17:08 PM
Last modified : 5/30/2004 3:17:08 PM
Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 6
Deep scanning and examining files (D
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Disk scan result for D:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 6
Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 6
10:47:34 AM Scan complete
Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:20:59:718
Objects scanned :185177
Objects identified :6
Objects ignored :0
New objects :6
Logfile of HijackThis v1.97.7
Scan saved at 1:32:12 PM, on 5/30/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\BullGuard\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\BullGuard\bdmcon.exe
C:\Program Files\BullGuard\bgnewsag.exe
C:\Program Files\BullGuard\bdlite.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\My Documents\Data\tools\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [BGNewsAgent] C:\Program Files\BullGuard\bgnewsag.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c...st0401.cab
Any hekp will be greatful.
_________________
"Never argue with an idiot. They will only bring you down to their level and beat you with experience". |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Sun May 30, 2004 3:01 pm Post subject: Still having problems. |
|
|
Sfc /scannow did not work.
I also found these files with my virus scan if this helps.
Trojan.Downloader.Stubby.A
Trojan.Spy.BI
Adware.1088 ( I already got rid of this once, and it came back.)
Sorry if I am a nusiance. Thanks forhelping me Bulldog. |
|
| Back to top |
|
|
bluedog
Security Expert
Joined: Dec 22, 2003
Posts: 360
Location: Australia
|
| Posted: Sun May 30, 2004 3:20 pm Post subject: |
|
|
Thanks Parputt, 
Hi scottielang,
1.
Where does AVG say Stubby A is located.
Please post the full path of file infected.
Then download and run this StubbyA remover from AVG:
http://www.grisoft.com/softw/removers/rmstubby.exe
2
THen empty all TEMP folders, for all users:
C:\temp
C:\windows\temp
C:\Documents and Settings\ 'your user name'\Local Settings\Temp
and
The TIF ( Temporary Internet Files) can also be emptied via IE--Tools--Internet Options--General tab--"Delete Files",
Also tick the "delete all offline content" box .
3.
Purge System Restore,...Then run Antivirus,... then turn System Restore back on.
Purge System Restore by turning it off,...it back on
Ley us know how it goes,
Cheers |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Sun May 30, 2004 3:45 pm Post subject: File Locations |
|
|
Here are the file locations that you requested. I tried to delete them but it said that they were inuse. They are quarantined to the following path, but I am not sure.
Trojan.Downloader.Stubby.A
C:\Program Files\Bullguard\Infected\165453176437
C:\Program Files\Bullguard\Infected\A0002198.exe
Trojan.Spy.Bi
C:\Program Files\Bullguard\Infected\A0004058.exe.tcf
Adware.1088
C:\Program Files\Bullguard\Infected\A0004052.exe.tcf
C:\Program Files\Bullguard\Infected\A0004052.exe.tcf
C:\Program Files\Bullguard\Infected\ezyjan.exe.tmp
C:\Program Files\Bullguard\Infected\A0004058.exe.tcf
I also could not delete the following folder from thetemp dir. It said it was in use.
C:\Windows\Temp\tmp0000667a
Thanks bluedog |
|
| Back to top |
|
|
bluedog
Security Expert
Joined: Dec 22, 2003
Posts: 360
Location: Australia
|
| Posted: Sun May 30, 2004 3:52 pm Post subject: |
|
|
Hi,
Run just 1 antivirus., at a time.
Uninstall the others.
Update the antivirus you keep,,,disable System Restore, , rerun a scan.
Renable System Restore.
Reboot to Safe Mode to delete any files.
Cheers
Edit: run the StubbyA remover tool from AVG ,also |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Sun May 30, 2004 5:31 pm Post subject: System still slow |
|
|
I was able to delete those files I told you about before. I re ran my virus scanner and found no viruses, however my system is really slow and I am still having problems installing or uninstalling any programs. I t also takes atleast 1 min. to open any program. Here is also my hijackthis log
Logfile of HijackThis v1.97.7
Scan saved at 4:29:53 PM, on 5/30/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BullGuard\BullGuard Communicator\xcommsvr.exe
C:\Program Files\Common Files\BullGuard\BullGuard Scan Server\bdss.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\BullGuard\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\program files\support.com\client\bin\tgcmd.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\BullGuard\bgnewsag.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\BullGuard\bdmcon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Scott\My Documents\Data\tools\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [DVDUpgrade] DVDUpgrd.exe /async
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.8\THGuard.exe"
O4 - HKLM\..\Run: [BGNewsAgent] C:\Program Files\BullGuard\bgnewsag.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c...st0401.cab
How do I close ports on my PC, could that have anything to do with why everthing is running slow.
Scottielang |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Sun May 30, 2004 7:00 pm Post subject: 7th post - System problems still |
|
|
| Are there any other types of programs that I can run to see if there is anything else wrong with my system, and that will also help me with the problems that I am having. |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Sun May 30, 2004 7:29 pm Post subject: Still having same problems |
|
|
I was able to complete the sfc /scannow file. Was it suppose to give any errors. What is the next step that I should take?
scottielang |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Sun May 30, 2004 10:16 pm Post subject: Printer problem |
|
|
| I ran msconfig and stopped most of the startup services. My PC is back to normal, however I can not install my printer. I have removed everything from my registry and all of the files of my hard drive. What do I do know. |
|
| Back to top |
|
|
bluedog
Security Expert
Joined: Dec 22, 2003
Posts: 360
Location: Australia
|
| Posted: Mon May 31, 2004 4:34 am Post subject: |
|
|
Hi,
Good, You have NIS and NAV.
You dont need Bullguard or AVG running when NIS suite is running.
Remove Bullguard or disable it via MSCONFIG.
The same for AVG. Nothing wrong with AVG, ...just dont run 2 antivirus at the same time.
sfc /scannow is supposed to run through without problems.
I dont understand this: " I have removed everything from my registry and all of the files of my hard drive. What do I do know."
To close ports on XP,
start with Services, but be aware, disabling the wrong service will cause problems.
Disabling the wrong service can render Windows unbootable.
http://blackviper.com/WinXP/servicecfg.htm
Please be sure of what you are disabling in "Services".
ALso:
http://labmice.techtarget.com/articles/...cklist.htm
Cheers |
|
| Back to top |
|
|
scottielang
Trooper
Joined: May 28, 2004
Posts: 18
Location: USA
|
| Posted: Tue Jun 01, 2004 6:08 pm Post subject: Printer problem |
|
|
This is the error I get when I try to install my printer.
Print driver not installed. The specified print monitor is unknown.
I have tried to install the printer also in safemode and it did not work.
Any ideas on what I should do? |
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB 2.0.8a © 2001 phpBB Group
Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
|
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
