Options
Infected computer
Hi
I need your expert help.
I been infected with spyware, viruses and what not.
I ran adware, Spybot and norton antivirus a few times but the same problem keeps reappearing.
This is the Hijack log.
Thank you for your time.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:52, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Icons\Seticon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0
\apdproxy.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0
\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7
-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09
\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-
xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN
Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: {45f2e2dc-51fb-9b78-5e24-3cea159b6b7c} -
{c7b6b951-aec3-42e5-87b9-bf15cd2e2f54} -
C:\WINDOWS\system32\ipankemc.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN
Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-
4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh
Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1
\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program
Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program
Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [38b9423c] rundll32.exe
"C:\WINDOWS\system32\yhampchc.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Window Washer] C:\Program
Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program
Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-
5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common
Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh
Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Videos] "C:\Program
Files\laughnetwork\update.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector]
C:\Documents and Settings\Allan\My Documents\My Received
Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector]
C:\Documents and Settings\Allan\My Documents\My Received
Files\Picasa2\PicasaMediaDetector.exe (User 'Default
user')
O4 - Startup: IMVU.lnk =
C:\RECYCLER\NPROTECT\00076473.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5
-00401C608501} - C:\Program Files\Java\jre1.5.0_09
\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3
\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307
-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1
\MICROS~3\inetrepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-
a92d743db949} - C:\Documents and Settings\Allan\Start
Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E
-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab3126
7.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed
Class) -
http://www.singnet.com.sg/technical/helptools/media/Spee
dCtrl.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E}
(EGamesPlugin Class) - https://www.e-
games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24}
(UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a
-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/
en/x86/client/wuweb_site.cab?1167382486831
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClien
t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPACli
ent.cab56907.cab
O23 - Service: Adobe Active File Monitor V4
(AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program
Files\Adobe\Photoshop Elements 4.0
\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\system32
\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher
(DefWatch) - Symantec Corporation - C:\Program
Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection
(NProtectService) - Symantec Corporation - C:\PROGRA~1
\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: O&O Defrag - O&O Software GmbH -
C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)
(RichVideo) - Unknown owner - C:\Program
Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program
Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program
Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation
- C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation
- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot
Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
--
End of file - 11153 bytes
I need your expert help.
I been infected with spyware, viruses and what not.
I ran adware, Spybot and norton antivirus a few times but the same problem keeps reappearing.
This is the Hijack log.
Thank you for your time.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:52, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec
Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Icons\Seticon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Photoshop Elements 4.0
\apdproxy.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\WINDOWS\system32\NotifyPhoneBook.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\OPLIMIT\ocrawr32.exe
C:\Program Files\Adobe\Photoshop Elements 4.0
\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
C:\WINDOWS\system32\wwSecure.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7
-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-
174F-4872-96B5-0B27DDD11DB2} - C:\Program
Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-
D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09
\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-
4ABF-8ECC-5164760863C6} - C:\Program Files\Common
Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -
C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-
xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN
Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: {45f2e2dc-51fb-9b78-5e24-3cea159b6b7c} -
{c7b6b951-aec3-42e5-87b9-bf15cd2e2f54} -
C:\WINDOWS\system32\ipankemc.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-
64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN
Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-
4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh
Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32
\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common
Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1
\VPTray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program
Files\Icons\Seticon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program
Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program
Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32
\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program
Files\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [38b9423c] rundll32.exe
"C:\WINDOWS\system32\yhampchc.dll",b
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Window Washer] C:\Program
Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program
Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program
Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-
5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager]
C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-
88D8A56B10AA}] "C:\Program Files\Common
Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh
Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Videos] "C:\Program
Files\laughnetwork\update.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector]
C:\Documents and Settings\Allan\My Documents\My Received
Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector]
C:\Documents and Settings\Allan\My Documents\My Received
Files\Picasa2\PicasaMediaDetector.exe (User 'Default
user')
O4 - Startup: IMVU.lnk =
C:\RECYCLER\NPROTECT\00076473.exe
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program
Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program
Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel
- res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5
-00401C608501} - C:\Program Files\Java\jre1.5.0_09
\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-
070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3
\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307
-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1
\MICROS~3\inetrepl.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-
a92d743db949} - C:\Documents and Settings\Allan\Start
Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E
-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B}
(Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineSweeper.cab3126
7.cab
O16 - DPF: {2B866353-E598-4403-8E4D-B871AB30DC55} (Speed
Class) -
http://www.singnet.com.sg/technical/helptools/media/Spee
dCtrl.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E}
(EGamesPlugin Class) - https://www.e-
games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24}
(UnoCtrl Class) - http://messenger.zone.msn.com/EN-SG/a
-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/
en/x86/client/wuweb_site.cab?1167382486831
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClien
t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPACli
ent.cab56907.cab
O23 - Service: Adobe Active File Monitor V4
(AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program
Files\Adobe\Photoshop Elements 4.0
\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. -
C:\Program Files\Common Files\Apple\Mobile Device
Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) -
Symantec Corporation - C:\Program Files\Common
Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access -
Creative Technology Ltd - C:\WINDOWS\system32
\CTsvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher
(DefWatch) - Symantec Corporation - C:\Program
Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Common
Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection
(NProtectService) - Symantec Corporation - C:\PROGRA~1
\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: O&O Defrag - O&O Software GmbH -
C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS)
(RichVideo) - Unknown owner - C:\Program
Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program
Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program
Files\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service
(SNDSrvc) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation
- C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec AntiVirus - Symantec Corporation
- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec Core LC - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\CCPD-
LC\symlcsvc.exe
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot
Software, Inc. - C:\WINDOWS\system32\wwSecure.exe
--
End of file - 11153 bytes
0
Comments
My name is Scotty. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research.
Please be patient as my posts to you have to be checked before I reply, so they make take longer.
- You have word wrap turned on, this is making your logs difficult to read
- Run notepad
- Goto Format and untick Word Wrap
Then post a new HijackThis log.Please make a uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.
5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.
Infections can change and fresh instructions will now need to be given. If you wish to reopen your topic, please send a Private Message (PM) to Trogan with a link to your thread.
If you are not the user who started this thread, you must start your own Thread instead (grin)