I got a virus through a messenger program, it caused a massive amount of pop-ups, and messages at start-up. I was able to clean most of it up, and get rid of the messages at start-up, but a few of the pop-ups still persist. I use Mozilla as my main browser, but a few show up in Internet Explore as well. Any help on fully removing these would help, and any other problem area.
Logfile of HijackThis v1.99.1
Scan saved at 11:52:11 PM, on 10/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\PhatNoise Media Manager\PNAgent.exe
C:\DOCUME~1\default\LOCALS~1\Temp\22691\gm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\system32\uipnr.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,fdwrduy.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe
O4 - HKLM\..\Run: [ms] C:\DOCUME~1\default\LOCALS~1\Temp\22691\gm.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152303970296
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
steamwiz
2006-10-22, 19:12
HI
Please follow the instructions in this link to remove the Alcan Worm from your computer :-
http://www.geekstogo.com/forum/How_to_stop_and_undo_the_effects_of_the_Alcra_aka_Alcan_Worm-t98929.html
THEN...
Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.
1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.
Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Do not proceed with the rest of the fix if you fail to run combofix
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
steam
I let both programs (Brute Force Uninstaller and Combofix) do their jobs, and here is what I came up with.
First is the Combofix log-
default - Sun 10/22/2006 14:39:25.54 Service Pack 4
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\default\Desktop"
((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))
* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *
O4 - HKCU\...\Run C:\WINNT\system32\eyyjsp.exe
O4 - HKLM\...\Run C:\WINNT\system32\eyyjsp.exe
F2 -REG:system.ini: Shell C:\WINNT\system32\uipnr.exe
* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *
C:\WINNT\system32\eyyjsp.exe
C:\WINNT\system32\kgykjxk.dll
C:\WINNT\system32\fdwrduy.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\wglky.exe
C:\WINNT\dtgqj.dll
C:\WINNT\system32\kvnne.dat
C:\WINNT\system32\uipnr.exe
* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *
06-10-21 21:20 127488 eyyjsp.exe.qoo
06-10-21 20:11 127488 wglky.exe.qoo
06-10-22 13:34 51712 kgykjxk.dll.qoo
06-10-22 11:10 28672 uipnr.exe.qoo
06-10-21 20:11 52 eeqooo.dat.qoo
DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\{3B773060-0774-1033-0421-040327030001}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINNT\MBOLS~1
C:\QooBox\Purity\WINNT\MBOLS~1\??mbols
C:\QooBox\Purity\WINNT\MBOLS~1\??mbols\dohinst-103.0000
((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))
2006-10-22 11:07 9,216 --a------ C:\WINNT\system32\drivers\pxscinst.dll
2006-10-22 11:07 7,296 --a------ C:\WINNT\system32\drivers\pxcom.sys
2006-10-22 11:07 6,656 --a------ C:\WINNT\system32\drivers\pxinst.dll
2006-10-22 11:07 264,832 --a------ C:\WINNT\system32\drivers\pxfsf.sys
2006-10-22 11:07 18,304 --a------ C:\WINNT\system32\drivers\pxtdi.sys
2006-10-22 11:07 13,568 --a------ C:\WINNT\system32\drivers\pxrd.sys
2006-10-22 11:07 101,376 --a------ C:\WINNT\system32\drivers\PxEmu.sys
2006-10-21 23:23 167,936 --a------ C:\WINNT\system32\SpoonUninstall.exe
2006-10-21 22:07 40,960 --a------ C:\Look2Me-Destroyer.exe
2006-10-21 20:37 11,520 --a------ C:\WINNT\system32\drivers\pxscrmbl.sys
2006-10-21 20:13 2 --a------ C:\WINNT\system32\wnscptr.exe
2006-10-21 20:13 126,976 --a------ C:\WINNT\system32\bfnedqlh.dll
2006-10-21 20:12 918 --a------ C:\WINNT\system32\winpfg32.sys
2006-10-21 20:11 505 --a------ C:\WINNT\dtgqj.dll
2006-10-21 20:11 349,696 --a------ C:\921_135b.exe
2006-10-21 20:11 183,478 --a------ C:\WINNT\srvitiynjg.exe
2006-10-21 20:11 1,259 --a------ C:\WINNT\system32\hfj2dfc3.sys
2006-10-21 20:10 32,768 --a------ C:\DXC9.exe
2006-10-21 20:10 28,672 --a------ C:\WINNT\system32drei.exe
2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\lkyaekrrr.exe
2006-10-21 20:10 28,672 --a------ C:\WINNT\system32\drei.exe
2006-10-21 20:10 24,576 --a------ C:\WINNT\system32vypqj.exe
2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\vypqj.exe
2006-10-21 20:10 24,576 --a------ C:\WINNT\system32\pi2pl.exe
2006-10-21 20:10 200,704 --a------ C:\WINNT\system32\lqe2z.dll
2006-10-21 20:10 160,256 --a------ C:\WINNT\system32\aybry.dll
2006-10-21 20:10 10,479 --a------ C:\rorjxk.exe
2006-10-21 20:10 1,465 --a------ C:\ilchoy.exe
2006-10-21 20:10 0 --a------ C:\WINNT\system32uaw5wah6a.exe
2006-10-21 20:09 76,800 --a------ C:\nckige.exe
2006-10-21 20:09 75,776 --a------ C:\avoxqu.exe
2006-10-21 20:09 45,056 --a------ C:\w77uxb8v9.exe
2006-10-21 20:09 10,752 --a------ C:\WINNT\system32\MZU_DRV.sys
2006-10-14 19:34 45,056 --a------ C:\WINNT\system32\WNASPI32.DLL
2006-10-14 19:34 16,877 --a------ C:\WINNT\system32\drivers\ASPI32.SYS
2006-10-14 18:55 82,432 --a------ C:\WINNT\system32\drmstor.dll
2006-10-14 18:55 737,280 --a------ C:\WINNT\iun6002.exe
2006-10-14 18:55 301,712 --a------ C:\WINNT\system32\drmclien.dll
2006-10-12 17:42 243,472 --a------ C:\WINNT\scout.exe
2006-09-22 08:38 53,248 --a------ C:\WINNT\109uninst.exe
2006-09-22 08:36 53,248 --a------ C:\WINNT\uni_7eh.exe
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-10-22 14:41 -------- d-------- C:\Program Files\Prevx1
2006-10-22 14:39 -------- d-a------ C:\Program Files\Common Files
2006-10-22 13:46 -------- d-------- C:\Program Files\PSDream
2006-10-22 11:07 -------- d-------- C:\Documents and Settings\default\Application Data\Prevx
2006-10-21 21:27 -------- d-------- C:\Program Files\Mozilla Thunderbird
2006-10-21 21:14 -------- d-------- C:\Program Files\Common Files\uiwr
2006-10-21 21:04 -------- d-------- C:\Documents and Settings\default\Application Data\Lavasoft
2006-10-14 19:34 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
2006-10-14 19:34 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-10-14 18:55 -------- d-------- C:\Program Files\Windows Media Player
2006-10-09 18:02 -------- d---s---- C:\Documents and Settings\default\Application Data\Microsoft
2006-09-12 05:48 1713536 --a------ C:\WINNT\system32\NTKRNLPA.EXE
2006-09-12 05:48 1690880 --a------ C:\WINNT\system32\NTOSKRNL.EXE
2006-09-05 22:58 1110528 --a------ C:\WINNT\system32\msxml3.dll
2006-08-30 20:31 8413 --a------ C:\WINNT\system32\drivers\mcstrm.sys
2006-08-29 21:41 -------- d-------- C:\Documents and Settings\default\Application Data\River Past G2
2006-08-29 21:33 -------- d-------- C:\Documents and Settings\default\Application Data\Real
2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\xing shared
2006-08-29 21:31 -------- d-------- C:\Program Files\Common Files\Real
2006-08-28 05:03 529680 --a------ C:\WINNT\system32\comctl32.dll
2006-08-25 22:56 -------- d-------- C:\Program Files\Opera
2006-08-25 22:56 -------- d-------- C:\Documents and Settings\default\Application Data\Opera
2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft.NET
2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft Office
2006-08-23 21:03 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\System
2006-08-23 21:03 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-08-22 12:48 136912 --------- C:\WINNT\system32\drivers\fltmgr.sys
2006-08-07 09:17 61440 --a------ C:\WINNT\system32\BattyRun2.dll
2006-08-04 09:37 73728 --a------ C:\WINNT\system32\dpl100.dll
2006-08-04 09:37 196608 --a------ C:\WINNT\system32\dtu100.dll
2006-07-26 20:05 3596288 --a------ C:\WINNT\system32\qt-dx331.dll
2006-07-26 20:05 109568 --------- C:\WINNT\system32\pxinsi64.exe
2006-07-26 20:05 108544 --------- C:\WINNT\system32\pxcpyi64.exe
2006-07-24 23:08 840976 --a------ C:\WINNT\system32\mmcndmgr.dll
2006-07-06 22:50 271 ---h----- C:\Program Files\desktop.ini
2006-07-06 22:50 21952 ---h----- C:\Program Files\folder.htt
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"_mzu_stonedrv8"="c:\\winnt\\system32\\_mzu_stonedrv8.exe"
"Hand"="\"C:\\WINNT\\MBOLS~1\\spool32.exe\" -vt yazb"
"uiwr"="C:\\PROGRA~1\\COMMON~1\\uiwr\\uiwrm.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Synchronization Manager"="mobsync.exe /logon"
"TI WLAN"="C:\\Program Files\\Wirelwss LAN Utility\\TIWLANCu.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINNT\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINNT\\system32\\NvMcTray.dll,NvTaskbarInit"
"EnvyHFCPL"="C:\\Program Files\\Turtle Beach Catalina\\EnMixCPL.exe"
"Gnetmous"="C:\\Program Files\\COMPAQ\\Scroll Mouse\\gnetmous.exe"
"projselector"="\"C:\\Program Files\\Common Files\\Roxio Shared\\Project Selector\\projselector.exe\" -r"
"RoxioEngineUtility"="\"C:\\Program Files\\Common Files\\Roxio Shared\\System\\EngUtil.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
"SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\common\\swtrayv4.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"PNAgent"="\"E:\\Program Files\\PhatNoise Media Manager\\PNAgent.exe\""
"ntdll.dll"="\"E:\\program files\\quicktime\\qttask.exe\" -atboottime"
"ms05691299766"="C:\\WINNT\\ms05691299766.exe"
"PrevxOne"="\"C:\\Program Files\\Prevx1\\PXConsole.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,e4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,c0
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"DCOM Server 2236"="{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"
"mwvjYaBCBcRn"="{3B773061-91DD-9ACB-B7FC-719267519B02}"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Completion time: Sun 2006-10-22 14:41:39.92
C:\ComboFix.txt ... 06-10-22 14:41
Second, a new HiJackThis log-
Logfile of HijackThis v1.99.1
Scan saved at 2:46:13 PM, on 10/22/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\PhatNoise Media Manager\PNAgent.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152303970296
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
Thanks much for your help!
steamwiz
2006-10-23, 22:31
Hi
You are not helping by installing new programs whilst we are trying to clean your computer...
Your log looks much better, but there is still more to do....
Disconnect from the internet Close ALL browser windows (including this one) - run hijackthis and tick to fix (check the box next to) the list below.........when all are ticked (checked) click the Fix Checked button at the bottom. :-
O4 - HKLM\..\Run: [ntdll.dll] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ms05691299766] C:\WINNT\ms05691299766.exe
O4 - HKCU\..\Run: [_mzu_stonedrv8] c:\winnt\system32\_mzu_stonedrv8.exe
O4 - HKCU\..\Run: [Hand] "C:\WINNT\MBOLS~1\spool32.exe" -vt yazb
O4 - HKCU\..\Run: [uiwr] C:\PROGRA~1\COMMON~1\uiwr\uiwrm.exe
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - (no file)
O21 - SSODL: mwvjYaBCBcRn - {3B773061-91DD-9ACB-B7FC-719267519B02} - C:\WINNT\system32\hy.dll (file missing)
Reboot...
Please download Panda ActiveScan :-
http://www.pandasoftware.com/products/activescan.htm
1. click the Scan your PC button
2. A new window will open...click the Check Now button
3. Enter your Country
4. Enter your State/Province
5. Enter your e-mail address and click send
6. Select either Home User or Company
7. Click the big Scan Now button
8. If it wants to install an ActiveX component allow it to...
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
9. When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected...
10. click the See Report button,
11. then Save Report and save it to a convenient location.
Post the ActiveScan report...
& a new hijackthis log...
steam
Done, and done! Sorry for the delay, been away from home the last week.
Logfile of HijackThis v1.99.1
Scan saved at 3:23:32 PM, on 10/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\PhatNoise Media Manager\PNAgent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Media Center\Media Jukebox.exe
D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152303970296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
steamwiz
2006-10-30, 18:51
Download and install the 30 day trial of Ewido Anti-Spyware from HERE :-
Ewido is now called - AVG Anti-Spyware 7.5
http://www.ewido.net/en/download/
1. Download it to your desktop
2. Doubleclick the ewido icon to start the ewido setup process...
3. update the definition files....
Click the Update icon then select the Update now link...
Select the Start Update button, the update will start and a progress bar will show the updates being installed.
4. select the Scanner icon at the top of the screen, then select the Settings tab
click on Recommended actions and then select Quarantine
5. Under Reports...
Select Automatically generate report after every scan
Un-Select Only if threats were found
6. Close Ewido > Do not run the scan yet.
Boot your computer into Safemode
1. Go to Start> Shut Off your Computer> Restart
2. As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly, this will bring up a menu.
3. Use the Up and Down Arrow Keys to scroll up to SAFEMODE
4. Then press the Enter on your Keyboard
IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process
1. Launch Ewido-Anti-Spyware by double-clicking the icon on your desktop.
2. Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
3. Ewido will now begin the scanning process, be patient this may take a little time.
4. Once the scan is complete do the following:
5. If you have any infections you will prompted, then select Apply all actions
6. Next select the Reports icon at the top.
7. Select the Save report as button in the lower left hand of the screen and save it to a text file on your system
8. make sure to remember where you saved that file, this is important
9. Close Ewido
10. Copy & paste the ewido report in your next post
steam
Done, and here is the report.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 9:23:10 PM 10/30/2006
+ Scan result:
C:\WINNT\system32\BattyRun2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\Program Files\PSDream\PSDream.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\bfnedqlh_dll.vir -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINNT\system32\bfnedqlh.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\DXC9.exe -> Adware.SurfSide : Cleaned with backup (quarantined).
D:\My Documents\Downloads\18wosHaulin\18WheelsHaulin-dm.exe -> Adware.Trymedia : Cleaned with backup (quarantined).
D:\My Documents\Line Rider\photo656.pif -> Backdoor.MSNMaker.w : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mozilla.org\GRE\1.7.2_2004080302\drv.exe -> Downloader.Adload.hd : Cleaned with backup (quarantined).
C:\w77uxb8v9.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Y1324OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
C:\QooBox\eyyjsp.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\kgykjxk.dll.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\wglky.exe.qoo -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\ilchoy.exe -> Downloader.Small.ctf : Cleaned with backup (quarantined).
C:\Program Files\Common Files\uiwr\uiwrd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\avoxqu.exe -> Hijacker.Costrat.e : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J.River Media Center 10.0.173 Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
D:\RECYCLER\S-1-5-21-343818398-287218729-839522115-1000\Dd10\J.River Media Center 10.0.173 Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\Program Files\Media Center\J.River Media Center 10.0.173 Crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\WINNT\system32\MZU_DRV.sys -> Proxy.Small.bo : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.105:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.106:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.107:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.108:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.109:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.112:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.113:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.114:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.115:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.116:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.117:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.118:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.119:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.120:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.121:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.122:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.123:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\default\Cookies\default@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.87:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\default\Cookies\default@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.220:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\default\Cookies\default@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.221:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.222:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.56:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.59:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.60:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.55:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.83:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.85:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.88:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.89:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.235:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.236:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.237:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.238:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.239:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.31:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\default\Cookies\default@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.247:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.72:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.73:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.74:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.75:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.250:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Findwhat : Cleaned.
:mozilla.84:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Linkbuddies : Cleaned.
C:\Documents and Settings\default\Cookies\default@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.61:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.65:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.52:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.53:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.54:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.78:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.79:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.80:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.81:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.82:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\default\Cookies\default@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.217:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.218:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.219:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.184:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.185:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.160:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.161:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.32:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.33:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.34:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.35:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.36:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.37:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.38:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.39:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.68:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.69:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.70:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\default\Cookies\default@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.275:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.136:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.137:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.138:C:\Documents and Settings\default\Application Data\Mozilla\Profiles\default\10ogeslr.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\J. River MEDIA CENTER 10.0.155 .rar/jrmc10110.rar/backupcrack.rar/patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\backupcrack.rar/patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch2.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch3.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch4.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch5.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\backupcrack\patch6.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
D:\My Documents\Downloads\Media Center 10\J. River MEDIA CENTER 10.0.155\jrmc10110\jrmc10110.rar/backupcrack.rar/patch1.exe -> Trojan.Proxcrak.A : Cleaned with backup (quarantined).
C:\WINNT\system32\pi2pl.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\WINNT\system32\vypqj.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\WINNT\system32vypqj.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
C:\nckige.exe -> Trojan.Sinowal.bg : Cleaned with backup (quarantined).
C:\WINNT\109uninst.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINNT\uni_7eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
::Report end
And a new HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 9:30:45 PM, on 10/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\PhatNoise Media Manager\PNAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
C:\WINNT\system32\NOTEPAD.EXE
D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152303970296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
steamwiz
2006-10-31, 19:56
Hi
1. Download and unzip Avenger to your desktop. >
2. Double click the Avenger.exe file
3. Click OK
4. Select Input script manually
5. Click the Magnifying Glass icon
6. Highlight the text in the code box below, & copy and paste it into the View/edit script box
Files to delete:
C:\921_135b.exe
C:\rorjxk.exe
C:\WINNT\ms05691299766.exe
C:\WINNT\dtgqj.dll
C:\WINNT\srvitiynjg.exe
C:\WINNT\ZGVmYXVsdA\t3pAsrpPxE.vbs
c:\winnt\system32\_mzu_stonedrv8.exe
C:\WINNT\system32\SpoonUninstall.exe
C:\WINNT\system32\wnscptr.exe
C:\WINNT\system32\winpfg32.sys
C:\WINNT\system32\hfj2dfc3.sys
C:\WINNT\system32drei.exe
C:\WINNT\system32\lkyaekrrr.exe
C:\WINNT\system32\drei.exe
C:\WINNT\system32\lqe2z.dll
C:\WINNT\system32\aybry.dll
C:\WINNT\system32uaw5wah6a.exe
C:\WINNT\system32\MZU_DRV.sys
Folders to delete:
C:\Program Files\PSDream
C:\Program Files\Common Files\uiwr
7. Click Done
8. Click the Traffic Light icon to start the program.
9. click Yes to execute the script and click Yes when asked to reboot your computer
10. Post the contents of the file C:\Avenger.txt
After the reboot...
find and delete the contents of the C:\WINNT\Temp folder (do NOT delete the folder itself)
run hijackthis & post a new log .....
Let me know if your problem is resolved ?
Dont forget to Post the contents of the file C:\Avenger.txt
steam
Here is the Avenger log-
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mxwcfltw
*******************
Script file located at: \??\C:\WINNT\wkswfspn.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\921_135b.exe deleted successfully.
File C:\rorjxk.exe not found!
Deletion of file C:\rorjxk.exe failed!
Could not process line:
C:\rorjxk.exe
Status: 0xc0000034
File C:\WINNT\ms05691299766.exe not found!
Deletion of file C:\WINNT\ms05691299766.exe failed!
Could not process line:
C:\WINNT\ms05691299766.exe
Status: 0xc0000034
File C:\WINNT\dtgqj.dll deleted successfully.
File C:\WINNT\srvitiynjg.exe deleted successfully.
File C:\WINNT\ZGVmYXVsdA\t3pAsrpPxE.vbs deleted successfully.
File c:\winnt\system32\_mzu_stonedrv8.exe not found!
Deletion of file c:\winnt\system32\_mzu_stonedrv8.exe failed!
Could not process line:
c:\winnt\system32\_mzu_stonedrv8.exe
Status: 0xc0000034
File C:\WINNT\system32\SpoonUninstall.exe deleted successfully.
File C:\WINNT\system32\wnscptr.exe deleted successfully.
File C:\WINNT\system32\winpfg32.sys deleted successfully.
File C:\WINNT\system32\hfj2dfc3.sys deleted successfully.
File C:\WINNT\system32drei.exe deleted successfully.
File C:\WINNT\system32\lkyaekrrr.exe deleted successfully.
File C:\WINNT\system32\drei.exe deleted successfully.
File C:\WINNT\system32\lqe2z.dll deleted successfully.
File C:\WINNT\system32\aybry.dll deleted successfully.
File C:\WINNT\system32uaw5wah6a.exe deleted successfully.
File C:\WINNT\system32\MZU_DRV.sys not found!
Deletion of file C:\WINNT\system32\MZU_DRV.sys failed!
Could not process line:
C:\WINNT\system32\MZU_DRV.sys
Status: 0xc0000034
Folder C:\Program Files\PSDream deleted successfully.
Folder C:\Program Files\Common Files\uiwr deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
My problem seems to be cured, I have not experienced any pop-ups in either Mozilla or Internet Explore. And I must say, thank you very much for your help, I am very grateful!
And a new HJT log-
Logfile of HijackThis v1.99.1
Scan saved at 5:42:20 PM, on 10/31/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
C:\Program Files\AMD\Cool'n'Quiet\gemback.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Program Files\PhatNoise Media Manager\PNAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINNT\system32\wuauclt.exe
E:\Program Files\Media Center\Media Jukebox.exe
C:\Program Files\mozilla.org\Mozilla\mozilla.exe
D:\My Documents\Downloads\Spy Bot\HiJackThis\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.newsguy.com/news.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.eyeseek.com/firstsite.asp?b=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Turtle Beach Catalina\EnMixCPL.exe
O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\Scroll Mouse\gnetmous.exe
O4 - HKLM\..\Run: [projselector] "C:\Program Files\Common Files\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\program files\quicktime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\common\swtrayv4.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PNAgent] "E:\Program Files\PhatNoise Media Manager\PNAgent.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://E:\Program Files\Media Center\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152303970296
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: AMD PowerNow! (tm) Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\Cool'n'Quiet\GemServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: TI Wlan Service (tiwlnsvc) - Unknown owner - C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe