Results 1 to 9 of 9

Thread: Vcodec removal

  1. 2006-03-29, 04:21 #1
    robjng
    robjng is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Default Vcodec removal

    Hey guys,

    My computer is infected with a vcodec virus or whatever. I'm not really that technical with computers. I just know the basics. can some one explain to me how to remove this VCODEC? thanks!
  2. 2006-03-29, 11:12 #2
    robjng
    robjng is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Default hijack this log

    Hey, this is my hijackthis log. HELP PLEASE!!!

    THANKS

    Logfile of HijackThis v1.99.1
    Scan saved at 1:11:39 AM, on 3/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\mssearchnet.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Rob\Desktop\HijackThis.exe

    O2 - BHO: (no name) - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  3. 2006-03-29, 13:12 #3
    robjng
    robjng is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Default

    By the way, I ran spybot and it cured some infections found. but they reappear after i use IE. and i haven't opened IE since i "cured" these infections, but once i open IE again, it reinstalls all the infections.
  4. 2006-03-29, 21:40 #4
    robjng
    robjng is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Default Logs

    I followed the instructions to get rid of spyware quake in an admin post. Can someone check these logs now to see if i did it correctly and if there are any traces left in my computer.


    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Wed 03/29/2006
    The current time is: 9:56:05.04

    Running from
    C:\Documents and Settings\Rob\Desktop\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~

    ncompat.tlb
    nvctrl.exe
    hp***.tmp


    ~~~ Icons in System32 ~~~

    ot.ico


    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~


    ~~~ Wininet.dll ~~~

    CLEAN!

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 11:11:05 AM, 3/29/2006
    + Report-Checksum: 4323BCD0

    + Scan result:

    HKLM\SOFTWARE\sr -> Adware.CoolWebSearch : Cleaned with backup
    HKU\S-1-5-21-1390067357-688789844-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xki4of7w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xki4of7w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xki4of7w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.53:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xki4of7w.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.61:C:\Documents and Settings\Rob\Application Data\Mozilla\Firefox\Profiles\xki4of7w.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Rob\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-75566655-42a5c03b.zip/Beyond.class -> Downloader.OpenConnection.v : Cleaned with backup
    C:\Documents and Settings\Rob\Desktop\backups\backup-20060328-131143-306.dll -> Downloader.Zlob.jp : Cleaned with backup
    C:\Documents and Settings\Rob\Desktop\backups\backup-20060328-131254-829.dll -> Downloader.Zlob.jp : Cleaned with backup
    C:\Documents and Settings\Rob\Desktop\backups\backup-20060328-131744-277.dll -> Downloader.Zlob.jp : Cleaned with backup
    C:\Program Files\Common Files\аssembly\wuaclt.exe -> Downloader.PurityScan.w : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned with backup
    C:\WINDOWS\system32\AdService.dll -> Downloader.Small.cml : Cleaned with backup
    C:\WINDOWS\system32\oins.exe -> Downloader.PurityScan.bt : Cleaned with backup
    C:\WINDOWS\system32\winymy32.dll -> Downloader.Small.cml : Cleaned with backup
    C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned with backup


    ::Report End
  5. 2006-03-29, 21:41 #5
    robjng
    robjng is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Default

    --- Search result list ---
    Windows.ActiveDesktop: User settings (Registry change, fixed)
    HKEY_USERS\S-1-5-21-1390067357-688789844-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoHTMLWallPaper!=W=1


    --- Spybot - Search && Destroy version: 1.3 ---
    2006-03-24 Includes\Cookies.sbi
    2006-03-24 Includes\Dialer.sbi
    2006-03-24 Includes\Hijackers.sbi
    2006-03-24 Includes\Keyloggers.sbi
    2004-11-29 Includes\LSP.sbi
    2006-03-24 Includes\Malware.sbi
    2006-03-24 Includes\PUPS.sbi
    2006-03-24 Includes\Revision.sbi
    2006-03-24 Includes\Security.sbi
    2006-03-24 Includes\Spybots.sbi
    2005-02-17 Includes\Tracks.uti
    2006-03-24 Includes\Trojans.sbi


    --- System information ---
    Windows XP (Build: 2600) Service Pack 2
    / Internet Explorer 6 / SP0: Windows XP Hotfix - KB834707
    / Windows XP / SP2: Windows XP Service Pack 2
    / Windows XP / SP3: Windows XP Hotfix - KB834707
    / Windows XP / SP3: Windows XP Hotfix - KB867282
    / Windows XP / SP3: Windows XP Hotfix - KB873333
    / Windows XP / SP3: Windows XP Hotfix - KB873339
    / Windows XP / SP3: Security Update for Windows XP (KB883939)
    / Windows XP / SP3: Windows XP Hotfix - KB885250
    / Windows XP / SP3: Windows XP Hotfix - KB885835
    / Windows XP / SP3: Windows XP Hotfix - KB885836
    / Windows XP / SP3: Windows XP Hotfix - KB886185
    / Windows XP / SP3: Windows XP Hotfix - KB887472
    / Windows XP / SP3: Windows XP Hotfix - KB887742
    / Windows XP / SP3: Windows XP Hotfix - KB888113
    / Windows XP / SP3: Windows XP Hotfix - KB888302
    / Windows XP / SP3: Security Update for Windows XP (KB890046)
    / Windows XP / SP3: Windows XP Hotfix - KB890047
    / Windows XP / SP3: Windows XP Hotfix - KB890175
    / Windows XP / SP3: Windows XP Hotfix - KB890859
    / Windows XP / SP3: Windows XP Hotfix - KB891781
    / Windows XP / SP3: Security Update for Windows XP (KB893066)
    / Windows XP / SP3: Windows XP Hotfix - KB893086
    / Windows XP / SP3: Windows Installer 3.1 (KB893803)
    / Windows XP / SP3: Security Update for Windows XP (KB896358)
    / Windows XP / SP3: Security Update for Windows XP (KB896422)
    / Windows XP / SP3: Security Update for Windows XP (KB896428)
    / Windows XP / SP3: Update for Windows XP (KB898461)
    / Windows XP / SP3: Security Update for Windows XP (KB901214)
    / Windows XP / SP3: Security Update for Windows XP (KB903235)


    --- Startup entries list ---
    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 278528
    MD5: 8778072a594e1310c0b7d0a93771e8bd

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    file: C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe
    size: 155648
    MD5: c74c7963eec07af49dce44d64819b2bf

    Located: HK_LM:Run, SunJavaUpdateSched
    command: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    file: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    size: 36975
    MD5: 61a3a9d5d98bf0331df5b716144a8100

    Located: Startup (common), Adobe Reader Speed Launch.lnk
    command: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    file: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    size: 29696
    MD5: 43362b96870ce8649f4f2ec893da93f0

    Located: Startup (common), Microsoft Office.lnk
    command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
    file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
    size: 65588
    MD5: 1a80248ec5d290a391ce27326dd13e29



    --- Browser helper object list ---


    --- ActiveX list ---
    {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class)
    DPF name:
    CLSID name: Checkers Class
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: msgrchkr.dll
    Short name:
    Date (created): 5/29/2003 3:00:18 PM
    Date (last access): 3/29/2006 10:01:16 AM
    Date (last write): 5/29/2003 3:00:18 PM
    Filesize: 77408
    Attributes: archive
    MD5: 42D567DF86B9B7AC4A89664C9651B68B
    CRC32: 47FF3D19
    Version: 0.7.0.1

    {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control)
    DPF name:
    CLSID name: YazzleActiveX Control
    Path: C:\WINDOWS\DOWNLO~1\
    Long name: YazzleActiveX.ocx
    Short name: YAZZLE~1.OCX
    Date (created): 3/7/2006 10:24:16 AM
    Date (last access): 3/29/2006 10:34:16 AM
    Date (last write): 3/7/2006 10:24:16 AM
    Filesize: 245760
    Attributes: archive
    MD5: 96A46AA84B9EACDCE09188785D397CD1
    CRC32: A3BC6E08
    Version: 0.1.0.0

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 11/10/2005 1:03:56 PM
    Date (last access): 3/29/2006 10:34:16 AM
    Date (last write): 11/10/2005 1:22:10 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 0.5.0.0

    {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
    DPF name:
    CLSID name: MessengerStatsClient Class
    Path: C:\WINDOWS\Downloaded Program Files\
    Long name: messengerstatsclient.dll
    Short name: MESSEN~1.DLL
    Date (created): 5/29/2003 3:00:20 PM
    Date (last access): 3/29/2006 10:01:16 AM
    Date (last write): 5/29/2003 3:00:20 PM
    Filesize: 160864
    Attributes: archive
    MD5: B069B555A00AA026F657AA4FD13AE154
    CRC32: 89BB01E1
    Version: 0.7.0.1

    {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2)
    DPF name: Java Runtime Environment 1.4.2
    CLSID name: Java Plug-in 1.4.2_06
    Path: C:\Program Files\Java\j2re1.4.2_06\bin\
    Long name: NPJPI142_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 9/28/2004 8:26:10 PM
    Date (last access): 3/29/2006 10:34:16 AM
    Date (last write): 9/28/2004 8:26:00 PM
    Filesize: 65650
    Attributes: archive
    MD5: 69E5147BA901A9238C4EB08C84E1A85B
    CRC32: 6CB34BCC
    Version: 0.1.0.4

    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 11/10/2005 1:03:56 PM
    Date (last access): 3/29/2006 10:34:16 AM
    Date (last write): 11/10/2005 1:22:10 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 0.5.0.0

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
    DPF name: Java Runtime Environment 1.5.0
    CLSID name: Java Plug-in 1.5.0_06
    Path: C:\Program Files\Java\jre1.5.0_06\bin\
    Long name: NPJPI150_06.dll
    Short name: NPJPI1~1.DLL
    Date (created): 11/10/2005 1:03:56 PM
    Date (last access): 3/29/2006 10:34:16 AM
    Date (last write): 11/10/2005 1:22:10 PM
    Filesize: 69746
    Attributes: archive
    MD5: D2CF6BB5E9020E6707B62575F8083954
    CRC32: 7F39DC54
    Version: 0.5.0.0

    {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
    DPF name:
    CLSID name: Shockwave Flash Object
    description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename:
    info link:
    info source: Patrick M. Kolla
    Path: C:\WINDOWS\system32\Macromed\Flash\
    Long name: Flash.ocx
    Short name:
    Date (created): 7/17/2004 10:41:30 AM
    Date (last access): 3/29/2006 9:39:08 AM
    Date (last write): 6/9/2004 2:59:26 PM
    Filesize: 939224
    Attributes: archive
    MD5: FC3E17E12C2E31FAC34B416B3DAB829F
    CRC32: D1CF3A57
    Version: 0.7.0.0



    --- Process list ---
    Spybot - Search && Destroy process list report, 3/29/2006 10:35:11 AM

    PID: 0 ( 0) [System]
    PID: 4 ( 0) System
    PID: 364 ( 4) \SystemRoot\System32\smss.exe
    PID: 420 ( 364) csrss.exe
    PID: 444 ( 364) \??\C:\WINDOWS\system32\winlogon.exe
    PID: 488 ( 444) C:\WINDOWS\system32\services.exe
    PID: 500 ( 444) C:\WINDOWS\system32\lsass.exe
    PID: 652 ( 488) C:\WINDOWS\system32\svchost.exe
    PID: 720 ( 488) svchost.exe
    PID: 852 ( 488) C:\WINDOWS\System32\svchost.exe
    PID: 868 ( 488) svchost.exe
    PID: 956 ( 488) svchost.exe
    PID: 1204 (1184) C:\WINDOWS\Explorer.EXE
    PID: 1920 (1204) C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    PID: 1952 (1204) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe


    --- Browser start & search pages list ---
    Spybot - Search && Destroy browser pages report, 3/29/2006 10:35:11 AM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
    http://search.msn.com/spbasic.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    about:blank
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.google.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://www.google.com
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 4: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\rsvpsp.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D29E644-11C8-4028-9037-6DFDDF3BAE78}] SEQPACKET 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8D29E644-11C8-4028-9037-6DFDDF3BAE78}] DATAGRAM 5
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A31B3E6-4F4C-40FA-A39F-725FCF7D0822}] SEQPACKET 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A31B3E6-4F4C-40FA-A39F-725FCF7D0822}] DATAGRAM 1
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9696C279-0D07-42A3-8D70-2230EE35CBF9}] SEQPACKET 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9696C279-0D07-42A3-8D70-2230EE35CBF9}] DATAGRAM 0
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EAA61CD-96C4-41A1-87E6-E9AC549EB54D}] SEQPACKET 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1EAA61CD-96C4-41A1-87E6-E9AC549EB54D}] DATAGRAM 4
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{403A70CD-F120-4080-97CF-F0ED8624F1F7}] SEQPACKET 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{403A70CD-F120-4080-97CF-F0ED8624F1F7}] DATAGRAM 6
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A085BC00-3C10-4257-A4C5-7D8DEF7A3CD1}] SEQPACKET 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A085BC00-3C10-4257-A4C5-7D8DEF7A3CD1}] DATAGRAM 2
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D44876D2-C090-446F-ABFE-06C837FD8253}] SEQPACKET 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D44876D2-C090-446F-ABFE-06C837FD8253}] DATAGRAM 3
    GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP NetBios protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD NetBIOS *

    Namespace Provider 0: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 1: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 2: Network Location Awareness (NLA) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename: %SystemRoot%\System32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace
  6. 2006-03-29, 21:42 #6
    robjng
    robjng is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 11:33:40 AM, on 3/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Spyware Doctor\sdhelp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Rob\Desktop\HijackThis.exe

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
  7. 2006-03-29, 21:42 #7
    robjng
    robjng is offline
    Junior Member
    Join Date
    Mar 2006
    Posts
    7

    Default

    Are these logs ok??
  8. 2006-04-02, 15:28 #8
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi robjng

    In windows addremove programs uninstall SpyBot 1.3 then Restart the PC, and delete SpyBots folder in program files,
    usualy > C:\Program Files\Spybot - Search & Destroy
    Then download and install 1.4 once thats done, check for updates, then check for problems, fix everything found, always reboot if SpyBots needs to, to finish the cleanup.
    http://www.safer-networking.org/index.php?page=tutorial
    Download found here
    http://www.safer-networking.org/en/download/index.html

    Why dont we see a antivirus program in your logs ?
  9. 2006-04-07, 18:29 #9
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,965

    Default

    Due to lack of a response this topic will be archived.
    If you need it re-opened please send me a pm and provide a link to the thread.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules