Lumpy Posted May 14, 2006 Report Share Posted May 14, 2006 Logfile of HijackThis v1.99.1Scan saved at 7:15:09 PM, on 5/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\Iconoid\iconoid.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeC:\Program Files\Microsoft Office\Office10\OUTLOOK.EXEC:\Program Files\mobile PhoneTools\mPhonetools.exeC:\Program Files\Flock\flock\flock.exeC:\Program Files\Synergy\synergys.exeC:\WINDOWS\SYSTEM32\notepad.exeJ:\Programs\KeePass Password Safe\KeePass.exeC:\My Documents\Downloads\HijackThis.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -winO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [iconoid] "C:\Program Files\Iconoid\iconoid.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37500.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9DE-DBF96D6BE8E1}: NameServer = 66.94.25.120 66.94.9.120O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Link to post Share on other sites
Lumpy Posted May 15, 2006 Author Report Share Posted May 15, 2006 Logfile of HijackThis v1.99.1Scan saved at 7:15:09 PM, on 5/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\devldr32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\Iconoid\iconoid.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeC:\Program Files\Microsoft Office\Office10\OUTLOOK.EXEC:\Program Files\mobile PhoneTools\mPhonetools.exeC:\Program Files\Flock\flock\flock.exeC:\Program Files\Synergy\synergys.exeC:\WINDOWS\SYSTEM32\notepad.exeJ:\Programs\KeePass Password Safe\KeePass.exeC:\My Documents\Downloads\HijackThis.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -winO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [iconoid] "C:\Program Files\Iconoid\iconoid.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9C0745B3-C514-4E53-B9DE-DBF96D6BE8E1}: NameServer = 66.94.25.120 66.94.9.120O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Link to post Share on other sites
Matt Posted May 15, 2006 Report Share Posted May 15, 2006 Hi lumpyPlease scan with HJT and place a check next to the following item:O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exeThen, make sure all browser windows and other applications are closed and click the Fix Checked button.Next, find and delete the following file:C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exeReboot your computer, rescan with HJT, and post a new log. Link to post Share on other sites
Lumpy Posted May 15, 2006 Author Report Share Posted May 15, 2006 Logfile of HijackThis v1.99.1Scan saved at 9:07:18 PM, on 5/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Java\jre1.5.0\bin\jusched.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\WINDOWS\system32\devldr32.exeC:\Program Files\Logitech\MouseWare\system\em_exec.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\Iconoid\iconoid.exeC:\Program Files\Synergy\synergys.exeC:\Program Files\Microsoft ActiveSync\WCESMgr.exeC:\Program Files\Microsoft Office\Office10\OUTLOOK.EXEC:\My Documents\Downloads\internet\removal toolsw\HijackThis.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exeO4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.ExeO4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFLO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -winO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [iconoid] "C:\Program Files\Iconoid\iconoid.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE10\EXCEL.EXE/3000O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLLO9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\PROGRAM FILES\ATI MULTIMEDIA\TV\EXPLBAR.DLLO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLLO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37500.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Documents and Settings\Lumpy\Start Menu\Programs\Internet\Gizmo Project\mDNSResponder.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) Link to post Share on other sites
Matt Posted May 15, 2006 Report Share Posted May 15, 2006 Hi again Lumpy. Your log is now clean, although it wasnt really that bad to start with. Im going to close this unless you have anymore questions.Matt Link to post Share on other sites
Matt Posted May 15, 2006 Report Share Posted May 15, 2006 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts