adware

Status
Not open for further replies.
aj2003

aj2003

Daemon Poster
Messages
1,094
atm my comp starts very fast to the login screen then it takes ages. so i pressume its spyware loadin on start up. ive ran adaware and spybot search and destroy but neither are gettin me anywhere so i tried hijackthis! would you guys have a look over my adaware and hijackthis log files plz so i dont end up deleting summit i shouldnt thanks.

hijack this

Logfile of HijackThis v1.97.7
Scan saved at 17:47:01, on 11/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Installed\Programs\System\disk keeper\DkService.exe
C:\WINDOWS\System32\E_S00RP2.EXE
C:\Installed\Programs\System\norton\antivirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Installed\Programs\System\norton\antivirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\SAgent4.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Installed\Programs\System\money\System\mnyexpr.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dplaysvr.exe
C:\Installed\Programs\Internet\VNC\winvnc4.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Downloads\Programs\System\HijackThis.exe
C:\Program Files\SpywareBlaster\spywareblaster.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.co.uk/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Installed\Programs\media\Acrobat Reader\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Installed\Programs\Internet\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7CFFB5CD-2030-4428-9DDA-EE97D643D185} - C:\WINDOWS\bhyuet.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Installed\Programs\System\norton\antivirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Installed\Programs\System\norton\antivirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\installed\driver\sound card\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MoneyAgent] "C:\Installed\Programs\System\money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Downloads (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab27571.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} (shizmoo Class) - http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {58172624-85DD-4482-9E64-02ADCA637E96} (shizmoo Class) - http://shizmoo.com/activex/web665.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52....apple.com/saba/us/win/QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab27571.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/region/reg_eu/techsupp/activedata/ActiveData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA66138A-DBD0-42ED-BA20-37012B32E962}: NameServer = 194.74.65.86,194.72.9.44



adaware


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :11 July 2004 17:50:59
Created with Ad-aware Personal, free for private use.
Using reference-file :01R331 08.07.2004
______________________________________________________

Reffile status:
=========================
Reference file loaded:
Reference Number : 01R331 08.07.2004
Internal build : 263
File location : C:\Installed\Programs\System\Ad-aware 6\reflist.ref
Total size : 1300142 Bytes
Signature data size : 1279388 Bytes
Reference data size : 20690 Bytes
Signatures total : 28395
Target categories : 10
Target families : 519
11-07-2004 17:50:56 Error retrieving update


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:41 %
Total physical memory:523760 kb
Available physical memory:209840 kb
Total page file size:1278768 kb
Available on page file:988140 kb
Total virtual memory:2097024 kb
Available virtual memory:2051780 kb
OS:

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-aware Settings
=========================
Set : Unload recognized processes during scanning
Set : Include basic Ad-aware settings in logfile
Set : Include additional Ad-aware settings in logfile
Set : Let windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Always back up reference file, before updating
Set : Play sound if scan produced a result


11-07-2004 17:50:59 - Scan started. (Custom mode)

Listing running processes
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 11-07-2004 15:44:30
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:44:37
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:44:38
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/06/2004 12:05:33
Last accessed : 11/07/2004 16:50:59
Last modified : 23/08/2001 12:00:00

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:44:38
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 23/06/2004 12:06:20
Last accessed : 11/07/2004 16:50:59
Last modified : 29/08/2002 02:41:26

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:44:38
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/06/2004 12:05:49
Last accessed : 11/07/2004 16:50:59
Last modified : 23/08/2001 12:00:00

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:44:38
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/06/2004 12:05:49
Last accessed : 11/07/2004 16:50:59
Last modified : 23/08/2001 12:00:00

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 11-07-2004 15:44:39
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/06/2004 12:05:52
Last accessed : 11/07/2004 16:50:59
Last modified : 23/08/2001 12:00:00

#:8 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 213 KB
FileVersion : 2.1.2.800
ProductVersion : 2.1.2.800
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Network Proxy Service
InternalName : ccProxy
OriginalFilename : ccProxy.exe
ProductName : Common Client
Created on : 06/05/2004 22:21:38
Last accessed : 11/07/2004 16:50:59
Last modified : 27/01/2004 18:06:54

#:9 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 229 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
OriginalFilename : ccSetMgr.exe
ProductName : Common Client
Created on : 06/05/2004 22:20:50
Last accessed : 11/07/2004 16:44:40
Last modified : 10/11/2003 12:30:12

#:10 [dkservice.exe]
FilePath : C:\Installed\Programs\System\disk keeper\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 320 KB
FileVersion : 8.0.480.0
ProductVersion : 8.0.480.0
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
OriginalFilename : DKSERVICE
ProductName : Diskeeper (TM) Disk Defragmenter
Created on : 11/02/2004 17:27:46
Last accessed : 11/07/2004 16:50:59
Last modified : 11/02/2004 17:27:46

#:11 [e_s00rp2.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 61 KB
FileVersion : 2.02
ProductVersion : 2.02
Copyright : Copyright (C) SEIKO EPSON CORP. 2002
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S00RP2
OriginalFilename : E_S00RP2.EXE
ProductName : EPSON Status Monitor 3
Created on : 07/06/2004 10:16:52
Last accessed : 11/07/2004 16:50:59
Last modified : 01/07/2002 02:02:00

#:12 [navapsvc.exe]
FilePath : C:\Installed\Programs\System\norton\antivirus\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 155 KB
FileVersion : 10.00.2
ProductVersion : 10.00.2
Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 11/06/2004 22:21:37
Last accessed : 11/07/2004 16:51:00
Last modified : 23/04/2004 10:04:18

#:13 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 108 KB
FileVersion : 6.14.10.5672
ProductVersion : 6.14.10.5672
Copyright : (C) NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.72
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 56.72
Created on : 24/03/2004 09:04:00
Last accessed : 11/07/2004 16:51:00
Last modified : 24/03/2004 09:04:00

#:14 [savscan.exe]
FilePath : C:\Installed\Programs\System\norton\antivirus\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 189 KB
FileVersion : 9.2.1.14
ProductVersion : 9.2
Copyright : Copyright (c) 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
OriginalFilename : SAVSCAN.EXE
ProductName : Symantec AntiVirus AutoProtect
Created on : 28/05/2004 16:43:21
Last accessed : 11/07/2004 16:51:00
Last modified : 04/12/2003 17:22:30

#:15 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 189 KB
FileVersion : 5.3.1.53
ProductVersion : 5.3
Copyright : Copyright 2002, 2003 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
OriginalFilename : SndSrvc.exe
ProductName : Symantec Security Drivers
Created on : 29/04/2004 20:27:36
Last accessed : 11/07/2004 16:44:42
Last modified : 29/04/2004 20:27:36

#:16 [sagent4.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 15:44:46
BasePriority : Normal
FileSize : 120 KB
FileVersion : 1, 3, 0, 0
ProductVersion : 1, 0, 0, 0
Copyright : Copyright (C) SEIKO EPSON CORP. 2002
CompanyName : SEIKO EPSON CORPORATION
FileDescription : SAgent4
InternalName : SAgent4
OriginalFilename : SAGENT4.EXE
ProductName : EPSON Bi-directional Printer
Created on : 07/06/2004 10:16:51
Last accessed : 11/07/2004 16:51:00
Last modified : 11/12/2002 01:03:00

#:17 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ThreadCreationTime : 11-07-2004 15:44:47
BasePriority : Normal
FileSize : 572 KB
FileVersion : 1, 8, 48, 79
ProductVersion : 1, 8, 48, 79
Copyright : Copyright (C) 2003
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
OriginalFilename : symlcsvc.exe
ProductName : Symantec Core Component
Created on : 17/04/2004 10:22:17
Last accessed : 11/07/2004 16:51:00
Last modified : 17/04/2004 10:22:17

#:18 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 15:44:47
BasePriority : Normal
FileSize : 249 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
OriginalFilename : ccEvtMgr.exe
ProductName : Common Client
Created on : 06/05/2004 22:20:50
Last accessed : 11/07/2004 16:44:39
Last modified : 10/11/2003 12:30:04

#:19 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 11-07-2004 16:13:49
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 23/06/2004 12:06:42
Last accessed : 11/07/2004 16:49:28
Last modified : 11/05/2003 20:12:10

#:20 [cthelper.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 16:13:57
BasePriority : Normal
FileSize : 24 KB
FileVersion : 1, 0, 1, 2
ProductVersion : 1, 0, 1, 2
Copyright : Copyright (C) 2002-03
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
OriginalFilename : CtHelper.EXE
ProductName : CtHelper Application
Created on : 20/04/2004 06:43:33
Last accessed : 11/07/2004 16:51:00
Last modified : 06/10/2003 13:57:32

#:21 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ThreadCreationTime : 11-07-2004 16:13:57
BasePriority : Normal
FileSize : 69 KB
FileVersion : 2.1.0.610
ProductVersion : 2.1.0.610
Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
OriginalFilename : ccApp.exe
ProductName : Common Client
Created on : 06/05/2004 22:20:50
Last accessed : 11/07/2004 16:14:05
Last modified : 10/11/2003 12:30:02

#:22 [msgplus.exe]
FilePath : C:\Program Files\Messenger Plus! 3\
ThreadCreationTime : 11-07-2004 16:13:57
BasePriority : Normal
FileSize : 160 KB
FileVersion : 3, 0, 0, 94
ProductVersion : 3, 0, 0, 94
Copyright : Copyright (C) 2001-2004
CompanyName : Patchou
FileDescription : Messenger Plus!
InternalName : MsgPlus
OriginalFilename : MsgPlus.exe
ProductName : Messenger Plus! 3
Created on : 18/05/2004 17:45:42
Last accessed : 11/07/2004 16:13:57
Last modified : 17/06/2004 16:41:31

#:23 [mnyexpr.exe]
FilePath : C:\Installed\Programs\System\money\System\
ThreadCreationTime : 11-07-2004 16:13:57
BasePriority : Normal
FileSize : 196 KB
FileVersion : 12.00.0613
ProductVersion : 12.00.0613
Copyright : Copyright
CompanyName : Microsoft Corp.
FileDescription : Microsoft Money Express
InternalName : mnyexpr
OriginalFilename : mnyexpr.exe
ProductName : Microsoft
Created on : 18/06/2003 11:00:00
Last accessed : 11/07/2004 16:51:00
Last modified : 18/06/2003 11:00:00

#:24 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 16:13:58
BasePriority : Normal
FileSize : 31 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
OriginalFilename : RUNDLL.EXE
ProductName : Microsoft
Created on : 23/06/2004 12:05:58
Last accessed : 11/07/2004 16:13:58
Last modified : 23/08/2001 12:00:00

#:25 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 11-07-2004 16:14:10
BasePriority : Normal
FileSize : 4768 KB
FileVersion : 6.2.0137
ProductVersion : Version 6.2
Copyright : Copyright (c) Microsoft Corporation 1997-2004
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : MSN Messenger
Created on : 28/05/2004 14:22:04
Last accessed : 11/07/2004 16:34:13
Last modified : 28/05/2004 14:22:04

#:26 [dplaysvr.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 11-07-2004 16:24:15
BasePriority : Normal
FileSize : 27 KB
FileVersion : 5.3.0000000.900 built by: DIRECTX
ProductVersion : 5.3.0000000.900
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectPlay Helper
InternalName : dplaysvr.exe
OriginalFilename : dplaysvr.exe
ProductName : Microsoft
Created on : 23/06/2004 12:06:30
Last accessed : 11/07/2004 16:24:15
Last modified : 11/12/2002 23:14:32

#:27 [winvnc4.exe]
FilePath : C:\Installed\Programs\Internet\VNC\
ThreadCreationTime : 11-07-2004 16:29:56
BasePriority : Normal
FileSize : 372 KB
FileVersion : 4.0
ProductVersion : 4.0
Copyright : Copyright
CompanyName : RealVNC Ltd.
FileDescription : VNC Server for Win32
InternalName : WinVNC 4.0
OriginalFilename : winvnc4.exe
ProductName : VNC Server 4.0
Created on : 15/06/2004 13:29:42
Last accessed : 11/07/2004 16:29:57
Last modified : 15/06/2004 13:29:42

#:28 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 11-07-2004 16:47:19
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 23/06/2004 12:06:58
Last accessed : 11/07/2004 16:47:19
Last modified : 29/08/2002 02:41:26

#:29 [ad-aware.exe]
FilePath : C:\Installed\Programs\System\Ad-aware 6\
ThreadCreationTime : 11-07-2004 16:47:46
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 17/04/2004 10:33:53
Last accessed : 11/07/2004 16:47:46
Last modified : 12/07/2003 21:00:20

#:30 [wmplayer.exe]
FilePath : C:\Program Files\Windows Media Player\
ThreadCreationTime : 11-07-2004 16:49:27
BasePriority : Normal
FileSize : 72 KB
FileVersion : 9.00.00.2980
ProductVersion : 9.00.00.2980
Copyright : (C) Microsoft Corporation. All rights reserved.
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player
InternalName : WMPLAYER.EXE
OriginalFilename : WMPLAYER.EXE
ProductName : Microsoft(R) Windows Media Player
Created on : 23/06/2004 12:06:48
Last accessed : 11/07/2004 16:49:31
Last modified : 11/12/2002 16:27:32

#:31 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ThreadCreationTime : 11-07-2004 16:50:00
BasePriority : Normal
FileSize : 1456 KB
FileVersion : 4.7.2009
ProductVersion : Version 4.7
Copyright : Copyright (c) Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
OriginalFilename : msmsgs.exe
ProductName : Messenger
Created on : 23/06/2004 12:08:45
Last accessed : 11/07/2004 16:45:59
Last modified : 14/04/2003 18:30:14

Memory scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 0


Started registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Roings Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\roimoi


Registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 1


Started deep registry scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Deep registry scan result :
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 1


Deep scanning and examining files (C:)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Tracking Cookie Object recognized!
Type : File
Data : anth@0[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 10/07/2004 23:05:14
Last accessed : 11/07/2004 16:53:01
Last modified : 10/07/2004 23:05:14



Tracking Cookie Object recognized!
Type : File
Data : anth@bilbo.counted[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 10/07/2004 19:13:15
Last accessed : 11/07/2004 16:53:01
Last modified : 10/07/2004 19:13:15



Tracking Cookie Object recognized!
Type : File
Data : anth@bravenet[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 09/07/2004 08:50:29
Last accessed : 11/07/2004 16:53:02
Last modified : 10/07/2004 18:52:42



Tracking Cookie Object recognized!
Type : File
Data : anth@cgi-bin[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 09/07/2004 10:05:30
Last accessed : 11/07/2004 16:53:02
Last modified : 09/07/2004 10:05:30



Tracking Cookie Object recognized!
Type : File
Data : anth@doubleclick[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 08/07/2004 21:10:21
Last accessed : 11/07/2004 16:53:02
Last modified : 08/07/2004 21:10:21



Tracking Cookie Object recognized!
Type : File
Data : anth@ehg-newegg.hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 09/07/2004 22:15:51
Last accessed : 11/07/2004 16:53:02
Last modified : 09/07/2004 22:15:51



Tracking Cookie Object recognized!
Type : File
Data : anth@hitbox[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 09/07/2004 22:15:50
Last accessed : 11/07/2004 16:53:02
Last modified : 09/07/2004 22:15:51



Tracking Cookie Object recognized!
Type : File
Data : anth@hotlog[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 10/07/2004 18:30:07
Last accessed : 11/07/2004 16:53:02
Last modified : 10/07/2004 18:30:07



Tracking Cookie Object recognized!
Type : File
Data : anth@kelkoo.co[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 10/07/2004 16:31:42
Last accessed : 11/07/2004 16:53:02
Last modified : 10/07/2004 16:31:42



Tracking Cookie Object recognized!
Type : File
Data : anth@statcounter[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 10/07/2004 18:43:39
Last accessed : 11/07/2004 16:53:02
Last modified : 10/07/2004 18:43:39



Tracking Cookie Object recognized!
Type : File
Data : anth@tribalfusion[2].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 11/07/2004 16:47:18
Last accessed : 11/07/2004 16:47:18
Last modified : 11/07/2004 16:47:18



Tracking Cookie Object recognized!
Type : File
Data : anth@zedo[1].txt
Category : Data Miner
Comment :
Object : C:\Documents and Settings\Anth\Cookies\

Created on : 10/07/2004 18:29:48
Last accessed : 11/07/2004 16:53:02
Last modified : 10/07/2004 18:29:50



Disk scan result for C:\
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 0
Objects found so far: 13


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Hosts file scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
873 entries scanned.
New objects :0
Objects found so far: 13




Performing conditional scans..
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Roings Object recognized!
Type : RegKey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\ssprint


Conditional scan result:
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
New objects : 1
Objects found so far: 14


18:02:09 Scan complete

Summary of this scan
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Total scanning time :00:11:09:672
Objects scanned :169160
Objects identified :14
Objects ignored :0
New objects :14

would be thankful of any help

EDIT: i constantly get the same pests in adaware and i dont know why?
 
uninstall through your control panel add/remove programs
Messenger Plus! 3 you can reinstall it but if you do say no to the sponsered programs they contain the lop malware
--------------------------------------------------------------------------
Run hijack this put a check next to these close all browsers and hit fix

Make sure not to miss one

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {7CFFB5CD-2030-4428-9DDA-EE97D643D185} - C:\WINDOWS\bhyuet.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"


O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocach...etup1.0.0.8.cab

O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} (DialerWeb Class) - http://212.145.159.194/251065/diale...Recomendada.cab

-----------------------------------------------------------------------------------------------------------------------------------
reboot
come back and post a new log and tell me how you computers running

alot of those are cookies

Also try spyware blaster
spyware blaster will block spyware from comming in when you surf the net

Lobos
Lobos
 
Status
Not open for further replies.

Similar threads

C
Hacked by malware
2
Replies
10
Views
9K
PP Mguire
PP Mguire
bevolasko
Nasty virus removal
Replies
9
Views
3K
TinyTek
T
S
Can someone help with this infection: dllhost.exe *32 (COM Surrogate) and jgttizpz.exe *32(Google Chrome)
Replies
5
Views
7K
carnageX
carnageX
S
"Google Chrome using all bandwidth" virus
Replies
3
Views
3K
carnageX
carnageX
N
  • Locked
Radio Station Sound Malware/ stdrt.exe
Replies
2
Views
2K
Nigby
N
Back
Top Bottom