MattOrr Posted September 20, 2005 Report Share Posted September 20, 2005 Logfile of HijackThis v1.99.1Scan saved at 3:45:04 PM, on 9/20/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\ASUS\Probe\AsusProb.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\WINDOWS\system32\sstray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\AIM\aim.exeC:\Program Files\Trillian\trillian.exeC:\HJT\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dllO4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /rO4 - HKLM\..\Run: [stormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /optiO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLLO9 - Extra 'Tools' menuitem: IE HTTP Analyzer - {C7B3DF1E-6EFC-41E8-9DA7-EBC1F973832D} - C:\PROGRA~1\HTTPAN~1\IEHTTP~1.DLLO9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1125698666511O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Link to post Share on other sites
MattOrr Posted September 20, 2005 Author Report Share Posted September 20, 2005 Theres the HJT LOG Link to post Share on other sites
didom Posted September 20, 2005 Report Share Posted September 20, 2005 Scan again with HijackThis and check the following items:O9 - Extra button: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)O9 - Extra 'Tools' menuitem: Ò×Ȥ¹ºÎï - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=1 (file missing)After checking these items, close all browser windows except HijackThis and click "Fix checked".Then reboot your computer.Run Panda's online virus scan and perform a full system scan: Panda ActiveScanSave the scan log and post it along with a new HijackThis Log in your next reply. Link to post Share on other sites
sin Posted October 9, 2005 Report Share Posted October 9, 2005 This topic is being closed due to inactivity. If you would like the topic reopened, please contact one of the moderators.Thanks,Nic Link to post Share on other sites
Recommended Posts