Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Hijack report & other reports
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Hijack report & other reports  
Forum Quick Jump
 
New Topic Post reply to : Hijack report & other reports Printable version of : Hijack report & other reports
[ << Previous Thread | Next Thread >> ]

craig1987
New Member


Date Joined Aug 2007
Total Posts : 6
  		   Posted 8-13-2007 8:11 (GMT +1)    Quote: Hijack report & other reportsAlert an admin about: Hijack report & other reports
 
Hi i keep geting pop ups and i ran scan with avg and i dont get then anymore i ren the other scans to could some just have look see if there anything else tht need deleteing thanks
 
 
 
Logfile of HijackThis v1.99.1
 

Scan saved at 20:07:36, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuard.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Mark\My Documents\alternativ.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [oiaevjb] c:\windows\system32\oiaevjb.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra 'Tools' menuitem: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlhome.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.8/WinSSWebAgent.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://downloads.bigredswitch.co.uk/joystick.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134218658984
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.tynebridgewebcam.com/camimages/AxisCamControl.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B3CB436E-7169-4BD3-A771-12EF99A2B76C} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {ED8525EA-2BFC-4440-BD8A-20EFB9D5E541} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4463/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1178.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
 + Created at: 19:55:43 13/08/2007
 + Scan result: 
 
C:\Downloads\RiskIISetup-dm[2].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Mark\Cookies\mark@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@connextra[1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Mark\Cookies\mark@e-2dj6wglyogazwaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\QooBox\Quarantine\C\WINDOWS\system32\wnstscc.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\wnstsicomsv.exe.vir -> Trojan.Small : Cleaned with backup (quarantined).

::Report end
********************************* ROOTCHK-(21-07-07)-LOG, by ejvindh
13/08/2007  7:59:27.71
Driver Core (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.
********************************* ROOTCHK-LOG-end

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 07:59:28
Windows 5.1.2600 Service Pack 2
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
hidden processes: 0
hidden files: 0
 
ComboFix 07-08-09.3 - "Mark" 2007-08-13  8:05:31.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.74 [GMT 1:00]

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\Mark\APPLIC~1.\dobe~1
C:\DOCUME~1\Mark\APPLIC~1.\icroso~1
C:\DOCUME~1\Mark\APPLIC~1.\macromedia\Flash Player\#SharedObjects\65V4EZUF\iforex.com
C:\DOCUME~1\Mark\APPLIC~1.\macromedia\Flash Player\#SharedObjects\65V4EZUF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\DOCUME~1\Mark\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\DOCUME~1\Mark\APPLIC~1.\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\DOCUME~1\Mark\Desktop.\internet explorer.lnk
C:\Program Files\asembl~1
C:\Program Files\Common Files\{940CC~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\stem~1
C:\Program Files\dobe~1
C:\Program Files\pedevice
C:\Program Files\pedevice\communication.xml
C:\Program Files\pedevice\Domain.Watchlist.txt
C:\Program Files\pedevice\pae-options.xml
C:\Program Files\pedevice\pae_url.xml
C:\Program Files\pedevice\pedevPS.dll
C:\Program Files\pedevice\search.watchlist.txt
C:\Program Files\pedevice\statistic.xml
C:\Program Files\pedevice\tmp\tmp.html
C:\Program Files\pedevice\watchlist.xml
C:\Program Files\sstem~1
C:\Program Files\ymbols~1
C:\Program Files\ystem~1
C:\WINDOWS\asembl~1
C:\WINDOWS\DOWNLO~1.\ODCTOOLS
C:\WINDOWS\mantec~1
C:\WINDOWS\ppatch~1
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\fnts~1
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\racle~1
C:\WINDOWS\system32\ssembl~1
C:\WINDOWS\system32\stixerb\winlogon.ini
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\wnstscc.exe
C:\WINDOWS\system32\wnstsicomsv.exe

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CORE
-------\LEGACY_IPRIP
-------\LEGACY_NETWORK_MONITOR
-------\core

(((((((((((((((((((((((((   Files Created from 2007-07-13 to 2007-08-13  )))))))))))))))))))))))))))))))

2007-08-13 08:03 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-12 20:04 113,128 --a------ C:\WINDOWS\system32\drivers\keyscrambler.sys
2007-08-09 18:04 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-07-29 12:44 197 --a------ C:\WINDOWS\system32\vspopup.dll
2007-07-29 12:37 40,960 --a------ C:\WINDOWS\system32\SSubTmr6.dll
2007-07-29 12:37 299,008 --a------ C:\WINDOWS\system32\vsPop.dll
2007-07-29 12:37 <DIR> d-------- C:\Program Files\VSPopUp
2007-07-28 08:40 <DIR> d----c--- C:\DOCUME~1\Mark\APPLIC~1\Viewpoint
2007-07-23 08:38 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BullGuard
2007-07-23 08:37 50,904 --a------ C:\WINDOWS\system32\drivers\BdFileSpy.sys
2007-07-23 08:37 <DIR> d----c--- C:\DOCUME~1\Mark\APPLIC~1\BullGuard
2007-07-23 08:37 <DIR> d-------- C:\Program Files\BullGuard Software
2007-07-20 18:14 <DIR> d----c--- C:\DOCUME~1\Mark\APPLIC~1\ConvertTemp
2007-07-20 18:13 <DIR> d----c--- C:\DOCUME~1\Mark\APPLIC~1\TransRender
2007-07-20 18:13 <DIR> d----c--- C:\DOCUME~1\Mark\APPLIC~1\Temporary
2007-07-20 17:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2007-07-20 17:51 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2007-07-20 17:51 <DIR> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2007-07-16 18:46 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-11 08:11 --------- d----c--- C:\DOCUME~1\Mark\APPLIC~1\LimeWire
2007-07-29 14:37 --------- d-------- C:\Program Files\Shockwave.com
2007-07-29 14:37 --------- d-------- C:\Program Files\LimeWire
2007-07-29 14:37 --------- d-------- C:\Program Files\DivX
2007-07-23 11:12 --------- d-------- C:\Program Files\SelectView
2007-07-23 08:52 14152 --a--c--- C:\WINDOWS\system32\lccl.dll
2007-07-23 08:52 14152 --a--c--- C:\WINDOWS\system32\client_cc.dll
2007-07-23 08:32 --------- d-------- C:\Program Files\Google
2007-07-16 06:07 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-06-25 08:59 --------- d-------- C:\Program Files\Yahoo!
2007-06-25 08:59 --------- d-------- C:\Program Files\QuickTime
2007-06-25 08:59 --------- d-------- C:\Program Files\PC MightyMax
2007-06-25 08:58 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-06-25 08:58 --------- d-------- C:\Program Files\MP3 Remix
2007-06-25 08:58 --------- d-------- C:\Program Files\CompuServe 2000 Version 6
2007-06-25 08:58 --------- d-------- C:\Program Files\Common Files\Real
2007-06-25 08:58 --------- d-------- C:\Program Files\Common Files\aolshare
2007-06-25 08:58 --------- d-------- C:\Program Files\AOL 8.0
2007-06-25 08:58 --------- d-------- C:\Program Files\Active WebCam
2007-06-24 20:16 --------- d----c--- C:\DOCUME~1\Mark\APPLIC~1\AdobeUM
2007-05-16 16:12 86528 -----c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 16:12 85504 -----c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 16:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 16:12 683520 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 16:12 510976 -----c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 16:12 1314816 -----c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-02-16 22:13 9216 --ahs---- C:\Program Files\Thumbs.db
2006-10-08 16:57:07 56 --sh--r C:\WINDOWS\system32\D0677421B7.sys
2006-10-08 16:57:07 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-12-14 18:57]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"oiaevjb"="c:\windows\system32\oiaevjb.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-11-14 13:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 03:23]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 16:19]
"nwiz"="nwiz.exe" [2003-07-28 16:19 C:\WINDOWS\system32\nwiz.exe]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 21:44]
"Broadbandadvisor.exe"="C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2007-01-24 15:12]
"csrss"="" []
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-07-23 08:51]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 12:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45]
"BullGuard"="C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" [2007-07-23 08:51]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)
[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 8.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 8.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\AOL 8.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^broadband medic.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\broadband medic.lnk
backup=C:\WINDOWS\pss\broadband medic.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINDOWS\pss\GStartup.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=C:\WINDOWS\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^iMesh.lnk]
backup=C:\WINDOWS\pss\iMesh.lnkStartup
path=C:\Documents and Settings\Mark\Start Menu\Programs\Startup\iMesh.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mark^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
path=C:\Documents and Settings\Mark\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
C:\Program Files\BullsEye Network\bin\bargains.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EbatesMoeMoneyMaker0]
C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotbar]
C:\Program Files\Hotbar\bin\4.5.0.0\HbInst.exe /Upgrade
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnappau]
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherOnTray]
C:\Program Files\Hotbar\bin\4.5.0.0\WeatherOnTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebRebates0]
C:\Program Files\Web_Rebates\WebRebates0.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Win Server Updt]
C:\WINDOWS\wupdt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"WebClient"=2 (0x2)
"WANMiniportService"=2 (0x2)
"UPS"=3 (0x3)
"TrkWks"=2 (0x2)
"SysmonLog"=3 (0x3)
"ProtectedStorage"=2 (0x2)
"PackethSvc"=2 (0x2)
"NVSvc"=2 (0x2)
"NtmsSvc"=3 (0x3)
"NtLmSsp"=3 (0x3)
"MSDTC"=3 (0x3)
"mnmsrvc"=3 (0x3)
"LmHosts"=2 (0x2)
"ERSvc"=2 (0x2)
"ZESOFT"=2 (0x2)
"RSVP"=3 (0x3)
"ImapiService"=3 (0x3)
"HTTPFilter"=3 (0x3)
"WmdmPmSN"=3 (0x3)
"SwPrv"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"COMSysApp"=3 (0x3)
"CiSvc"=3 (0x3)
"Browser"=2 (0x2)
"AppMgmt"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe
R1 StarOpen;StarOpen;C:\WINDOWS\system32\drivers\StarOpen.sys
R1 VFILT;BullGuard Firewall Kernel Driver;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\FiltNt.sys
R2 BdFileSpy;BullGuard File Monitor Driver;\??\C:\WINDOWS\system32\drivers\BdFileSpy.sys
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe -k BullGuard
R2 BsFwall;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe -k BullGuardFw
R3 GT680x;GrandTechICNameNT;C:\WINDOWS\system32\Drivers\gt680x.sys
R3 PROTECT.DLL;BullGuard Firewall Protection Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\Protect.dll
R3 Reconn;BullGuard Email Monitor;\??\C:\Program Files\BullGuard Software\BullGuard\reconn.sys
R3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
R3 wandrv;WAN Network Driver;C:\WINDOWS\system32\DRIVERS\wandrv.sys
S3 ADBLOCK.DLL;BullGuard Firewall Adware Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\AdBlock.dll
S3 AIT800AC;BenQ-Siemens EF61;C:\WINDOWS\system32\DRIVERS\AIT800C.sys
S3 CO_Mon;CO_Mon;\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys
S3 HTMLFILT.DLL;BullGuard Firewall HTML Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\HtmlFilt.dll
S3 HTTPFILT.DLL;BullGuard Firewall HTTP Plugin;\??\C:\Program Files\BullGuard Software\BullGuard\FwEngine\HttpFilt.dll
S3 idsvc;Windows CardSpace;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
S3 KeyScrambler;KeyScrambler;C:\WINDOWS\system32\drivers\keyscrambler.sys
S3 SNDMI13;Mega Pixel Camera (8105 SXGA);C:\WINDOWS\system32\DRIVERS\sndmi13.sys
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys
S3 usbcm;USB Cable Modem 351000 NDIS Driver;C:\WINDOWS\system32\DRIVERS\usbcm.sys
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
S4 PackethSvc;Virtual NIC Service;C:\WINDOWS\System32\PackethSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy
BullGuardFw BsFwall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e91ea7a3-bb92-11db-b86b-00038a000011}]
AutoRun\command- E:\InstallTomTomHOME.exe

Contents of the 'Scheduled Tasks' folder
2007-05-30 13:53:25 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
2007-08-13 07:20:16 C:\WINDOWS\Tasks\User_Feed_Synchronization-{5FBD4437-5C3C-4C37-A02B-0306E099ABE4}.job - C:\WINDOWS\system32\msfeedssync.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-13 08:17:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-13  8:25:27 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-13 08:24
 --- E O F ---
iv deleted the files avg found.

C.Stevens

Post Edited (craig1987) : 13-08-2007 19:15:36 GMT

Back to Top
 

Andrei M
Forum Moderator




Date Joined Jan 2005
Total Posts : 570
  		   Posted 8-13-2007 9:21 (GMT +1)    Quote: Hijack report & other reportsAlert an admin about: Hijack report & other reports
Hello

Run Hijackthis again, place a checkmark next to these:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O4 - HKLM\..\Run: [oiaevjb] c:\windows\system32\oiaevjb.exe


Then press FIX CHECKED.
Restart the computer, open a My Computer window, locate and delete this with Shift+Del:

c:\windows\system32\oiaevjb.exe

Also, get the latest java:

Older versions of java have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Download the latest version of the Java Runtime Environment from here

Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Andrei M
Microsoft Certified Professional
BullGuard Support Team | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------

Post Edited (Andrei M) : 13-08-2007 20:46:42 GMT

Back to Top
 

craig1987
New Member


Date Joined Aug 2007
Total Posts : 6
  		   Posted 8-14-2007 8:56 (GMT +1)    Quote: Hijack report & other reportsAlert an admin about: Hijack report & other reports
Hi i done your advice heres the log i couldent fine the folder u ask me 2 delete once i had fixed it






Logfile of HijackThis v1.99.1
Scan saved at 08:55:58, on 14/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BullGuard Software\BullGuard\bullguard.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Mark\My Documents\frank's file\log reports and fix programs\alternativ.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: VSPopUp - {C89657E6-D083-4EA3-81D2-D7AD3D0ED490} - C:\WINDOWS\system32\vsPop.dll
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [Broadbandadvisor.exe] "C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe" /AUTORUN
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Software\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra 'Tools' menuitem: No More Cookies - {334C4A3A-7B0F-4C55-B73F-63B37865E8FA} - C:\Program Files\No More Cookies\No More Cookies.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.ntlhome.com
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.8/WinSSWebAgent.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab30149.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {3AE9ED90-4B59-47A0-873B-7B71554B3C3E} (JoystickCtl Class) - http://downloads.bigredswitch.co.uk/joystick.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip.com/ricochet/ReflexiveWebGameLoader.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.truprint.co.uk/TruprintActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109w.bay109.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {4F5E4276-C120-11D6-A1FD-00508B9D48EA} (dldisplay Class) - http://www.gamehouse.com/ghdlctl.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase969.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1134218658984
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.shockwave.com/content/luxor/mjolauncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://www.tynebridgewebcam.com/camimages/AxisCamControl.ocx
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Windows/Initial/VideoEggPublisher.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B3CB436E-7169-4BD3-A771-12EF99A2B76C} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylomgames.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O16 - DPF: {ED8525EA-2BFC-4440-BD8A-20EFB9D5E541} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4463/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab30149.cab
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B23E0CC} - http://direct.data-line.us/gbn1178.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BGLiveSvc) - BullGuard Software - C:\Program Files\BullGuard Software\BullGuard\BullGuardUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
 

C.Stevens

Back to Top
 

Andrei M
Forum Moderator




Date Joined Jan 2005
Total Posts : 570
  		   Posted 8-15-2007 11:37 (GMT +1)    Quote: Hijack report & other reportsAlert an admin about: Hijack report & other reports
Hello,

The log looks ok now. How are things running please?

Andrei M
Microsoft Certified Professional
BullGuard Support Team | support[at]bullguard[dot]com

---------
If more than 24hrs have passed since my last reply on your thread, send me a private message to remind me.
---------

Back to Top
 

craig1987
New Member


Date Joined Aug 2007
Total Posts : 6
  		   Posted 8-15-2007 2:16 (GMT +1)    Quote: Hijack report & other reportsAlert an admin about: Hijack report & other reports
everythings ok only problem i got sometimes i'll be surfing the internet and the page wil freeze. it only did a though times. on ebay it does it most

C.Stevens

Back to Top
 
New Topic Post reply to : Hijack report & other reports Printable version of : Hijack report & other reports
 
Forum Information
Currently it is Wednesday, December 03, 2008 6:38 AM (GMT +1)
There are a total of 64.512 posts in 15.910 threads.
In the last 3 days there were 19 new threads and 77 reply posts. View Active Threads
Who's Online
This forum has 27326 registered members. Please welcome our newest member, DooN.
48 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Help with a (win32 trojan gen other) (0)03-12-2008 02:25:45 (finz)
Ok...I'm infected, now what? (24)03-12-2008 02:11:28 (Zalen)
Antivirus disabled/URL Redirect Malware.Wont let me install MALEWAREBYTES (3)03-12-2008 02:08:19 (cgamm)
Trojan Horse Generic 12.KAO (5)03-12-2008 02:01:58 (Taryn)
No Safe Mode, explorer.exe crashes, no internet (0)03-12-2008 00:49:20 (roygbp)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard