Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Spithas

11 Posts

1359

November 16th, 2006 14:00

System Alert: Trojan-Spy.Win32@mx

i am sorry if this post is duplicate to another one but i couldn't find anything

i get the bubble for the alert on the lower right corner of my screen all the time and when i start up my internet explorer i get the Internet Security site and the popup that asks if i want to download an anti virus
i have scanned with both my antivirus and spyware but they didn't help

here is my hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 17:38:21, on 16/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\QuickTime Alternative\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Xfire\Xfire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\Opera.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/sn4ke99913041/index
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [##$$] C:\WINDOWS\system32\msmsgrs.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Global Startup: Wowhead Client.lnk = C:\Program Files\World of Warcraft\Wowhead_Client.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daniel\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
O18 - Protocol: bw+0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {0CFAC6DD-6091-468B-8430-68943B10C972} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: cussers - {ff170564-36c8-43f7-9100-559e166405cf} - C:\WINDOWS\system32\cfltygd.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

Aciid.Phr34k

19 Posts

November 16th, 2006 15:00

Hey Spithas,
 
 
The first thing you need to get rid of is these ones:
 
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
 
Those are the files that is making the program run that is popping up that little bubble to annoy you.
 
Go into the folder where these files are located and delete them. The other thing is go into msconfig
 
Start-->Run-->msconfig
 
Go to the startup tab.. and make sure that non of these files are loading up at start up restart your computer  and the bubble and the annoying program should be gone.
 

Aciid.Phr34k

DSCE (Dell Certified Systems Expert)

Spyware/Virus Removal Specialist

 

Spithas

11 Posts

November 16th, 2006 15:00

i have already tried the smitfraudfix from some other forums i checked
i started my windows up in safe mode then ran the smitfraudfix.cmd from the folder
i chose 2. Clear as it told me
 
it removed
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismini.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
i no more have the balloon nor the internet explorer startup Internet Security
although my antivirus keeps notifying me with something

Bugbatter

4 Apprentice

 • 

20.5K Posts

November 16th, 2006 15:00

Welcome :)

We are reviewing your log and will reply soon. In the meantime, please go to Add/Remove Programs and remove Logitech Desktop Messenger. That is what is making all those 018 entries in your log.

Logitech-Desktop Messenger is a service designed to deliver software support, news and information. Using the Backweb service it automatically checks for software upgrades AND new products, services and special offerings from Logitech.

We will reply again soon. Thank you for waiting patiently.

zbestwun2001

4 Apprentice

 • 

8.8K Posts

November 16th, 2006 15:00

Spithas

Please just continue with my instructions.

zb1

zbestwun2001

4 Apprentice

 • 

8.8K Posts

November 16th, 2006 15:00

Hi
Let's see if we can't get this working right?



Please download SmitfraudFix
Extract the content (a folder named SmitfraudFix) to your Desktop.


Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

  2. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  3. Select Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
  4. Right click on AVG Anti-Spyware in the system tray and uncheck "Start with Windows".
    Go to Start > Run and type: services.msc
  5. Press "OK".
  6. In Services, click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
  7. When you find the guard service, double-click on it.
  8. In the Properties Window > General Tab that opens, click the "Stop" button.
  9. From the drop-down menu next to "Startup Type", click on "Manual".
  10. Now click "Apply", then "OK" and close the Services window.
  11. Once the setup is complete you will need run AVG AS and update the definition files.
  12. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, manually update with the AVG AS Full database installer from here.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      • Close AVG Anti-Spyware, Do Not run a scan just yet. We will shortly.


        Open the SmitfraudFix folder and double-click smitfraudfix.cmd
        Select option #1 - Search by typing 1 and press " Enter"; a text file will appear, which lists infected files (if present).
        Please copy/paste the content of that report into your next reply.

        IMPORTANT: Do NOT run any other options until you are asked to do so!

        Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
        http://www.beyondlogic.org/consulting/proc...processutil.htm


      zb1

      zbestwun2001

      4 Apprentice

       • 

      8.8K Posts

      November 16th, 2006 15:00

      Aciid.Phr34k ,

      Please I respectfully ask you to stay out of my thread.. I will handle this.

      Your fixes leave much to be desired and you are doing the victims here a disservice.

      Please stay out of my thread.

      thank you very much

      zb1

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      November 16th, 2006 16:00

      Spithas,

      Please follow the instructions posted by zbestwun2001 in order to have COMPLETE removal of the malware.
      The instructions provided by Aciid.Phr34k are very incomplete.
      He missed diagnosis of this:
      O4 - HKCU\..\Run: [##$$] C:\WINDOWS\system32\msmsgrs.exe

      There are some vulnerabilities showing in your log as well.

      Please post your latest log generated by SmitfraudFix so we can get back on track with your malware removal.

      Everyone, thank you for your co-operation.

      Spithas

      11 Posts

      November 17th, 2006 08:00

      1. In Services, click the "Extended tab" and scroll down the list to find AVG Anti-Spyware guard.
      2. When you find the guard service, double-click on it.
      3. In the Properties Window > General Tab that opens, click the "Stop" button.
      that stop button is grey i can't click on it
       
      also the avg anti-spyware makes my computer run really slow when it notifies me with a apyware
       

      Message Edited by Spithas on 11-17-200605:01 AM

      Spithas

      11 Posts

      November 17th, 2006 09:00

      here is the smitfraudfix  search report
       
      SmitFraudFix v2.122
      Scan done at 12:10:00.53, 17/11/2006
      Run from C:\Documents and Settings\Daniel\Desktop\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      Fix run in normal mode
      »»»»»»»»»»»»»»»»»»»»»»»» C:\

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daniel

      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Daniel\Application Data

      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Daniel\FAVORI~1

      »»»»»»»»»»»»»»»»»»»»»»»» Desktop

      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
       
       
      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!
      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, following keys are not inevitably infected!!!
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""

      »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

      »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

      »»»»»»»»»»»»»»»»»»»»»»»» End
       

      zbestwun2001

      4 Apprentice

       • 

      8.8K Posts

      November 17th, 2006 11:00

      That ok just continue..


      Please print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

      Please reboot your computer in Safe Mode by doing the following :

      * Restart your computer
      * After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
      * Instead of Windows loading as normal, a menu with options should appear;
      * Select the first option, to run Windows in Safe Mode, then press "Enter".
      * Choose your usual account.

      Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
      Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

      You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

      The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

      The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart anyway into normal Windows.
      A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report along with all others into your next reply along with a new HijackThis log.
      The report can also be found at the root of the system drive, usually at C:\rapport.txt

      Warning : Running option #2 on a non-infected computer will remove your Desktop background.


      ____________________________________________________________

      Clean out your Temporary Internet files. Proceed like this:

      * Quit Internet Explorer and quit any instances of Windows Explorer.
      * Click Start, click Control Panel, and then double-click Internet Options.
      * On the General tab, click Delete Files under Temporary Internet Files.
      * In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      * On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      * Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      * Click OK.

      Next Click Start, click Control Panel and then double-click Display.
      Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
      Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin
      ______________________________

      Close ALL open Windows / Programs / Folders.

      * While in Safe Mode, launch AVG Anti-Spyware by double-clicking the icon on your desktop.
      * Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
      * AVG AS will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
      * If you have any infections you will prompted, then select "Apply all actions"
      * Next select the "Reports" icon at the top.
      * Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
      * Close AVG AS and reboot your system back into Normal Mode.



      In your next reply please include:

      1. The report from SmitfraudFix found here: C:\rapport.txt
      2. The report from AVG AS
      3. A fresh HijackThis log

      You may need several replies to post the requested logs, otherwise they might get cut off.

      zb1

      Spithas

      11 Posts

      November 17th, 2006 12:00

      and the fresh Hijackthis report
       
      Logfile of HijackThis v1.99.1
      Scan saved at 15:47:42, on 17/11/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
      C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
      C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      C:\Program Files\QuickTime Alternative\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Xfire\Xfire.exe
      C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\svchost.exe
      C:\hijackthis\HijackThis.exe
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
      O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
      O4 - Global Startup: Wowhead Client.lnk = C:\Program Files\World of Warcraft\Wowhead_Client.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daniel\Start Menu\Programs\IMVU\Run IMVU.lnk
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
       

      Spithas

      11 Posts

      November 17th, 2006 12:00

      The     AVG AS  report
       
      ---------------------------------------------------------
      AVG Anti-Spyware - Scan Report
      ---------------------------------------------------------
       + Created at: 15:40:34 17/11/2006
       + Scan result: 
       
      C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
      HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
      C:\WINDOWS\system32\ljjghfc.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{944DCBB9-E301-4729-ACA4-F7D2B32DCD96}\RP122\A0030041.exe -> Downloader.Zlob.aes : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{944DCBB9-E301-4729-ACA4-F7D2B32DCD96}\RP123\A0031001.exe -> Downloader.Zlob.aes : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{944DCBB9-E301-4729-ACA4-F7D2B32DCD96}\RP121\A0029812.dll -> Downloader.Zlob.akg : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{944DCBB9-E301-4729-ACA4-F7D2B32DCD96}\RP123\A0031007.dll -> Downloader.Zlob.akg : Cleaned with backup (quarantined).
      C:\System Volume Information\_restore{944DCBB9-E301-4729-ACA4-F7D2B32DCD96}\RP122\A0030043.exe -> Downloader.Zlob.axi : Cleaned with backup (quarantined).
      C:\Documents and Settings\Daniel\Cookies\daniel@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
      C:\System Volume Information\_restore{944DCBB9-E301-4729-ACA4-F7D2B32DCD96}\RP124\A0031427.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
      C:\WINDOWS\system32\msmsgrs.exe -> Trojan.Pakes : Cleaned with backup (quarantined).

      ::Report end
       

      Spithas

      11 Posts

      November 17th, 2006 12:00

      here is the Smitfraudfix report
       
      SmitFraudFix v2.122
      Scan done at 15:20:42.11, 17/11/2006
      Run from C:\Documents and Settings\Daniel\Desktop\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      Fix run in safe mode
      »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!
      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll
      »»»»»»»»»»»»»»»»»»»»»»»» Killing process

      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
      GenericRenosFix by S!Ri

      »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

      »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

      »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
       
      Registry Cleaning done.
       
      »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
      !!!Attention, following keys are not inevitably infected!!!
      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» End
       

      Spithas

      11 Posts

      November 17th, 2006 13:00

      here you go
       
      Logfile of HijackThis v1.99.1
      Scan saved at 16:13:46, on 17/11/2006
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
      C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      C:\Program Files\Eset\nod32kui.exe
      C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
      C:\Program Files\QuickTime Alternative\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Xfire\Xfire.exe
      C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\explorer.exe
      C:\hijackthis\HijackThis.exe
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Conceptronic Conceptronic 54Mbps Wireless Utility] C:\Program Files\Conceptronic\Conceptronic 54Mbps Wireless Utility\WLANmon.exe
      O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
      O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
      O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
      O4 - Global Startup: Wowhead Client.lnk = C:\Program Files\World of Warcraft\Wowhead_Client.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
      O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Daniel\Start Menu\Programs\IMVU\Run IMVU.lnk
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
       

      zbestwun2001

      4 Apprentice

       • 

      8.8K Posts

      November 17th, 2006 13:00

      Run HiJackThis and click " Scan", then check(tick) the following, if present:


      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exe

      Now, with all windows closed except HiJackThis, click " Fix checked".

      Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

      folders...
      C:\Program Files\LimeWire

      Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're ' in use', try deleting them from " Safe Mode".

      Post back a new log, and let me know how everything goes.

      ZB1

      Was this post helpful?

      View All

      No Events found!

      Top