PDA

View Full Version : Multiple Items Detected time and again



Chopp3rDave
2007-05-16, 02:38
Here is my HijackThis! Log

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 4:32:20 PM, on 5/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Promise\Utility\MsgAgt.exe
C:\Program Files\Promise\Utility\MsgSvr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Tor\tor.exe
C:\Program Files\Proxifier\Proxifier.exe
C:\Documents and Settings\Seth\Desktop\HiJackThis_v2.exe
C:\Program Files\afreeca\afreecaplayer.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {91961425-7EA7-4657-AEE1-C831FCB0A26F} - C:\WINDOWS\system32\khfcdby.dll
O2 - BHO: (no name) - {ACEAC23F-3698-4EDB-B9F4-8CF32431FE00} - C:\WINDOWS\system32\vtstr.dll
O2 - BHO: (no name) - {BD2B8292-19ED-4AE5-954D-4DC917F80909} - C:\WINDOWS\system32\thjxdoua.dll
O2 - BHO: (no name) - {E2EE5C44-C66D-499d-BEAE-A2A79189A63A} - C:\WINDOWS\system32\sewgnuau.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\cauvgndc.dll",realset
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\prxernsp.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O10 - Unknown file in Winsock LSP: prxerdrv.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179087385187
O16 - DPF: {F0320816-41D9-49DD-B2F3-8E7B0AE32796} (AFCStarter Control) - http://live.pdbox.co.kr:8057/AFCStarter.cab
O20 - Winlogon Notify: khfcdby - C:\WINDOWS\SYSTEM32\khfcdby.dll
O20 - Winlogon Notify: vtstr - C:\WINDOWS\system32\vtstr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe
O23 - Service: Promise RAID message server (RAIDmSvr) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgSvr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 9472 bytes


And here is my Spybot result log

Advertising.com: Tracking cookie (Internet Explorer: Seth) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Advertising.com: Tracking cookie (Firefox: default) (Cookie, nothing done) Avenue A, Inc.: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) CasaleMedia: Tracking cookie (Firefox: default) (Cookie, nothing done) DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
FastClick: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) HitBox: Tracking cookie (Firefox: default) (Cookie, nothing done) MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done) SexTracker: Tracking cookie (Firefox: default) (Cookie, nothing done) SexTracker: Tracking cookie (Firefox: default) (Cookie, nothing done) Statcounter: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) Zedo: Tracking cookie (Firefox: default) (Cookie, nothing done) DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done) BlackCore: Tracking cookie (Firefox: default) (Cookie, nothing done) SexTracker: Tracking cookie (Firefox: default) (Cookie, nothing done) SexTracker: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) AdRevolver: Tracking cookie (Firefox: default) (Cookie, nothing done) ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done) ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done) ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done) ReliableStats: Tracking cookie (Firefox: default) (Cookie, nothing done) WebTrends live: Tracking cookie (Firefox: default) (Cookie, nothing done) Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, nothing done) Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, nothing done)
Winsoftware.WinAntiVirusPro2006: Tracking cookie (Firefox: default) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) --- 2005-05-31 blindman.exe (1.0.0.1) 2005-05-31 SpybotSD.exe (1.4.0.3) 2005-05-31 TeaTimer.exe (1.4.0.2) 2007-04-12 unins000.exe (51.41.0.0) 2005-05-31 Update.exe (1.4.0.0) 2007-04-18 advcheck.dll (1.5.1.0) 2005-05-31 aports.dll (2.1.0.0) 2005-05-31 borlndmm.dll (7.0.4.453) 2005-05-31 delphimm.dll (7.0.4.453) 2005-05-31 SDHelper.dll (1.4.0.0) 2007-01-02 Tools.dll (2.0.1.0) 2005-05-31 UnzDll.dll (1.73.1.1) 2005-05-31 ZipDll.dll (1.73.2.0) 2007-05-09 Includes\Cookies.sbi (*) 2006-12-08 Includes\Dialer.sbi (*) 2007-05-09 Includes\DialerC.sbi (*) 2007-04-04 Includes\Hijackers.sbi (*) 2007-05-09 Includes\HijackersC.sbi (*) 2006-10-27 Includes\Keyloggers.sbi (*) 2007-05-09 Includes\KeyloggersC.sbi (*) 2007-03-21 Includes\Malware.sbi (*) 2007-05-09 Includes\MalwareC.sbi (*) 2007-03-21 Includes\PUPS.sbi (*) 2007-05-09 Includes\PUPSC.sbi (*) 2007-05-09 Includes\Revision.sbi (*) 2006-12-08 Includes\Security.sbi (*) 2007-05-09 Includes\SecurityC.sbi (*) 2007-03-21 Includes\Spybots.sbi (*) 2007-05-09 Includes\SpybotsC.sbi (*) 2005-02-17 Includes\Tracks.uti 2007-05-02 Includes\Trojans.sbi (*) 2007-05-09 Includes\TrojansC.sbi (*)

I'm stumped, I clean and start another scan and its all back. Can anyone help?

Thanks,
Seth

Chopp3rDave
2007-05-16, 08:58
Smitfraud keeps coming back in spybot, can anyone help me clean it out?

tashi
2007-05-16, 09:10
Hello.

Please read these sticky topics: "BEFORE you POST" (http://forums.spybot.info/showthread.php?t=288)

A spybot result log is not requested, but the result of an on-line anti virus scan is. :)

If you have waited FOUR days for advice post here. (http://forums.spybot.info/showthread.php?p=4836#post4836)
Especially the part about bumping one's topic.

Thanks.

tashi
2007-05-22, 01:47
This topic has been archived.

If you need it re-opened and will be posting the information requested, please send me a private message (pm) and provide a link to the thread. Applies only to the original poster, anyone else with similar problems please start a new topic.