View Full Version : dave9296's own topic
dave9296
2006-07-04, 22:10
Hi guys. I had to jump in on this forum because it appears to still be active and i am having the exact same problem which is driving me insane. (avast repeatedy warning me about a blocked virus / spyware.
In any event, i followed the instructions up to the point of checking off items in hijackthis. I don't trust myself to delete items on my own and was hoping that you could have a look at my hijackthis log) I'm pretty sure I can handle the rest.
Thanks!!
Logfile of HijackThis v1.99.1
Scan saved at 9:04:01 PM, on 7/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\dave\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www6.inode.at/config/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Inode
R3 - URLSearchHook: (no name) - {BD129A21-5153-D1F7-104D-2F9AC13F8198} - sbin.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [panel_its] init32.exe
O4 - HKLM\..\Run: [Shaitan1678] dialer423.exe
O4 - HKLM\..\Run: [dolhy.exe] C:\WINDOWS\system32\dolhy.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [driver32] TRPT.exe
O4 - HKCU\..\Run: [10010] XTermInit.exe
O4 - HKCU\..\Run: [SetupExeDll] driver64.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122236578281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68E016B3-1276-45EF-B1DD-1D71DADE1BDE}: NameServer = 85.255.115.19,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{953FB842-1FC9-40A2-8264-F5DDB5E442B0}: NameServer = 85.255.115.19,85.255.112.71
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: vistax - C:\WINDOWS\SYSTEM32\vistax.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
Split off from:
http://forums.spybot.info/showthread.php?t=5490&page=2
Please see:
BEFORE you post and who will advise you. Preliminary Steps (http://forums.spybot.info/showthread.php?t=288)
dave9296
2006-07-05, 00:17
I apologize for starting a new thread. my posting was in reference to the thread... http://forums.spybot.info/showthread.php?p=31238#post31238
These messages from Avast are getting way out of hand. I would be hugely grateful if anyone had a second to list which items from the HijackThis log I can safely remove.
Thanks in advance!!
LonnyRJones
2006-07-05, 04:48
Hello dave9296
Download haxfix.exe. http://users.telenet.be/marcvn/tools/haxfix.exe
Save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon".
Click "Next".
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed.
Click "Finish".
A red "dos window" (dos box) will open.
Select option 1. Make logfile by typing 1 and then pressing Enter.
Haxfix will start scanning the computer. When it is finished a logfile will open.
Copy the contents of that logfile and paste it into this thread.
dave9296
2006-07-05, 19:06
i am still running HaxFix (going on 2 hours now) and it seems to be stuck at "checking for services..." under "checking for goldun infections."
in the meantime Avast fires off a warning almost every ten seconds now.
is there no way to just look at my HijackThis Log so I can follow the same steps as the last guy and delete certain entries??
any help is HUGELY appreciated!!
dave9296
2006-07-05, 19:07
aha. ok. finished.
here's the log from HaxFix...
HAXFIX logfile - by Marckie
______________
version 3.03
Wed 07/05/2006 16:47:41.56
checking for haxdoor
--------------------
checking for a3d files....
a3d files found
ps.a3d
checking for matching notify keys....
matching notify keys found
vist
checking for matching services....
matching services found
vistax
vistaj
checking for matching safeboot services....
matching safeboot services found
vistax.sys
vistaj.sys
Checking for goldun
-------------------
checking for notify keys....
no notify keys found
checking for services....
no services found
Finished
LonnyRJones
2006-07-06, 03:18
Thanks
Disconnect from the internet and temporaraly turn off avast
Open this folder program files\haxfix and double click on fix.bat (or double click on fix.bat desktop icon)
Close all other open windows since this step requires a reboot.
Option 2: Run auto fix.
Select option 2. Run auto fix by typing 2, and then pressing Enter.
If an infection is found, you'll get a message to close all other open windows.
Close them, except the red dos window from haxfix and then press Enter.
The computer will reboot.
After reboot a logfile will open.
Post the contents of that logfile along with a new hijackthislog.
dave9296
2006-07-06, 20:32
HAXFIX logfile - by Marckie
--------------
version 3.03
Thu 07/06/2006 19:22:25.85
Auto Haxdoorfix
haxdoor key: vist
searching for services....
services found
deleting services.....
[SWSC] DeleteService SUCCESS
[SWSC] DeleteService SUCCESS
rebooting the computer.....
haxdoor key: vist
searching for services....
services not found
checking if files are found.....
vistax.dll
vistaj.sys
deleting files.....
checking if files are deleted.....
checking for other files.....
klgcptini.dat
qz.dll
qz.sys
stt82.ini
ps.a3d
deleting other files.....
checking if the files are deleted.....
Finished
**********************************************
HijackThis log....
Logfile of HijackThis v1.99.1
Scan saved at 7:26:53 PM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dave\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www6.inode.at/config/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Inode
R3 - URLSearchHook: (no name) - {BD129A21-5153-D1F7-104D-2F9AC13F8198} - sbin.dll (file missing)
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [panel_its] init32.exe
O4 - HKLM\..\Run: [Shaitan1678] dialer423.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [kdizj.exe] C:\WINDOWS\system32\kdizj.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - HKCU\..\Run: [driver32] TRPT.exe
O4 - HKCU\..\Run: [10010] XTermInit.exe
O4 - HKCU\..\Run: [SetupExeDll] driver64.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122236578281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{68E016B3-1276-45EF-B1DD-1D71DADE1BDE}: NameServer = 85.255.115.19,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{953FB842-1FC9-40A2-8264-F5DDB5E442B0}: NameServer = 85.255.115.19,85.255.112.71
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
LonnyRJones
2006-07-06, 20:45
Start Hijackthis and place a check next to these items If there.
R3 - URLSearchHook: (no name) - {BD129A21-5153-D1F7-104D-2F9AC13F8198} - sbin.dll (file missing)
O4 - HKLM\..\Run: [panel_its] init32.exe
O4 - HKLM\..\Run: [Shaitan1678] dialer423.exe
O4 - HKLM\..\Run: [kdizj.exe] C:\WINDOWS\system32\kdizj.exe
O4 - HKCU\..\Run: [driver32] TRPT.exe
O4 - HKCU\..\Run: [10010] XTermInit.exe
O4 - HKCU\..\Run: [SetupExeDll] driver64.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{68E016B3-1276-45EF-B1DD-1D71DADE1BDE}: NameServer = 85.255.115.19,85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\..\{953FB842-1FC9-40A2-8264-F5DDB5E442B0}: NameServer = 85.255.115.19,85.255.112.71
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.19 85.255.112.71
====================================
Hit fix checked and close Hijackthis.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.
Note:
If You have connection problems or those 017's ~ 85.255.115.19 85.255.112.71, return proceed as fallows>
Before doing this write down all the settings, Note that not all system/setups even have these settings, While some connection service's will require them.
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
Do that for every conntection listed.
dave9296
2006-07-06, 22:18
Fixwareout ver 1.003
Last edited 07/1/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}636CCD817E98-5C0A-0E34-3BF9-6BA86FA2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B96DA2022ADE-8D4A-B034-AB12-41B33DC4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E9385FB625D2-81E9-F194-D7CC-B2BCE02E{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7A5356F716F2-02EB-A074-5BB7-CB2441A4{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B9E0234F367E-DCCB-DBD4-E013-BC4614D6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B4E8C89783A5-FF09-6534-6DB1-F33DA741{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FAA46774356A-58AA-3BC4-B53F-D3D55563{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5501E179FD42-916B-88C4-E39D-620F2182{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1006C9B5F68A-2EE8-BC34-3FA5-7AC6545C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A21F1C4B8505-D41A-D6A4-06FD-351A7DAE{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EEE98AFFF1EE-1289-CC84-9E5D-FD84A24A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EEF01AA747DA-5C68-8CA4-E3F3-43F8D44D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6B53CE486708-6AAA-4404-46E7-58CB937C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5F53B236FD9-CFDA-4884-C1B4-33FF7479{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EFB1ED17D927-027A-8694-9AF6-275AA821{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7C63E7A9E104-30F9-2DE4-B69F-CCDDE73C{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}676880BC1A51-3B6A-F1A4-EA6C-13D4618D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C05175D3A1E5-0328-2654-D9AD-965F9F1F{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8DF87518EFF4-8159-DA04-B8BD-BB3B704B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D3F1AB286E3E-34C8-4584-DF06-544E724D{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0C45CD47C3CE-E5F8-B024-B24E-CD065742{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}C71CC0E6E845-1B3A-E2C4-A139-B04A886B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CA22806BAA4D-29FA-2424-BFE0-9300A286{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}746869C0A3A2-0F7A-D6F4-53A0-6B02D11A{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9831D399D6D0-B9EA-9B54-FA20-3EBE0264{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}44B4E2ADAA2D-CF2B-CD54-91B9-803ED82B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}50179DBFDC7A-252B-9A34-B336-01324B32{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}4D6F4EFDC937-583A-96F4-20D0-D33262ED{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}40D6075E3404-347B-BBE4-0174-1564C550{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0BBC7F319A3E-1488-0E84-023E-0D3DFBA6{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9075A9B7A445-C6A8-17A4-C7ED-2F4D0E2B{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}99775240E4C1-CCFA-B6D4-A7EE-FCDA4481{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}EFC9059A3746-5A7A-1CB4-626A-56BF8460{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9792A1B395A0-959B-BDD4-749C-10537762{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}539517762047-B07B-17F4-2030-9A980B51{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}547FB5694361-C8EB-33C4-ABA9-A8D78CFC{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}77867166325A-657B-FBF4-B21B-60A3E5AF{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3A24FFE2B8A4-65C9-DB14-B777-6A527FA1{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}832E1AFDE4BA-2D5B-22C4-BC8F-3479F9C2{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2220083B447C-AF9B-6014-63CC-84761C26{
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Example ipsec6.exe is legitimate
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSBZF.EXE
* csr.exe C:\WINDOWS\System32\CSHME.EXE
* csr.exe C:\WINDOWS\System32\CSKSG.EXE
* csr.exe C:\WINDOWS\System32\CSOPM.EXE
* csr.exe C:\WINDOWS\System32\CSZFC.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
»»»»»
Search five digit cs, dm and jb files
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSBZF.EXE 51,261 2006-07-01
C:\WINDOWS\SYSTEM32\CSHME.EXE 51,244 2006-07-04
C:\WINDOWS\SYSTEM32\CSKSG.EXE 51,213 2006-07-04
C:\WINDOWS\SYSTEM32\CSOPM.EXE 51,272 2006-07-01
C:\WINDOWS\SYSTEM32\CSZFC.EXE 51,273 2006-07-04
Other suspects
Directory of C:\WINDOWS\system32
{62C16748-CC36-4106-B9FA-C744B3800222}.exe
{2C9F9743-F8CB-4C22-B5D2-AB4EDFA1E238}.exe
{1AF725A6-777B-41BD-9C56-4A8B2EFF42A3}.exe
{FA5E3A06-B12B-4FBF-B756-A52366176877}.exe
{CFC87D8A-9ABA-4C33-BE8C-1634965BF745}.exe
{15B089A9-0302-4F71-B70B-740267715935}.exe
{26773501-C947-4DDB-B959-0A593B1A2979}.exe
{0648FB65-A626-4BC1-A7A5-6473A9509CFE}.exe
{1844ADCF-EE7A-4D6B-AFCC-1C4E04257799}.exe
{B2E0D4F2-DE7C-4A71-8A6C-544A7B9A5709}.exe
{6ABFD3D0-E320-48E0-8841-E3A913F7CBB0}.exe
{055C4651-4710-4EBB-B743-4043E5706D04}.exe
{DE26233D-0D02-4F69-A385-739CDFE4F6D4}.exe
{23B42310-633B-43A9-B252-A7CDFBD97105}.exe
{B28DE308-9B19-45DC-B2FC-D2AADA2E4B44}.exe
{4620EBE3-02AF-45B9-AE9B-0D6D993D1389}.exe
{A11D20B6-0A35-4F6D-A7F0-2A3A0C968647}.exe
{682A0039-0EFB-4242-AF92-D4AAB60822AC}.exe
{B688A40B-931A-4C2E-A3B1-548E6E0CC17C}.exe
{247560DC-E42B-420B-8F5E-EC3C74DC54C0}.exe
{D427E445-60FD-4854-8C43-E3E682BA1F3D}.exe
{B407B3BB-DB8B-40AD-9518-4FFE81578FD8}.exe
{F1F9F569-DA9D-4562-8230-5E1A3D57150C}.exe
{D8164D31-C6AE-4A1F-A6B3-15A1CB088676}.exe
{C37EDDCC-F96B-4ED2-9F03-401E9A7E36C7}.exe
{128AA572-6FA9-4968-A720-729D71DE1BFE}.exe
{9747FF33-4B1C-4884-ADFC-9DF632B35F5A}.exe
{D44D8F34-3F3E-4AC8-86C5-AD747AA10FEE}.exe
{A42A48DF-D5E9-48CC-9821-EE1FFFA89EEE}.exe
{C5456CA7-5AF3-43CB-8EE2-A86F5B9C6001}.exe
{2812F026-D93E-4C88-B619-24DF971E1055}.exe
{36555D3D-F35B-4CB3-AA85-A65347764AAF}.exe
{147AD33F-1BD6-4356-90FF-5A38798C8E4B}.exe
{6D4164CB-310E-4DBD-BCCD-E763F4320E9B}.exe
{4A1442BC-7BB5-470A-BE20-2F617F6535A7}.exe
{E20ECB2B-CC7D-491F-9E18-2D526BF5839E}.exe
{4CD33B14-21BA-430B-A4D8-EDA2202AD69B}.exe
{C62CD812-6255-42BF-9CF0-48412E42C045}.exe
{94EE8AC3-DFCF-4762-BD2F-83E777EEB803}.exe
{ADEB718B-B752-4CCA-8514-21431EC0E667}.exe
{6CC20E55-9723-40E1-AA94-9F8613153D69}.exe
{506496DC-4EDC-45A3-901C-8F8D975603D5}.exe
{DD15A4B9-B8F1-4D1B-8562-E826A6DF0743}.exe
{716EACCA-41DB-4572-9539-AB1733CD17A9}.exe
{77C5F195-ACBB-48E9-900C-3C4110769C04}.exe
{05BDEBCB-2C6C-4DC8-9EE1-D32AF132F9A6}.exe
{EB761B3C-62BF-4FFD-BCAB-A02C82F4BB1A}.exe
{33BC2C49-6D75-4CDF-9926-F058FA6FE932}.exe
{FA0B9CFC-CEF2-46B4-ADB9-E0E61C20F09E}.exe
{B1BD9AF0-B95E-41E5-967C-1A99FABBC953}.exe
{2600FBBB-A3A7-45D2-9C63-6EBAF8E07846}.exe
{B4235E56-3D40-40AC-9EB4-2138923AEFDF}.exe
{1DC17277-B3FE-4B22-8689-7124D48F4BC1}.exe
{F48EAF05-67F9-40FF-80B0-30CAF62B0802}.exe
{69877436-8811-46ED-B8B6-BC7B497DF9F6}.exe
{5D217971-5DA3-4DE2-A601-3A2483ED1795}.exe
{8C2EB30C-4CD6-48F6-83DF-ED00B7AAFE24}.exe
{507C1A22-001E-4EFB-8402-76EE34582972}.exe
{DBB8B078-20BD-4BD9-82A9-ABD7D5133314}.exe
{5082B30F-3DA4-4878-934A-46274DC2779D}.exe
{EFEF1242-85C3-466C-9C23-04C3E140CF1B}.exe
{5B9DA10D-4B23-4D98-87A2-72EABE7E2D52}.exe
{D6B185A9-F1E1-4CFD-BAF8-B6DA2C567EA0}.exe
{5A6D6A02-0507-41A3-A5EC-0A3EACD20B5D}.exe
{0AD060B1-3D18-4AC8-AB23-385EADA0F1B9}.exe
{30D2D9C9-D844-4451-806B-B3AC6F3697B9}.exe
{14A12E9C-BAA7-4C65-9755-157701A3FFAF}.exe
{4951A231-70A2-4834-8B2D-AB5F8FF185E7}.exe
{DD48D1D6-170E-4E71-BA08-46BDD8970F9C}.exe
{8542FB39-A269-473C-9DCA-8452EA2316E4}.exe
{E9448FA3-2A55-4CE2-AB78-5BFA7602B55B}.exe
{D2322D4C-8F2C-438A-BB18-1958BC4F8005}.exe
{8E9BFFE0-8461-4CE6-B238-D5FCFE2A6CE4}.exe
{C6865A96-168A-44A3-ACE6-442B6735F27A}.exe
{9CB13EA0-9FE5-4B99-866E-4CD96AFD2835}.exe
{1F5A1D56-E90B-4BC3-8258-08AB795CF848}.exe
{B4B4F3E5-F830-4D9F-8B6D-252EB8E342F9}.exe
{B91C378B-E851-4850-88A0-C3284FF5DAE3}.exe
{5E39C1C0-F1DC-4EAF-93B4-C061C021AC2C}.exe
{BBC6E43A-C631-4190-965D-0DB7E35AB729}.exe
{B8D21B75-0411-4F78-B623-87B409125149}.exe
{7B1C3065-F2F5-4B87-AD13-E699089F0FAB}.exe
{03E2E6F7-8279-4C6B-AFE3-ED4664EE9932}.exe
{AC73897B-0E69-4043-8BF6-E4F71EDBE7B2}.exe
{78B5952E-97A2-425E-818D-9003085EF019}.exe
{90E4D704-B0D2-4DF8-9CC5-56AC7C655D29}.exe
{34CA087B-2933-415E-9B83-088957ABE67D}.exe
{089C5751-5B92-4605-A95A-B2E757F6A302}.exe
{1BA1A806-E4B7-44F1-B717-7B42A413E2CA}.exe
{8D40DD7E-C58C-402E-96EE-0D1435F832E5}.exe
{195F0600-2E8E-423D-95A7-D1E977D8DAC1}.exe
{220DE401-0841-4664-B456-29D208F54126}.exe
{5481F4B9-4133-4807-AA92-890BC6434E04}.exe
{1EAE20C9-D9FE-4576-A35C-F55C87D4C3E3}.exe
{A60D9237-3670-4492-A84F-A543B4BD50C4}.exe
{5F82062A-4D23-4114-BE61-3A43AC6D7085}.exe
{3E9EAE32-959E-465D-9669-85BC61BA22D4}.exe
{A68F2ECD-3DA9-48BD-8CB8-ABAD85B91858}.exe
{112435B3-5AE6-470D-9E71-C0FD6268DC6F}.exe
{221FAEDA-A56A-427E-AAEE-54EA67F7DA72}.exe
{49697EC1-8C04-4D56-BEBD-F6F0A39DD1E2}.exe
{89886DA3-140E-4ACF-B953-212CC73F5423}.exe
{34C5592E-BAF9-4F41-9290-C71ED9BFF9F9}.exe
{339C921C-6717-4820-B149-221753C7E858}.exe
{5D206ABA-0CC0-4FB4-8498-1ED56EBBE228}.exe
{0B3E7935-5DC3-4A8A-B0A2-5FCA013F75D7}.exe
{D2984EF9-141D-4414-B4F9-A5091E8C27B0}.exe
{567967D2-EF2F-4564-9266-8FDA029E3420}.exe
{28413CB1-F503-44AA-B9BB-E8CEAF3898B5}.exe
{62979C37-3B10-4223-BEE3-589C8DAC12FC}.exe
{52F10444-264E-4796-A337-D76CFFB17CAB}.exe
{FB410323-2A79-4D74-8430-CD7ED811966F}.exe
{246F647C-E4D0-4526-8C29-A0AE97E1F843}.exe
{151C464F-4B18-4DE9-AD80-B97BC9B2B4F7}.exe
{A703EBC4-CD20-4B71-ACB5-5A528DCA9A04}.exe
{7377AF49-7155-4DEF-B8DC-490EB78BA997}.exe
{8657C196-F5D6-4A4B-96E9-A657D7FA297D}.exe
{2831CE67-25AA-448B-A0F0-BD8753A4A45C}.exe
{B5115184-E733-4957-B945-0B00500F4760}.exe
{BEC5BC38-6695-4D68-9E58-A33B97F033F8}.exe
{C95F8264-5220-4181-B1AF-ED478D3EFB33}.exe
{0BB4AE59-E765-4FDF-BE51-384AD57FDBBE}.exe
{E132CFD1-E87F-4552-BF2A-C0630BF6CCFA}.exe
{481C1E32-3603-45F9-9E2F-97BC7251B843}.exe
{58A2C21F-CC1F-41B7-825C-77B78FB4670B}.exe
{20164283-7976-4A23-B510-835765A226CD}.exe
{C490150A-A0E8-4D7F-8B4C-65D05AAE97E1}.exe
{08C0D05C-D59C-4021-9A99-381F37EB7525}.exe
{0B1598C3-2645-4591-8C41-281BF6561315}.exe
{B4DB894B-A251-44D4-B1ED-EF52C21D6BCE}.exe
{B0E4F1F9-2D55-46F1-8773-35FE0DC7E436}.exe
{76950D6F-8EEA-432D-BF75-0EF22F68D166}.exe
{3EC9CD80-B7BC-4E25-B1EE-FE9133428E7D}.exe
{DF5154F5-972E-4E52-9CBC-B344BEAA6944}.exe
{6E0BFAD4-B6F2-446A-9C7A-F009F39D7B0E}.exe
{868FC325-2D13-4C0C-AADF-512C34E67ABC}.exe
{EB72ABEA-7A91-42E6-B6DC-CEA1A833B58B}.exe
{A09F4760-2455-46A5-ADC7-89C2A662ECDA}.exe
{BD7614EA-5BDE-4921-838E-06BF19D27941}.exe
{FC0D1CC4-D868-4CC2-8695-7B721AA686F3}.exe
{F0E1FC8A-7376-49AE-9FFF-F8519CFC1FBD}.exe
{53646683-1497-4280-AEB6-A07C23B5974D}.exe
{9D66720D-F2C6-4628-9BF1-2EE8946BE6CD}.exe
{95C3840A-2D80-4231-A860-FF034D4B1937}.exe
{C4193884-279F-4FDF-91DC-586B02F57CD5}.exe
{E1208540-58A9-473A-AD63-2AF60E9BC9F2}.exe
dave9296
2006-07-06, 22:18
...and the HijackThis report...
Logfile of HijackThis v1.99.1
Scan saved at 9:15:51 PM, on 7/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Documents and Settings\dave\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www6.inode.at/config/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Inode
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_7 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1122236578281
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional 2005.SR2a\RpcSandraSrv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
LonnyRJones
2006-07-07, 03:42
Manualy delete these files
C:\WINDOWS\SYSTEM32\CSBZF.EXE
C:\WINDOWS\SYSTEM32\CSHME.EXE
C:\WINDOWS\SYSTEM32\CSKSG.EXE
C:\WINDOWS\SYSTEM32\CSOPM.EXE
C:\WINDOWS\SYSTEM32\CSZFC.EXE
all these are in the C:\WINDOWS\system32\ folder
{62C16748-CC36-4106-B9FA-C744B3800222}.exe
{2C9F9743-F8CB-4C22-B5D2-AB4EDFA1E238}.exe
{1AF725A6-777B-41BD-9C56-4A8B2EFF42A3}.exe
{FA5E3A06-B12B-4FBF-B756-A52366176877}.exe
{CFC87D8A-9ABA-4C33-BE8C-1634965BF745}.exe
{15B089A9-0302-4F71-B70B-740267715935}.exe
{26773501-C947-4DDB-B959-0A593B1A2979}.exe
{0648FB65-A626-4BC1-A7A5-6473A9509CFE}.exe
{1844ADCF-EE7A-4D6B-AFCC-1C4E04257799}.exe
{B2E0D4F2-DE7C-4A71-8A6C-544A7B9A5709}.exe
{6ABFD3D0-E320-48E0-8841-E3A913F7CBB0}.exe
{055C4651-4710-4EBB-B743-4043E5706D04}.exe
{DE26233D-0D02-4F69-A385-739CDFE4F6D4}.exe
{23B42310-633B-43A9-B252-A7CDFBD97105}.exe
{B28DE308-9B19-45DC-B2FC-D2AADA2E4B44}.exe
{4620EBE3-02AF-45B9-AE9B-0D6D993D1389}.exe
{A11D20B6-0A35-4F6D-A7F0-2A3A0C968647}.exe
{682A0039-0EFB-4242-AF92-D4AAB60822AC}.exe
{B688A40B-931A-4C2E-A3B1-548E6E0CC17C}.exe
{247560DC-E42B-420B-8F5E-EC3C74DC54C0}.exe
{D427E445-60FD-4854-8C43-E3E682BA1F3D}.exe
{B407B3BB-DB8B-40AD-9518-4FFE81578FD8}.exe
{F1F9F569-DA9D-4562-8230-5E1A3D57150C}.exe
{D8164D31-C6AE-4A1F-A6B3-15A1CB088676}.exe
{C37EDDCC-F96B-4ED2-9F03-401E9A7E36C7}.exe
{128AA572-6FA9-4968-A720-729D71DE1BFE}.exe
{9747FF33-4B1C-4884-ADFC-9DF632B35F5A}.exe
{D44D8F34-3F3E-4AC8-86C5-AD747AA10FEE}.exe
{A42A48DF-D5E9-48CC-9821-EE1FFFA89EEE}.exe
{C5456CA7-5AF3-43CB-8EE2-A86F5B9C6001}.exe
{2812F026-D93E-4C88-B619-24DF971E1055}.exe
{36555D3D-F35B-4CB3-AA85-A65347764AAF}.exe
{147AD33F-1BD6-4356-90FF-5A38798C8E4B}.exe
{6D4164CB-310E-4DBD-BCCD-E763F4320E9B}.exe
{4A1442BC-7BB5-470A-BE20-2F617F6535A7}.exe
{E20ECB2B-CC7D-491F-9E18-2D526BF5839E}.exe
{4CD33B14-21BA-430B-A4D8-EDA2202AD69B}.exe
{C62CD812-6255-42BF-9CF0-48412E42C045}.exe
{94EE8AC3-DFCF-4762-BD2F-83E777EEB803}.exe
{ADEB718B-B752-4CCA-8514-21431EC0E667}.exe
{6CC20E55-9723-40E1-AA94-9F8613153D69}.exe
{506496DC-4EDC-45A3-901C-8F8D975603D5}.exe
{DD15A4B9-B8F1-4D1B-8562-E826A6DF0743}.exe
{716EACCA-41DB-4572-9539-AB1733CD17A9}.exe
{77C5F195-ACBB-48E9-900C-3C4110769C04}.exe
{05BDEBCB-2C6C-4DC8-9EE1-D32AF132F9A6}.exe
{EB761B3C-62BF-4FFD-BCAB-A02C82F4BB1A}.exe
{33BC2C49-6D75-4CDF-9926-F058FA6FE932}.exe
{FA0B9CFC-CEF2-46B4-ADB9-E0E61C20F09E}.exe
{B1BD9AF0-B95E-41E5-967C-1A99FABBC953}.exe
{2600FBBB-A3A7-45D2-9C63-6EBAF8E07846}.exe
{B4235E56-3D40-40AC-9EB4-2138923AEFDF}.exe
{1DC17277-B3FE-4B22-8689-7124D48F4BC1}.exe
{F48EAF05-67F9-40FF-80B0-30CAF62B0802}.exe
{69877436-8811-46ED-B8B6-BC7B497DF9F6}.exe
{5D217971-5DA3-4DE2-A601-3A2483ED1795}.exe
{8C2EB30C-4CD6-48F6-83DF-ED00B7AAFE24}.exe
{507C1A22-001E-4EFB-8402-76EE34582972}.exe
{DBB8B078-20BD-4BD9-82A9-ABD7D5133314}.exe
{5082B30F-3DA4-4878-934A-46274DC2779D}.exe
{EFEF1242-85C3-466C-9C23-04C3E140CF1B}.exe
{5B9DA10D-4B23-4D98-87A2-72EABE7E2D52}.exe
{D6B185A9-F1E1-4CFD-BAF8-B6DA2C567EA0}.exe
{5A6D6A02-0507-41A3-A5EC-0A3EACD20B5D}.exe
{0AD060B1-3D18-4AC8-AB23-385EADA0F1B9}.exe
{30D2D9C9-D844-4451-806B-B3AC6F3697B9}.exe
{14A12E9C-BAA7-4C65-9755-157701A3FFAF}.exe
{4951A231-70A2-4834-8B2D-AB5F8FF185E7}.exe
{DD48D1D6-170E-4E71-BA08-46BDD8970F9C}.exe
{8542FB39-A269-473C-9DCA-8452EA2316E4}.exe
{E9448FA3-2A55-4CE2-AB78-5BFA7602B55B}.exe
{D2322D4C-8F2C-438A-BB18-1958BC4F8005}.exe
{8E9BFFE0-8461-4CE6-B238-D5FCFE2A6CE4}.exe
{C6865A96-168A-44A3-ACE6-442B6735F27A}.exe
{9CB13EA0-9FE5-4B99-866E-4CD96AFD2835}.exe
{1F5A1D56-E90B-4BC3-8258-08AB795CF848}.exe
{B4B4F3E5-F830-4D9F-8B6D-252EB8E342F9}.exe
{B91C378B-E851-4850-88A0-C3284FF5DAE3}.exe
{5E39C1C0-F1DC-4EAF-93B4-C061C021AC2C}.exe
{BBC6E43A-C631-4190-965D-0DB7E35AB729}.exe
{B8D21B75-0411-4F78-B623-87B409125149}.exe
{7B1C3065-F2F5-4B87-AD13-E699089F0FAB}.exe
{03E2E6F7-8279-4C6B-AFE3-ED4664EE9932}.exe
{AC73897B-0E69-4043-8BF6-E4F71EDBE7B2}.exe
{78B5952E-97A2-425E-818D-9003085EF019}.exe
{90E4D704-B0D2-4DF8-9CC5-56AC7C655D29}.exe
{34CA087B-2933-415E-9B83-088957ABE67D}.exe
{089C5751-5B92-4605-A95A-B2E757F6A302}.exe
{1BA1A806-E4B7-44F1-B717-7B42A413E2CA}.exe
{8D40DD7E-C58C-402E-96EE-0D1435F832E5}.exe
{195F0600-2E8E-423D-95A7-D1E977D8DAC1}.exe
{220DE401-0841-4664-B456-29D208F54126}.exe
{5481F4B9-4133-4807-AA92-890BC6434E04}.exe
{1EAE20C9-D9FE-4576-A35C-F55C87D4C3E3}.exe
{A60D9237-3670-4492-A84F-A543B4BD50C4}.exe
{5F82062A-4D23-4114-BE61-3A43AC6D7085}.exe
{3E9EAE32-959E-465D-9669-85BC61BA22D4}.exe
{A68F2ECD-3DA9-48BD-8CB8-ABAD85B91858}.exe
{112435B3-5AE6-470D-9E71-C0FD6268DC6F}.exe
{221FAEDA-A56A-427E-AAEE-54EA67F7DA72}.exe
{49697EC1-8C04-4D56-BEBD-F6F0A39DD1E2}.exe
{89886DA3-140E-4ACF-B953-212CC73F5423}.exe
{34C5592E-BAF9-4F41-9290-C71ED9BFF9F9}.exe
{339C921C-6717-4820-B149-221753C7E858}.exe
{5D206ABA-0CC0-4FB4-8498-1ED56EBBE228}.exe
{0B3E7935-5DC3-4A8A-B0A2-5FCA013F75D7}.exe
{D2984EF9-141D-4414-B4F9-A5091E8C27B0}.exe
{567967D2-EF2F-4564-9266-8FDA029E3420}.exe
{28413CB1-F503-44AA-B9BB-E8CEAF3898B5}.exe
{62979C37-3B10-4223-BEE3-589C8DAC12FC}.exe
{52F10444-264E-4796-A337-D76CFFB17CAB}.exe
{FB410323-2A79-4D74-8430-CD7ED811966F}.exe
{246F647C-E4D0-4526-8C29-A0AE97E1F843}.exe
{151C464F-4B18-4DE9-AD80-B97BC9B2B4F7}.exe
{A703EBC4-CD20-4B71-ACB5-5A528DCA9A04}.exe
{7377AF49-7155-4DEF-B8DC-490EB78BA997}.exe
{8657C196-F5D6-4A4B-96E9-A657D7FA297D}.exe
{2831CE67-25AA-448B-A0F0-BD8753A4A45C}.exe
{B5115184-E733-4957-B945-0B00500F4760}.exe
{BEC5BC38-6695-4D68-9E58-A33B97F033F8}.exe
{C95F8264-5220-4181-B1AF-ED478D3EFB33}.exe
{0BB4AE59-E765-4FDF-BE51-384AD57FDBBE}.exe
{E132CFD1-E87F-4552-BF2A-C0630BF6CCFA}.exe
{481C1E32-3603-45F9-9E2F-97BC7251B843}.exe
{58A2C21F-CC1F-41B7-825C-77B78FB4670B}.exe
{20164283-7976-4A23-B510-835765A226CD}.exe
{C490150A-A0E8-4D7F-8B4C-65D05AAE97E1}.exe
{08C0D05C-D59C-4021-9A99-381F37EB7525}.exe
{0B1598C3-2645-4591-8C41-281BF6561315}.exe
{B4DB894B-A251-44D4-B1ED-EF52C21D6BCE}.exe
{B0E4F1F9-2D55-46F1-8773-35FE0DC7E436}.exe
{76950D6F-8EEA-432D-BF75-0EF22F68D166}.exe
{3EC9CD80-B7BC-4E25-B1EE-FE9133428E7D}.exe
{DF5154F5-972E-4E52-9CBC-B344BEAA6944}.exe
{6E0BFAD4-B6F2-446A-9C7A-F009F39D7B0E}.exe
{868FC325-2D13-4C0C-AADF-512C34E67ABC}.exe
{EB72ABEA-7A91-42E6-B6DC-CEA1A833B58B}.exe
{A09F4760-2455-46A5-ADC7-89C2A662ECDA}.exe
{BD7614EA-5BDE-4921-838E-06BF19D27941}.exe
{FC0D1CC4-D868-4CC2-8695-7B721AA686F3}.exe
{F0E1FC8A-7376-49AE-9FFF-F8519CFC1FBD}.exe
{53646683-1497-4280-AEB6-A07C23B5974D}.exe
{9D66720D-F2C6-4628-9BF1-2EE8946BE6CD}.exe
{95C3840A-2D80-4231-A860-FF034D4B1937}.exe
{C4193884-279F-4FDF-91DC-586B02F57CD5}.exe
{E1208540-58A9-473A-AD63-2AF60E9BC9F2}.exe
Your antivirus might delete when you get close to them, thats fine.
=========
Is this file present ?
C:\WINDOWS\system32\kdizj.exe
dave9296
2006-07-07, 13:08
Hi Lonny.
Thanks SO much for your help so far. I'm not at home right now, so I can't check if the file "C:\WINDOWS\system32\kdizj.exe" is on my PC, but i will do that as soon as I'm there.
My question however is whether I should/can also delete all of the files in the C:\WINDOWS\system32\ folder?
You mentioned something about my anti-virus program, but i didn't quite understand. Were you saying that Avast will delete those files if I perform a scan?
Thanks again for all your help!!
Dave
LonnyRJones
2006-07-07, 13:19
Hi
Only delete those exact file's, they are all in the system32 folder,(dont delete the folder) when you get close to the files avast might offer to delete some of them for you, if so thats ok, let it.
dave9296
2006-07-07, 22:10
Ok i deleted those files that you mentioned (only 4 of the 5 files were there).
I should also say that yes, the file C:\WINDOWS\system32\kdizj.exe is there. What should I do with that file?
I also scanned the folder C:\WINDOWS\system32\ with Avast, but it didn't do anything about that long list of .exe files. Should I do something to get rid of those files??
Also, there is a file called C:\WINDOWS\system32\csrss.exe
Should I also delete that file?
LonnyRJones
2006-07-08, 08:24
Hi
"Should I do something to get rid of those files??"
well yes manualy delete them yourself, Including
C:\WINDOWS\system32\kdizj.exe and the others i listed in last post
but be carefull, and dont mess with csrss.exe
dave9296
2006-07-08, 12:14
Ok, all of those files have been deleted now.
I've now been online for over an hour and haven't received any more of those messages from Avast about a virus.
I also de-installed Java a few days ago and re-installed the latest version, so hopefully that's all set.
It looks like I'm clean! :bigthumb:
Thanks SO much again for all the help. Is there anything else I should do before I assume that it's all ok?
Cheers!
Dave
LonnyRJones
2006-07-08, 16:45
Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month
To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
You should be good to go provided there are no problems or questions ?
dave9296
2006-07-08, 19:31
thanks. i've followed all of your instructions and seem to be all set now.
much appreciated!!
dave
LonnyRJones
2006-07-11, 12:28
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).