Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Ad-aware Says: Hkey_classes_root\scrfile\shell\


  • Please log in to reply
7 replies to this topic

#1 SantaWorks

SantaWorks

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 15 April 2005 - 12:38 PM

Please bare with me, first time here 1. Operating System: XP 5.1.2600 [Service Pack 1] Accounts on the computer = two: Admin and Santa with admin rights 2. Browser and version: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 StumbleUpon/1.9993 and: IE:6.0.2800.1106;FF:1.0 (en-US) but never use it 3. Nature of the error or problems including content of any error messages: Ad-Aware SE says Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : "%1" %* Category : Vulnerability Comment : Possible virus infection, SCR file extension compromised Rootkey : HKEY_CLASSES_ROOT Object : scrfile\shell\open\command Value : Data : "%1" %* ( HKEY_CLASSES_ROOT\scrfile\shell\open\command "%1" %* should be "%1" /s ) ======================================================= Spyware Doctor ver 3.1.0312 Scan Results: scan start: 4/15/2005 11:36:01 AM scan stop: 4/15/2005 11:36:44 AM scanned items: 40024 found items: 1 found and ignored: 0 tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Cookie Scanner, Browser Defaults, Favorites and ZoneMap Scanner, Browser Scanner, Disk Scanner Infection Name Location Risk IEPlugin HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl Medium IEPlugin is an IE Browser Helper Object. It monitors site addresses, content entered into forms, and even local filenames browsed, and pops up advertisements when it sees a targeted keyword. It also installs a process to update itself, which will attempt to connect to its servers every minute or so. ====================================================== also I think AOL v.7.0 rev.4114537 32-bit has started to show "AOL Channels" bar when it had not in recent past 4. List of security software installed, i.e., firewall, anti-virus, spam blockers, popup blockers, script protection, etc: Look'n'Stop ver.2.05p2 firewall AVG Anti-Virus 7.0.308 virus base: 266.9.10 date 4/14/05 Kaspersky Anti-Virus 5.0.20 virus base 4/15/05 Solo Anti-Virus Sentry System ver. 3.0 build 1.2.7.1 Spybot - Search & Destroy version: 1.3 .1TX (build: 20040801) updated 4/08/05 spyware nuker 2005 ver.3.04.18.16 Def File 200504071543 Spyware Doctor ver 3.1.0312 Spy Cleaner Gold v9.3 dbase 2.830 updated 4/15/05 5. What steps have been taken so far to address the problems. run av & spy removers Have you tried cleaning? not sure what clean means *Followed advice at another forum? no Have you scanned and cleaned with a virus scanner yes SpybotS&D yes Ad-aware yes Have you done a manual removal? no or uninstalled such and such progam? no 6. List of file sharing programs installed: NONE Logfile of HijackThis v1.99.1 Scan saved at 1:23:50 PM, on 4/15/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\TweakNow PowerPack\RAM_XP.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\SOLOAN~1\SOLOSENT.EXE C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\Program Files\Spyware Nuker 2004\swn2.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe C:\Program Files\TaskInfo2003 5.0\TaskInfo.exe D:\Program Files\AtClock\AtClock.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\BestCrypt\BCResident.exe C:\Program Files\Text Monkey\TextMonkeyPRO.exe K:\America Online 7.0\waol.exe K:\PROGRAM FILES\Firefox\firefox.exe C:\Program Files\PowerDesk\PDExplo.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Security Programs\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll O2 - BHO: Adobe Acrobat Helper - {A452DA63-4286-48EB-A838-3BA85C3049F5} - C:\WINDOWS\Acrobat.dll (file missing) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\BestCrypt\BCWipeTM.exe" startup O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\TrueImage\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SOLOAN~1\SOLOSENT.EXE O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SOLOAN~1\SYSCHECK.COM O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h O4 - HKLM\..\Run: [Spyware Protection Pro] C:\Program Files\Spyware Protection Pro\SpywareProtectionPro.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S O4 - HKCU\..\Run: [TaskInfo.exe] "C:\Program Files\TaskInfo2003 5.0\TaskInfo.exe" O4 - HKCU\..\Run: [AtClock.exe] D:\Program Files\AtClock\AtClock.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Text Monkey PRO.lnk = C:\Program Files\Text Monkey\TextMonkeyPRO.exe O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\BestCrypt\BestCrypt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - K:\PROGRAM FILES\AIM95\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{C8254510-0DE1-418B-B2A4-080682753797}: NameServer = 205.188.146.145 O20 - AppInit_DLLs: hplun.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Advertisements

Register to Remove


#2 Racktracker

Racktracker

    Hunter of Malware

  • Authentic Member
  • PipPipPip
  • 381 posts

Posted 15 April 2005 - 08:52 PM

Hi Santa

Run another hijackthis scan. Place a check next to the following entries, then close all other windows and click the fix button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
O2 - BHO: Adobe Acrobat Helper - {A452DA63-4286-48EB-A838-3BA85C3049F5} - C:\WINDOWS\Acrobat.dll (file missing)

Copy the following bold text into Notepad.
Name the file Fix.reg
Save as type All Files
Save on the Desktop.

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

Double click on Fix.reg
Answer yes when asked to merge.

Then reboot and run another hijackthis scan and post your new log here.

BTW I'm still waiting on that train set I asked for when I was 10. ;)
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Posted Image

#3 SantaWorks

SantaWorks

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 16 April 2005 - 12:34 AM

Thanks Racktracker for the reply and advice, did as you adviced, looks as if I still have a problem with Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Windows Object Recognized! Type : RegData Data : "%1" %* Category : Vulnerability Comment : Possible virus infection, SCR file extension compromised Rootkey : HKEY_CLASSES_ROOT Object : scrfile\shell\open\command Value : Data : "%1" %* HKEY_CLASSES_ROOT\scrfile\shell\open\command "%1" %* should be "%1" /s And: A new Browser Helper Object CLSID: {A452DA63-4286-48EB-A838-3BA85C3049F5} -(no file) Here is my new log file Logfile of HijackThis v1.99.1 Scan saved at 12:37:32 AM, on 4/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\TweakNow PowerPack\RAM_XP.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\PROGRA~1\SOLOAN~1\SOLOSENT.EXE C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\Program Files\Spyware Nuker 2004\swn2.exe C:\Program Files\Spyware Protection Pro\SpywareProtectionPro.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe C:\Program Files\TaskInfo2003 5.0\TaskInfo.exe D:\Program Files\AtClock\AtClock.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Text Monkey\TextMonkeyPRO.exe C:\Program Files\BestCrypt\BCResident.exe C:\Program Files\PowerDesk\PDExplo.exe C:\WINDOWS\system32\NOTEPAD.EXE D:\Security Programs\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~3\tools\iesdsg.dll O2 - BHO: (no name) - {A452DA63-4286-48EB-A838-3BA85C3049F5} - (no file) O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\BestCrypt\BCWipeTM.exe" startup O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\TrueImage\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoloSentry] C:\PROGRA~1\SOLOAN~1\SOLOSENT.EXE O4 - HKLM\..\Run: [SoloSysCheck] C:\PROGRA~1\SOLOAN~1\SYSCHECK.COM O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [Spyware Nuker] C:\Program Files\Spyware Nuker 2004\swn2.exe /h O4 - HKLM\..\Run: [Spyware Protection Pro] C:\Program Files\Spyware Protection Pro\SpywareProtectionPro.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKLM\..\Run: [Spy Watcher] "C:\PROGRA~1\SPYCLE~1\SpyWatcher.exe" -S O4 - HKCU\..\Run: [TaskInfo.exe] "C:\Program Files\TaskInfo2003 5.0\TaskInfo.exe" O4 - HKCU\..\Run: [AtClock.exe] D:\Program Files\AtClock\AtClock.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Text Monkey PRO.lnk = C:\Program Files\Text Monkey\TextMonkeyPRO.exe O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\BestCrypt\BestCrypt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~3\tools\iesdpb.dll O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - K:\PROGRAM FILES\AIM95\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O20 - AppInit_DLLs: hplun.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#4 Racktracker

Racktracker

    Hunter of Malware

  • Authentic Member
  • PipPipPip
  • 381 posts

Posted 16 April 2005 - 10:00 AM

You will need to disable your spyware programs while we fix this. One or more of them are most likely locking your registry entries from being changed.

The bho entry is the same one that we fixed last time, only it is missing the description this time.

Run another hijackthis scan. Place a check next to the following entries, then close all other windows and click the fix button.

O2 - BHO: (no name) - {A452DA63-4286-48EB-A838-3BA85C3049F5} - (no file)

Copy the following bold text into Notepad.
Name the file Fix.reg
Save as type All Files
Save on the Desktop.

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\scrfile\shell\open\command]

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]
@="\"%1\" /S"

Double click on Fix.reg
Answer yes when asked to merge.

Then reboot and run another hijackthis scan and post your new log here.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Posted Image

#5 SantaWorks

SantaWorks

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 16 April 2005 - 02:54 PM

Here is the new HJT log and it looks good to me. What do you think? I uninstalled all anti spyware adware tools temporally. BTW what anti spyware adware tools would you recommend. Logfile of HijackThis v1.99.1 Scan saved at 3:50:29 PM, on 4/16/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\TweakNow PowerPack\RAM_XP.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\Soft4Ever\looknstop\looknstop.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe C:\Program Files\TaskInfo2003 5.0\TaskInfo.exe D:\Program Files\AtClock\AtClock.exe C:\Program Files\Text Monkey\TextMonkeyPRO.exe C:\Program Files\BestCrypt\BCResident.exe K:\America Online 7.0\waol.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\PowerDesk\PDExplo.exe D:\Security Programs\HijackThis\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\BestCrypt\BCWipeTM.exe" startup O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Acronis True Image Monitor] "C:\Program Files\TrueImage\TrueImageMonitor.exe" O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe O4 - HKLM\..\Run: [LogonStudio] "D:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss O4 - HKCU\..\Run: [TaskInfo.exe] "C:\Program Files\TaskInfo2003 5.0\TaskInfo.exe" O4 - HKCU\..\Run: [AtClock.exe] D:\Program Files\AtClock\AtClock.exe O4 - Startup: Text Monkey PRO.lnk = C:\Program Files\Text Monkey\TextMonkeyPRO.exe O4 - Global Startup: BestCrypt Auto Open.lnk = C:\Program Files\BestCrypt\BestCrypt.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - K:\PROGRAM FILES\AIM95\aim.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{C8254510-0DE1-418B-B2A4-080682753797}: NameServer = 205.188.146.145 O20 - AppInit_DLLs: hplun.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#6 Racktracker

Racktracker

    Hunter of Malware

  • Authentic Member
  • PipPipPip
  • 381 posts

Posted 16 April 2005 - 03:12 PM

Your log looks good.

How are things on your end?

You should read this to help prevent future problems.

So how did I get infected

You can outfit your system with more than adequate protection at no cost.
The number of programs you are using may be overkill.

For scanners/removers
Spybot and adaware should take care of almost anything that will come along.

I would use the spybot teatimer for realtime protection and spywareblaster for an added prevention measure.

Add to that a free firewall such as sygate or kerio and a free antivirus such as AVG and you will be in good shape.

And last but not least only use Internet explorer for windows updates, for everything else use one of the mozilla browsers (firefox is excellent).

You can find links to all these programs in the "How did I get infected" link I posted above.
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Posted Image

#7 SantaWorks

SantaWorks

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 16 April 2005 - 04:20 PM

Racktracker Things seem well over here. I will read the "How did I get infected" link to help prevent future problems. Thanks for your slick, swift, swell help. That Lionel train may well be found under your tree this year. Bye for now, Santa

#8 Racktracker

Racktracker

    Hunter of Malware

  • Authentic Member
  • PipPipPip
  • 381 posts

Posted 17 April 2005 - 10:19 AM

Glad we could help.

If you need this topic reopened, please request this by sending an email to us at the following link
(Click for address)
Include your post user name and detail why you need it reopened with a valid link to your post.
Any bad links or emails that are not from the original poster will be deleted without response.
Any emails without the subject "Reopen" will be deleted without being looked at.

If this is not your thread please start a New Topic.

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Posted Image

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users