surfnut Posted September 25, 2005 Report Share Posted September 25, 2005 (edited) Well,Did all the things that was suggested in the Malware clean out....works a lil betterStill cant get control over my task manager...wont let me inInternet Explorer homepage locked and cant change it.Hopefully someone can help...Thanx Surfnut"silence is only a tube ride away"EDIT dknoppix: Attached HJT log to postLogfile of HijackThis v1.99.1Scan saved at 1:07:22 PM, on 9/25/2005Platform: Windows 2000 SP3 (WinNT 5.00.2195)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\Program Files\Sygate\SPF\smc.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\WINNT\System32\svchost.exeC:\Program Files\ewido\security suite\ewidoctrl.exeC:\Program Files\ewido\security suite\ewidoguard.exeC:\WINNT\system32\regsvc.exeC:\WINNT\system32\MSTask.exeC:\WINNT\system32\stisvc.exeC:\WINNT\Explorer.EXEC:\WINNT\System32\WBEM\WinMgmt.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Microsoft AntiSpyware\gcasServ.exeC:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau.exeC:\Program Files\Microsoft AntiSpyware\gcasDtServ.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exeC:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeC:\Program Files\D-Link\AirPlus G\AirGCFG.exeC:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeC:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exeC:\Program Files\MSN Messenger\MsnMsgr.ExeC:\Program Files\Spyware Doctor\swdoctor.exeC:\Program Files\Microsoft Office\Office\MSOFFICE.EXEC:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exeC:\Program Files\Microsoft Office\Office\OSA.EXEC:\Program Files\HOTSYNC.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\User\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.joyiex.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.joyiex.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.joyiex.comO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dllO2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dllO2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dllO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocxO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-ca\msnappau.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [CXMon] "C:\Program Files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exeO4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exeO4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeO4 - HKLM\..\Run: [smcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startguiO4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"O4 - HKLM\..\RunOnce: [MigrateMMDrivers] rundll32.exe mmsys.cpl,mmseRunOnceO4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /backgroundO4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quietO4 - HKCU\..\Run: [ctfnom.exe] C:\WINNT\SVOHOST.exeO4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /QO4 - Startup: HotSync Manager.lnk = C:\Program Files\HOTSYNC.EXEO4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXEO4 - Global Startup: Microsoft Office Shortcut Bar.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXEO4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXEO6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123367012810O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cabO23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exeO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exeO23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe Edited September 25, 2005 by dknoppix Link to post Share on other sites
Dan Posted September 25, 2005 Report Share Posted September 25, 2005 (edited) Hi,You are currently running HijackThis from your desktop. Since HijackThis makes backups of any entries you fix, you should create a folder just to hold the HijackThis program and its backups, so the backups and the program are not accidentally deleted.To make a new folder:Go to "My Computer", click on C:\ and then go to the "File" menu, choose New -> Folder. Name the folder "HJT" or something like that and then please move the HijackThis.exe executable there.Please run HijackThis and click "Scan." Place checks next to the following entries:R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.joyiex.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.joyiex.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.joyiex.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.joyiex.comO4 - HKCU\..\Run: [ctfnom.exe] C:\WINNT\SVOHOST.exeIf you or your administrator did not put this restriction on Control Panel, also check this item. These restrictions can also be set by software like Spybot Search & Destroy, SpywareBlaster or another similar protection software:O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentClose all windows except HijackThis, and click the "Fix Checked" button.Locate the following files, and delete it:C:\WINNT\SVOHOST.exeReboot and post a new log.dk Edited September 26, 2005 by dknoppix Link to post Share on other sites
sin Posted October 9, 2005 Report Share Posted October 9, 2005 This topic is being closed due to inactivity. If you would like the topic reopened, please contact one of the moderators.Thanks,Nic Link to post Share on other sites
Recommended Posts