hjt new log

Status
Not open for further replies.
M

mrsfroggeusa

Solid State Member
Messages
17
I did all the steps in the previous emails that the computer would allow.

Ad Aware kept locking up as did CCleaner.

Please help!


Ok.. this is the hjt log.. lol


Logfile of HijackThis v1.99.1
Scan saved at 9:54:33 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\toshiba\ivp\swupdate\swupdtmr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {B53455DB-5527-4041-AC41-F86E6947AA47} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [dmtvf.exe] C:\WINDOWS\system32\dmtvf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132175049125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132175029375
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC081F8-33B1-4C96-B74A-1FB1839D314C}: NameServer = 85.255.114.34,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{E526453F-8AB8-470B-BC66-9D7C54BB20F6}: NameServer = 85.255.114.34,85.255.112.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{F44B51B7-DF4D-49BC-99ED-A295120FB4C9}: NameServer = 85.255.114.34,85.255.112.9
O17 - HKLM\System\CS3\Services\Tcpip\..\{2FC081F8-33B1-4C96-B74A-1FB1839D314C}: NameServer = 85.255.114.34,85.255.112.9
O17 - HKLM\System\CS4\Services\Tcpip\..\{2FC081F8-33B1-4C96-B74A-1FB1839D314C}: NameServer = 85.255.114.34,85.255.112.9
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
 
Can you do this first? Theres a lot of nasties in your log


WarezMonsters 4 Step Spyware Removal Guide

Follow these instructions carefully and do what is said. If you canÂ’t perform a step, then skip it, an example would be if you canÂ’t get into safemode to scan your system, skip it and move on to the next. Please be precise in what your problem is. The more information I have the better I can help. Please name the Trojan, virus, Spyware you have and the affects it is having on your computer. An example would be your desktop has changed and you canÂ’t change it or a program is asking you to scan your system and then once you let it scan it asks you to buy it so it can remove the problems. If you happen to view this guide before posting, please tell us that you already performed these steps so I donÂ’t waste time in posting this guide up for you. If you have dial-up, I suggest you download these programs on another computer and then transfer them to the infected computer. Please be active with your posts meaning donÂ’t come here and state your issues, then have someone help you out but then you come back 2 weeks later. These issues need to be addressed ASAP. When posting your log, donÂ’t attach your log as a text document, copy and paste it to the forum. If you donÂ’t know what you are doing, (I know you are just try to help) then please refrain from telling someone what to delete using Hijackthis as it can cause a system crash or other irreversible affects. Thanks for your cooperation.

1.) Download ALL 10 programs and update ASAP if needed.

Ad Aware SE Personal Free

Ad-aware Messenger Service Plugin

Ad-Aware VX2 Cleaner Plugin

Spybot Search and Destroy Free

HijackThis
Make sure you put Hijackthis! In the root of your drive (C:\HJT)

Ewido

CCleaner

Cleanup!

CWShredder

Msconfig Cleanup

2.) Update your System completely and remove offending programs

Make sure your system is completely updated with all of MicrosoftÂ’s Updates including SP2 This service pack fixes a lot of Spyware issues, exploits, etc. NOTE: If your system is severely infected DO NOT INSTALL SP2 DOING SO CAN/WILL RENDER YOUR SYSTEM USELESS AND WILL BE TO BE REINSTALLED. Read this as to why not to install SP2 on an infected machine

Please visit at least 2 of these free online virus scanners

http://housecall.trendmicro.com/
http://www3.ca.com/virusinfo/virusscan.aspx
http://www.pandasoftware.com/actives..._principal.htm
http://www.bitdefender.com/scan/license.php
http://us.mcafee.com/root/mfs/default.asp
http://security.symantec.com/sscv6/d...d=ie&venid=sym

Next go to Add/Remove Programs and uninstall any offending programs, here are some below: Note: If you have more than one antivirus installed, please remove one. If during the uninstall process you receive an access denied, just move on to the next one. You may be asked to visit the offending programs website to receive an uninstaller, do not do so, just ignore it, close it, and move on.
If you are no sure about a specific program, look below. All programs in this site are offending and needs to be removed ASAP, even if you paid for it.

http://www.spywarewarrior.com/rogue_anti-spyware.htm

180 Search Assistant
180Solutions
Active alert
Ad Service
AdTools
AdTools Service
Alexa toolbar
BargainBuddy
Bullseye Networks
CashBack
cosmi
DH
EasySearchBar
Elite Sidebar
Elite Toolbar
Freeze Clip Art
GAIN
Gator
Hotbar Outlook Tools
Hotbar Web Tools
HuntBar
Internet Optimizer
ISTbar
ISTSvc
MaxiFiles
Media Access
Media Gateway
MySearch
MyWay Search Bar
MyWebSearch
Morpheus Toolbar
NavExcel Search Toolbar
NavHelper
ncase
Oemji Toolbar
Open Site
Preview AdService
Search Toolbar (HuntBar/WinTools)
ShopperReports by Hotbar
Sidefind
SideSearch
Slotchbar
Software Update Manager
SurfAccuracy
SurfSideKick
Upspiral Toolbar
TurboDownload
VBouncer
Viewpoint
Viewpoint Manager
Viewpoint Media Player
WareOut
WeatherBug
Web Rebates
Web Search Toolbar (WinTools)
Webhancer
WhenU (any entry)
WeirdOnTheWeb
Windows AdService
Windows AdStatus
Windows ServeAd
WinTools
WinTools Easy Installer
WSEM Update
Download Accelerator Plus
Kazaa
Kontiki
Messenger Plus
NetPumper
NewDotNet
P2P Networking
StarWare
WildTangent

3.) MSCONFIG Entries removal

Next step is to open MSCONFIG. Go to start, run, type Msconfig, press ok, go to the startup tab, then click disable all. Now re-check your antivirus, firewall or any other program that you absolutely need to be started up each and every time windows is restarted. Now rechecking these entries right now will result in deleted entries of your programs in the next step. Then you will need to reinstall that program. Then click apply, ok, but donÂ’t reboot yet. NOTE: when you reboot, you will see the System Configuration Utility dialog box appear. Just put a checkmark in the box and press ok. NOTE: If you can not open MSCONFIG, TASK MANAGER OR REGEDIT, just move to the next step or download it to your desktop below and then perform the task:

Download MSCONFIG, REGEDIT, and TASK MANAGER to your desktop


Next run Msconfig Cleanup after you unchecked the items you were told to uncheck and recheck, click "Select All", then click "Clean up Selected", then click "Quit". Make sure your antivirus and firewall are not checked. If you delete your antivirus and firewall entries, you will need to reinstall them so be sure to check them and donÂ’t reboot.

4.) ItÂ’s time to scan your system

Start off with any Spyware program. Make sure you update it. Make sure all IE, FF, Opera windows are closed. The only program(s) that need to be running are the Spyware scanners and your antivirus. Please do not quarantine anything. Please delete everything.

For Lavasoft Adaware SE 1.6, configure it by following these steps:
Open Adaware, click on Scan Now
Then click on Use Custom Scanning Options, and then click Customize
Click on Scan within archives
Click on Advanced, then click on Move deleted files to the recycle bin
Then click on Tweak, and select Scanning Engine, then select Run Scan as a background process for low CPU usage.
Click on Tweak and choose Write protect system files after repair
Then click on Proceed and select Search for low risk threats
Click next and let it scan.
Make sure you remove every thing is finds. You may need to run this program more than once depending on how bad you are infected.

For Ad-aware Messenger Service Plugin, just install it. It may as you to reboot, donÂ’t reboot yet. You will run Adaware SE 1.6 again after you reboot. This program is a plug-in for Adaware SE along with the VX2 Cleaner.

For Spybot Search and Destroy 1.4, configure it by following these steps:
Open Spybot, make sure it is updated.
Click on Mode, then select Advanced Mode, select yes at the prompt.
Click on Settings, then scroll down the list to uncheck Create Backup Copies, there are 3 that need to be unchecked.
Then click on Tools and select Resident. Make sure Tea Timer is selected and not Ad-watch.
Then select IE Tweaks and make sure under Miscellaneous Locks that all 3 boxes are checked.
Then scan your system.
Make sure you remove every thing is finds. You may need to run this program more than once depending on how bad you are infected.

For Ewido 4.0, configure it by following these steps:
Open Ewido and make sure it is updated
Click on Scanner, then settings and put a check mark in Scan every file under What to Scan.
Ewido may find items like VNC, RadMin, or any other Remote Control Tools; if you know that those programs are legit, click on ignore and put a checkmark in the box to always perform this option for these types of programs. If it not legit, select remove.
Ewido will take a while to scan your system so be patient as this whole process can take about 15 to 30 minutes depending on the speed of your computer.
Ewido is not free and the updates will expire in 15 days. That means after 15 days you will no longer be able to update the program but you can still use it fully functional after the 15 days. On systems with 512mb memory or less, I would recommend not have it in your taskbar as it will slow your computer down.

For CCleaner, configure it by following these steps:
Open CCleaner
Click on Cleaner and make sure all the boxes are check, select yes to the prompts
Then click Run Cleaner. Put a check mark in the box then scan your system. This may take several passes to complete
After the scan complete, click on the Applications tab and click on Run Cleaner
Then click on Issues, and then click on Scan for Issues
Select yes or no if you want to have your registry backed up.
Then click on Fix Selected Issues.

For Cleanup! Just run it. If you want to run a full system scan, click on Options and select everything you want it to clean. Selecting everything will delete all your favorites so make sure that is what you want.
Then let it scan your system. When it asks you to log off, select no.

For CWShredder, just run it. It will close any IE windows you have open.

For Hijackthis!

1.Open up the Hijackthis Program
2.Click on SCAN at the bottom.
3.Once it's finished click on Save Log and save it as a .txt file. DO NOT FIX ANYTHING!!
4.Paste the log onto the forum. Do not attach it.
5.Always start a new thread. DonÂ’t add on to someone elseÂ’s thread but reply to your own thread, donÂ’t start a new one.
6.We are not here 24/7 so we will look at your issues ASAP, please donÂ’t bump it. We see that it has not been addressed yet.
 
done

I did those already.. this is what i'm left with.

It seems that spyware has taken over my computer or rather my husband's computer. I am on my computer to gain access to information.

His homepage is hijacked and we keep getting popups that we have at least 7 spywares running.

Your examples - An example would be your desktop has changed and you canÂ’t change it or a program is asking you to scan your system and then once you let it scan it asks you to buy it so it can remove the problems.

Is what is going on. Spyware Soldier is the name of the software that wants us to purchase itself.
 
Remove what you can right now then boot into safemode and rescan again and look for the entries below and remove them. Once you get back you the normal screen, rescan and post a new log here



O1 - Hosts: localhost 127.0.0.1

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file

O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)

O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)

O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)

O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)

O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)

O2 - BHO: (no name) - {B53455DB-5527-4041-AC41-F86E6947AA47} - (no file)

O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file

O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe

O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe

O4 - HKLM\..\Run: [dmtvf.exe] C:\WINDOWS\system32\dmtvf.exe


O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yah...nst20040510.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC081F8-33B1-4C96-B74A-1FB1839D314C}: NameServer = 85.255.114.34,85.255.112.9

7 - HKLM\System\CCS\Services\Tcpip\..\{E526453F-8AB8-470B-BC66-9D7C54BB20F6}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CCS\Services\Tcpip\..\{F44B51B7-DF4D-49BC-99ED-A295120FB4C9}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CS3\Services\Tcpip\..\{2FC081F8-33B1-4C96-B74A-1FB1839D314C}: NameServer = 85.255.114.34,85.255.112.9

O17 - HKLM\System\CS4\Services\Tcpip\..\{2FC081F8-33B1-4C96-B74A-1FB1839D314C}: NameServer = 85.255.114.34,85.255.112.9

O23 - Service: Swupdtmr - Unknown owner - c:\toshiba\ivp\swupdate\swupdtmr.exe
 
ok.. just to clarify -

what do you mean by "remove what you can right now"?

do you want me to remove what is listed and then continue with the directions and see if they come back?
 
yes remove those entries now, then boot into safemode, rescan, and then check to see if the entires below came back, if they did, remove them, if not, then just get out of safemode, then post a new log and we will see what is left. Also let me know if you see an improvement
 
New log - no popups since rebooting, ie homepage is now blank when i try to go under internet options says there are restrictions and to contact my administrator.. hmm.. now what.lol





Logfile of HijackThis v1.99.1
Scan saved at 10:39:46 PM, on 8/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\Air Utility\AirCFG.exe
C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.com/
O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)
O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)
O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)
O2 - BHO: (no name) - {8333c319-0669-4893-a418-f56d9249fca6} - (no file)
O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)
O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)
O2 - BHO: (no name) - {B53455DB-5527-4041-AC41-F86E6947AA47} - (no file)
O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)
O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
O4 - HKLM\..\Run: [ANIWZCSService] C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Adware.Srv32] C:\WINDOWS\system32\runsrv32.exe
O4 - HKLM\..\Run: [Transponder] C:\WINDOWS\system32\susp.exe
O4 - HKLM\..\Run: [dmtvf.exe] C:\WINDOWS\system32\dmtvf.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1132175049125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132175029375
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
 
remove these entries and post a new log

O2 - BHO: (no name) - {00000000-59D4-4008-9058-080011001200} - (no file)

O2 - BHO: (no name) - {00000000-C1EC-0345-6EC2-4D0300000000} - (no file)

O2 - BHO: (no name) - {00000000-F09C-02B4-6EC2-AD0300000000} - (no file)

O2 - BHO: (no name) - {3ceff6cd-6f08-4e4d-bccd-ff7415288c3b} - (no file)

O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)

O2 - BHO: (no name) - {7b55bb05-0b4d-44fd-81a6-b136188f5deb} - (no file)

O2 - BHO: (no name) - {9c691a33-7dda-4c2f-be4c-c176083f35cf} - (no file)


O2 - BHO: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - (no file)

O2 - BHO: (no name) - {B53455DB-5527-4041-AC41-F86E6947AA47} - (no file)

O2 - BHO: (no name) - {e52dedbb-d168-4bdb-b229-c48160800e81} - (no file)

O2 - BHO: (no name) - {ffd2825e-0785-40c5-9a41-518f53a8261f} - (no file)
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
Back
Top Bottom