Results 1 to 3 of 3

Thread: WinAntiVirusPro-Internet Mafia

  1. 2007-10-20, 04:27 #1
    zaddik
    zaddik is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    1

    Default WinAntiVirusPro-Internet Mafia

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 10:19:48 PM, on 10/19/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\ACS.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\WINDOWS\System32\DVDRAMSV.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft SQL Server\MSSQL$SOSHOME22\Binn\sqlservr.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
    c:\program files\verizon wireless\venturi\Client\ventc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\system32\ezSP_Px.exe
    C:\Program Files\Toshiba Controls\CpRmtKey.EXE
    C:\Program Files\EzButton\CplBTQ00.EXE
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    C:\Program Files\Microsoft Money\System\System\reminder.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Costco\Application Data\WinTouch\WinTouch.exe
    C:\Documents and Settings\Costco\Application Data\Microsoft\Windows\rayiou.exe
    C:\Program Files\SpywareBot\SpywareBot.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    c:\program files\verizon wireless\venturi\Configurator\ventcfg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\mwoidiaq.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Costco\My Documents\HiJackThis_v2.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://toshibadirect.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {077F3C45-62C9-465F-A39B-B7122BBFDADB} - C:\Program Files\WindowsUpdate\hokewok83122.dll
    O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\snalqlsh.dll
    O2 - BHO: 0 - {90588A5A-86C5-47D8-538D-0D83F6B7A56C} - C:\Program Files\Online Services\lavuqalug.dll (file missing)
    O2 - BHO: (no name) - {97AA11BD-3D8D-4EB2-BBC9-881A71D238CD} - C:\WINDOWS\system32\vtstq.dll
    O2 - BHO: (no name) - {B351794A-9AA6-49D5-8797-B5723F60F40F} - C:\Program Files\WindowsUpdate\hokewok4444.dll
    O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
    O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
    O4 - HKLM\..\Run: [CpRmtKey] "C:\Program Files\Toshiba Controls\CpRmtKey.EXE"
    O4 - HKLM\..\Run: [CplBTQ00] C:\Program Files\EzButton\CplBTQ00.EXE
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\sjpepagi.dll",sitypnow
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\System\reminder.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Costco\Application Data\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Costco\Application Data\Microsoft\Windows\rayiou.exe
    O4 - HKCU\..\Run: [mkmu] C:\PROGRA~1\COMMON~1\mkmu\mkmum.exe
    O4 - HKCU\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
    O4 - S-1-5-18 Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'SYSTEM')
    O4 - S-1-5-18 Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (User 'SYSTEM')
    O4 - S-1-5-18 Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (User 'Default user')
    O4 - .DEFAULT Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (User 'Default user')
    O4 - .DEFAULT Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe (User 'Default user')
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: VZAccess Manager.lnk = C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
    O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{ABF64756-93C3-46F7-A949-780519D27804}: NameServer = 66.174.95.44 66.174.92.14
    O20 - Winlogon Notify: jkkkkli - C:\WINDOWS\SYSTEM32\jkkkkli.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: McAfee Application Installer Cleanup (0109091167681821) (0109091167681821mcinstcleanup) - Unknown owner - C:\DOCUME~1\Costco\LOCALS~1\Temp\010909~1.EXE (file missing)
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\ACS.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: DomainService - - C:\WINDOWS\system32\mwoidiaq.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\Ivp\Swupdate\swupdtmr.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: Venturi Client (Venturi2) - Venturi Wireless - c:\program files\verizon wireless\venturi\Client\ventc.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    O24 - Desktop Component 0: (no name) - C:\Program Files\Online Services\profsyfsyfsefs.html

    --
    End of file - 12879 bytes
  2. 2007-10-20, 13:07 #2
    Scotty
    Scotty is offline
    Member
    Join Date
    Apr 2007
    Location
    Bonnie Scotland
    Posts
    37

    Default

    Hi! Welcome to the Spybot forums.
    My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.

    Please be patient as my posts to you have to be checked before I reply, so they make take longer.

    Please make a uninstall list using HijackThis
    To access the Uninstall Manager you would do the following:

    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
    I am in training at Malware Removal University - You too could train to help others
  3. 2007-10-26, 08:20 #3
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,964

    Default

    zaddik, due to lack of a response to your helper, this topic has been archived.

    If you need it re-opened, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules