Options
Yet another omegasearch victim...
Please help... This blasted thing won't leave and when I think it does leave, it shows it's ugly head 
to force me to crawl back into my corner feeling inadaquet... :banghead: 
Well here's my list. Please help.
Logfile of HijackThis v1.97.7
Scan saved at 10:09:05 PM, on 6/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\TCAUDIAG.exe
D:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\anvshell.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\PROGRA~1\AUDIOA~1\Bibjoy.exe
D:\WINDOWS\System32\ulojhu.exe
D:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
D:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
D:\Program Files\AIM95\aim.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\AWS\WeatherBug\Weather.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
D:\WINDOWS\System32\WScript.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
D:\Documents and Settings\MatroxKOD\Start Menu\Programs\Startup\PeerGuardian_1.99b_pr8.exe
D:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\snmp.exe
D:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
D:\Program Files\Winamp3\winamp3.exe
G:\SETUP.EXE
D:\WINDOWS\System32\MSIEXEC.exe
F:\Hijack This\HijackThis.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\System32\MsiExec.exe
D:\WINDOWS\System32\MsiExec.exe
D:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (D:\Documents and Settings\MatroxKOD\Application Data\Mozilla\Profiles\default\p4d7585n.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\MatroxKOD\Application Data\Mozilla\Profiles\default\p4d7585n.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [winactive] D:\Program Files\Window Active\winactive.exe
O4 - HKCU\..\Run: [TaskTray] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PicoZip] D:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: connlog.txt
O4 - Startup: Guarding.P2P
O4 - Startup: Norton System Doctor.LNK = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: PeerGuardian_1.99b_pr8.exe
O4 - Startup: PG2Config.p2p
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38046.5213888889
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
to force me to crawl back into my corner feeling inadaquet... :banghead: Well here's my list. Please help.
Logfile of HijackThis v1.97.7
Scan saved at 10:09:05 PM, on 6/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\TCAUDIAG.exe
D:\WINDOWS\System32\CTHELPER.EXE
D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\anvshell.exe
D:\Program Files\Real\RealPlayer\RealPlay.exe
D:\PROGRA~1\AUDIOA~1\Bibjoy.exe
D:\WINDOWS\System32\ulojhu.exe
D:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
D:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
D:\Program Files\AIM95\aim.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\AWS\WeatherBug\Weather.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
D:\WINDOWS\System32\WScript.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
D:\Documents and Settings\MatroxKOD\Start Menu\Programs\Startup\PeerGuardian_1.99b_pr8.exe
D:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\snmp.exe
D:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
D:\Program Files\Winamp3\winamp3.exe
G:\SETUP.EXE
D:\WINDOWS\System32\MSIEXEC.exe
F:\Hijack This\HijackThis.exe
D:\WINDOWS\System32\msiexec.exe
D:\WINDOWS\System32\MsiExec.exe
D:\WINDOWS\System32\MsiExec.exe
D:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (D:\Documents and Settings\MatroxKOD\Application Data\Mozilla\Profiles\default\p4d7585n.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\MatroxKOD\Application Data\Mozilla\Profiles\default\p4d7585n.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [winactive] D:\Program Files\Window Active\winactive.exe
O4 - HKCU\..\Run: [TaskTray] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PicoZip] D:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: connlog.txt
O4 - Startup: Guarding.P2P
O4 - Startup: Norton System Doctor.LNK = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: PeerGuardian_1.99b_pr8.exe
O4 - Startup: PG2Config.p2p
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38046.5213888889
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
0
Comments
If you haven't done so already, please download and run adaware and spybot S&D 1.3 from the link in my sig, and then post a new log. If you have already done this, just let me know, and we'll get down to business.
Scan saved at 1:21:39 AM, on 6/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
D:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE
D:\WINDOWS\System32\CTsvcCDA.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
D:\WINDOWS\System32\TCAUDIAG.exe
D:\WINDOWS\System32\CTHELPER.EXE
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\WINDOWS\anvshell.exe
D:\WINDOWS\System32\ulojhu.exe
D:\PROGRA~1\AUDIOA~1\Bibjoy.exe
D:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
D:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe
D:\Program Files\AIM95\aim.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\AWS\WeatherBug\Weather.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
D:\WINDOWS\System32\WScript.exe
D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
D:\Documents and Settings\MatroxKOD\Start Menu\Programs\Startup\PeerGuardian_1.99b_pr8.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
D:\Program Files\Trend Micro\PC-cillin 2002\PCCCLIENT.EXE
D:\Program Files\Trend Micro\PC-cillin 2002\PCCGUIDE.EXE
D:\Program Files\Trend Micro\PC-cillin 2002\POP3TRAP.EXE
D:\WINDOWS\System32\javaw.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Hijack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (D:\Documents and Settings\MatroxKOD\Application Data\Mozilla\Profiles\default\p4d7585n.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://D%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (D:\Documents and Settings\MatroxKOD\Application Data\Mozilla\Profiles\default\p4d7585n.slt\prefs.js)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [pccguide.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "D:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O5 "LPT1:" /M "Stylus C42"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "D:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Anvshell] anvshell.exe
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [winactive] D:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [dmmifot] D:\WINDOWS\System32\ulojhu.exe
O4 - HKLM\..\Run: [Axismix] D:\PROGRA~1\AUDIOA~1\Bibjoy.exe
O4 - HKCU\..\Run: [TaskTray] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
O4 - HKCU\..\Run: [TaskBar] "D:\Program Files\Creative\SBAudigy\TaskBar\CTLTask.exe"
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PicoZip] D:\PROGRA~1\PicoZip\PicoZipTray.exe
O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - Startup: connlog.txt
O4 - Startup: Guarding.P2P
O4 - Startup: Norton System Doctor.LNK = D:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
O4 - Startup: PeerGuardian_1.99b_pr8.exe
O4 - Startup: PG2Config.p2p
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Search.vbs
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://D:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38046.5213888889
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://D:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://D:\Program Files\AutoCAD 2002\AcPreview.ocx
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll
(Known Adware - see http://www.kephyr.com/spywarescanner/library/twaintech/index.phtml for more info.)
O4 - HKLM\..\Run: [UpdReg] D:\WINDOWS\UpdReg.EXE
(Just a "reminder to register" program for your soundcard.)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
(Quicktime auto-updater - not necessary, slows down your boot sequence.)
O4 - HKLM\..\Run: [RealTray] D:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
(Launches Real Player to system tray at startup. Waste of resources, slows down boot sequence.)
O4 - HKLM\..\Run: [winactive] D:\Program Files\Window Active\winactive.exe
O4 - HKLM\..\Run: [dmmifot] D:\WINDOWS\System32\ulojhu.exe
O4 - HKLM\..\Run: [Axismix] D:\PROGRA~1\AUDIOA~1\Bibjoy.exe
(These are Omegsearch and related files.)
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM95\aim.exe -cnetwait.odl
(Auto-launches AOL Instant Messenger at starrtup. Slows down your boot sequence. Unless you really like having AIM start at boot, toast this.)
O4 - HKCU\..\Run: [PicoZip] D:\PROGRA~1\PicoZip\PicoZipTray.exe
(I can't find much info on this file, but it does not appear to match up to anything good, and shos up in a lot of infected HJT logs. I'd toast it.)
O4 - HKCU\..\Run: [Weather] D:\Program Files\AWS\WeatherBug\Weather.exe 1
O9 - Extra button: WeatherBug (HKCU)
(Known adware program.)
O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html
(This is a URL redirector. This can be a benign program. If you installed this on purpose, leave it. If you have no idea what this is, toast it.)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://D:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://D:\Program Files\AutoCAD 2002\InstFred.ocx
(Unnecessary downloaded Program Files.)
Next, create a folder on your C: drive called Quarantine. Find the following files and manually move them into this folder:
D:\Program Files\Window Active\winactive.exe
D:\WINDOWS\System32\ulojhu.exe
D:\PROGRAM FILES\AUDIOA~1\Bibjoy.exe (AUDIOA~1 = a folder with a longer name that starts with the letters AUDIOA.)
Rename the .exe extensions to .XXX.
Reboot normally, and check things out, you should be clean. come back and let us know...
Dexter...