Member Avatar for idiot19

Logfile of HijackThis v1.99.1
Scan saved at 8:49:21 PM, on 9/5/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00

(6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RnJhbmsgSG91c2UA\command.ex

e
C:\Program Files\ewido\security

suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\crmoxen.exe
C:\Program Files\VERITAS Software\Update

Manager\sgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe
C:\WINDOWS\System32\medgs1.exe
C:\WINDOWS\System32\opr.exe
C:\Program Files\Webroot\Spy

Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.

exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe

R1 - HKCU\Software\Microsoft\Internet
Explorer\Main,Window Title = Microsoft
Internet Explorer provided by Optimum Online

R1 -
HKCU\Software\Microsoft\Windows\CurrentVer
sion\Internet Settings,ProxyServer =
192.168.100.11

R3 - URLSearchHook: (no name) -
{02EE5B04-F144-47BB-83FB-A60BD91B74A9} -
C:\Program Files\SurfSideKick 3\SskBho.dll

F2 - REG:system.ini: Shell=Explorer.exe
C:\WINDOWS\Nail.exe

O2 - BHO: (no name) -
{53707962-6F74-2D53-2644-206D7942484F} -
C:\Program Files\Spybot - Search &
Destroy\SDHelper.dll

O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio -
{8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NvCplDaemon]
RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [StorageGuard] "C:\Program
Files\VERITAS Software\Update
Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [iTunesHelper] C:\Program
Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe"
-atboottime

O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Common
Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [MMTray] "C:\Program
Files\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe"

O4 - HKLM\..\Run: [mmtask] "C:\Program
Files\MUSICMATCH\MUSICMATCH
Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [uveruh]
C:\WINDOWS\uveruh.exe

O4 - HKLM\..\Run: [MedGS]
C:\WINDOWS\System32\medgs1.exe

O4 - HKLM\..\Run: [opr]
C:\WINDOWS\System32\opr.exe

O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSCo
nfig.exe /auto

O4 - HKLM\..\Run: [SpySweeper] "C:\Program
Files\Webroot\Spy Sweeper\SpySweeper.exe"
/startintray

O4 - HKLM\..\Run: [winsync]
C:\WINDOWS\System32\drtrpg.exe reg_run

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program
Files\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [jqsdea]
C:\WINDOWS\System32\crmoxen.exe r

O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program
Files\SurfSideKick 3\Ssk.exe

O4 - Startup: PowerReg Scheduler.exe

O4 - Global Startup: InterVideo WinCinema
Manager.lnk = C:\Program
Files\InterVideo\Common\Bin\WinCinemaMgr.
exe

O4 - Global Startup: Microsoft Office.lnk =
C:\Program Files\Microsoft
Office\Office\OSA9.EXE

O8 - Extra context menu item: &Google Search -
res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links -
res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.ht
ml

O8 - Extra context menu item: Cached Snapshot
of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages -
res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into
English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF:

START_PAGE_URL=http://www.optonline.net
O16 - DPF:

{0878B424-1F95-4E26-B5AB-F0D349D89650} -

http://download.bargain-buddy.net/download/b

argain_buddy/cab/installer_MARKETING32.cab
O16 - DPF:

{15589FA1-C456-11CE-BF01-00AA0055595A} -

http://www.qoolaid.com/download/224/installe

r.exe
O16 - DPF:

{54823A9D-6BAE-11D5-B519-0050BA2413EB}

(ChkDVDCtl Class) -

http://www.gocyberlink.com/winxp/CheckDVD.

cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6

/V5Controls/en/x86/client/wuweb_site.cab?1125

863338365
O16 - DPF:

{8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -

http://toolbar.google.com/data/GoogleActivate.c

ab
O16 - DPF:

{972BB342-14A7-4660-83C1-51DDBEE171DB} -

http://www.pacimedia.com/install/pcs_0022.ex

e
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://www.pandasoftware.com/activescan/as5/

asinst.cab
O16 - DPF:

{D719897A-B07A-4C0C-AEA9-9B663A28DFCB}

(iTunesDetector Class) -

http://ax.phobos.apple.com.edgesuite.net/detect

ion/ITDetector.cab
O16 - DPF:

{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -

http://download.abacast.com/download/files/ab

asetup142f1.cab
O20 - AppInit_DLLs: repairs.dll
O23 - Service: Command Service (cmdService) -

Unknown owner -

C:\WINDOWS\RnJhbmsgSG91c2UA\command.ex

e
O23 - Service: ewido security suite control -

ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service

(GEARSecurity) - GEAR Software -

C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager

(IDriverT) - Macrovision Corporation -

C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple

Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service

(NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) -

Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Webroot Spy Sweeper Engine

(svcWRSSSDK) - Webroot Software, Inc. -

C:\Program Files\Webroot\Spy

Sweeper\WRSSSDK.exe

  • 2 Contributors
  • 1 Reply
  • 100 Views
  • 23 Hours Discussion Span
  • Latest Post Latest Post by dlh6213
Member Avatar for dlh6213

Hi idiot19, welcome to DaniWeb :D

Please follow the suggestions and instructions in the links below (don't skip the Windows Updates!). When you get to the end of the last one, go to post #5 to remove Aurora.

When you've completed that, post a new HijackThis log (include the entire log next time) along with your Ewido log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.