Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » hijackthis log

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

hijackthis log

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 11-09-2005, 11:14 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 5
DesignLov3 Is a beginner here at D-A-L
Exclamation hijackthis log
please help whenever i try to use anyprograam that requeires conection such as programs like: AIM, Bearshare, MSN, xFire my comp freezes or goes super super slow, on system start up i get Runner Error "Runner file name (Compaq Connections.exe) lacks a '-' (the app id sperator)" Anyways heres log:

Logfile of HijackThis v1.99.1
Scan saved at 6:17:02 PM, on 9/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe



thank you very much for help
Last edited by DesignLov3; 11-09-2005 at 11:17 PM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 12-09-2005, 01:02 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: hijackthis log
Hi and welcome,

As for your Compaq error... click Start/Run/type in msconfig and press enter and uncheck Compaq Connections, click apply then ok and reboot.

See if that stops that error.


Lets see what some virus scans can uncover and we will go from there.

Get the stinger here:
http://vil.nai.com/vil/stinger/

Download it to another computer if need be, and bring it to the affected computer on floppy disk.

It will kill the top 53 virus files if any are found there

then,

Internet Explorer required
Run these two online virus scanners (Panda Activescan) following these instructions below:
http://www.pandasoftware.com/product..._principal.htm


Internet Explorer required
Also this excellent(BitDefender) scanner:http://www.bitdefender.com/scan8/ie.html

[B]If you have Firefox BitDefender will not work on Firefox neither will Panda either so switch to IE to do these scans please


These scans will take more than an hour to complete, so make sure you have time to let them run thru. Save the Panda scan log and the BitDefender log and post them back here please with a new Hijackthis log.

Thanks.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 13-09-2005, 01:43 AM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 5
DesignLov3 Is a beginner here at D-A-L
Re: hijackthis log
ok i did as you said, and for the stinger, am i supposed to set it to repair or delete, because set it to repair, anyways here is the new logfiles:


Here is the Active Scan Logfile:

Incident Status Location

Adware:adware/savenow No disinfected Windows Registry


here is the location of the BitDefender Log: http://www.freewebs.com/macbattery/BitDefender.html


here is the hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 8:42:13 PM, on 9/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Last edited by DesignLov3; 13-09-2005 at 02:16 AM.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 13-09-2005, 09:02 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 5
DesignLov3 Is a beginner here at D-A-L
Re: hijackthis log
Now what do i do?
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 13-09-2005, 10:25 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: hijackthis log
Ok since BitDefender found some trojans let's go ahead and do a trojan scan and see if there are more hideing in the bushes.


Please download, install, update and scan your system with the free version of Ewido trojan scanner: www.ewido.net/en/download/

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

3. From the main ewido screen, click on UPDATE in the left menu, then click the Start update button.

4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run.


5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread, along with a new HijackThis log.


Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal.


Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 18-09-2005, 03:48 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 5
DesignLov3 Is a beginner here at D-A-L
Re: hijackthis log
still no improvement, stil having the problems, but Here is the logs:

Logfile of HijackThis v1.99.1
Scan saved at 10:46:46 AM, on 9/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BearShare\BearShare.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dl l
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 18-09-2005, 03:49 PM
Newbie
D-A-L Newbie
  
Join Date: Sep 2005
Posts: 5
DesignLov3 Is a beginner here at D-A-L
Re: hijackthis log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:59:22 PM, 9/13/2005
+ Report-Checksum: F5D33734

+ Scan result:

:mozilla.34:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Estat : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Adition : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b3oakxlt.default\coo kies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 18-09-2005, 09:14 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: hijackthis log
Read this about file shareing, you said you had BearShare:

http://www.spywareinfo.com/articles/p2p/#limewire

Is the problem your still having the :
Runner Error "Runner file name (Compaq Connections.exe) lacks a '-' (the app id sperator)"

If you unchecked like suggested in my post above in msconfig, and it is still happening then I am at a loss cause that normally fixes that problem, maybe you should call compaq tech support and see what they say.

Go into add/remove programa and remove BearShare if found

Make sure you can see hidden files/folders
In Windows XP
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
After you're cleaned, please "rehide" them again.

Scan with HJT again and put a check next to these items, making sure all browser windows are closed includeing this one so print this or create a new text document on desktop by right clicking an open area select new text document and save it to what ever you like. Now put a check next to these:

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE



Again make sure all browser windows are closed and click FIX


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Now navigate to these file(s) thru WINDOWS EXPLORER and delete them please:

ALCXMNTR.EXE


It is recommended that you do a couple of things after a serious infection.

Just to be sure.


Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files
Click OK or Enter

Make sure you are set to normal startup. Click Start -> Run -> Type Msconfig -> Press Enter -> make sure Startup is set to Normal Start


Post a new HJT log for further review
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HijackThis log, PLEASE MAY YOU HELP ME! nancyreb Spyware, Adware, Viruses and HijackThis Logs 1 21-04-2006 12:03 AM
HiJackThis Log (obviously;) Jaywhatever2 Spyware, Adware, Viruses and HijackThis Logs 9 23-11-2005 11:35 AM
hijackthis log. greyishue Spyware, Adware, Viruses and HijackThis Logs 17 20-10-2005 07:09 PM
hijackthis log dwfriedrich Spyware, Adware, Viruses and HijackThis Logs 7 24-09-2005 09:49 PM
HiJackThis Log doctom Spyware, Adware, Viruses and HijackThis Logs 8 14-09-2005 09:11 PM


All times are GMT +1. The time now is 08:41 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav