Help needed. Hijack log.

Status
Not open for further replies.
N

norman1978

Solid State Member
Messages
6
Hi. This is my first time posting. I have a virus that seems to keep coming back. It causing popups in IE browser making the browser unusable. I have a hijack log and ewido report. Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 8:40:41 PM, on 8/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\?dobe\r?ndll32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msnphoto.scr
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ Miller\My Documents\Unzipped\hijackthis[1]\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Maao] "C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe" -vt ndrv
O4 - HKCU\..\Run: [Bjytzwc] C:\Program Files\Common Files\?dobe\r?ndll32.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe




---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:33:12 PM 8/23/2006

+ Scan result:



C:\WINDOWS\system32\hgswqydy.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : No action taken.
:mozilla.162:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.174:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.73:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.74:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.75:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@adrevolver[1].txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.48:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.49:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.50:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.51:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.52:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
:mozilla.21:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.118:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@[url]www.burstbeacon[/url][1].txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.148:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.149:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.151:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@[url]www.burstnet[/url][1].txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.185:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.186:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.187:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.84:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.54:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.28:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
:mozilla.201:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.217:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.218:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.219:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.220:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.119:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.120:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.110:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.111:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.112:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.56:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@mediaplex[2].txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.68:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.69:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.65:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.66:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.67:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.57:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.58:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.152:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.153:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.154:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.203:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.136:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.137:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.138:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.139:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.140:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.141:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.142:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.143:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.35:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.145:C:\Documents and Settings\ Miller\Application Data\Mozilla\Firefox\Profiles\9rd1p0nk.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\ Miller\Cookies\ miller@zedo[1].txt -> TrackingCookie.Zedo : No action taken.
 
Fix the following entries using HiJackThis:

C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe

C:\Program Files\Common Files\?dobe\r?ndll32.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"

O4 - HKCU\..\Run: [Maao] "C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe" -vt ndrv

O4 - HKCU\..\Run: [Bjytzwc] C:\Program Files\Common Files\?dobe\r?ndll32.exe

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
 
Fix the following entries using HiJackThis:

C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe

C:\Program Files\Common Files\?dobe\r?ndll32.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"

O4 - HKCU\..\Run: [Maao] "C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe" -vt ndrv

O4 - HKCU\..\Run: [Bjytzwc] C:\Program Files\Common Files\?dobe\r?ndll32.exe

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
 
Fix the following entries using HiJackThis:

C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe

C:\Program Files\Common Files\?dobe\r?ndll32.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"

O4 - HKCU\..\Run: [Maao] "C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe" -vt ndrv

O4 - HKCU\..\Run: [Bjytzwc] C:\Program Files\Common Files\?dobe\r?ndll32.exe

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
 
Fix the following entries using HiJackThis:

C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe

C:\Program Files\Common Files\?dobe\r?ndll32.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - HKLM\..\Run: [adstart] "iexplore.exe" "http://iesettingsupdate"

O4 - HKCU\..\Run: [Maao] "C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe" -vt ndrv

O4 - HKCU\..\Run: [Bjytzwc] C:\Program Files\Common Files\?dobe\r?ndll32.exe

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
 
Wow, four posts in the same minute ;) Gotta be a record!

Run CCleaner (make sure you know what you have ticked before cleaning) and make sure firefox cookies are checked to clean. You can download CCleaner from www.ccleaner.com.

Make sure you delete these:

C:\PROGRA~1\COMMON~1\MANTEC~1\services.exe

C:\Program Files\Common Files\?dobe\r?ndll32.exe

You will need to have 'view hidden files' enabled to do this.

After you have followed Warez Monster's, Talldude123's
and my steps, post a new HijackThis log.
 
Ok, I followed all the instructions above. Here is my new log.

Logfile of HijackThis v1.99.1
Scan saved at 2:40:42 PM, on 8/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ Miller\My Documents\Unzipped\hijackthis[1]\HijackThis.exe

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
 
Yes, I am unable to use IE browser due to the large number of popups - roboform is one. Also alot of spyware popups. Another problem in IE is that a dial-up connection keeps popping up asking if I want to connect and after I exit IE goes to working offline. In Firefox I get "Error connecting to new dial-up connection". I have DSL so it shouldn't be doing that and just started a couple of days ago.
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
W
Covert Communication via modulated Ultrasonic Acoustic Pressure Waves
Replies
0
Views
1K
WhiteHatX74
W
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
T
Hijackthis Log Win 10 Can Anybody look at this?
Replies
1
Views
3K
carnageX
carnageX
Back
Top Bottom