Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old May 23rd, 2006, 09:16 AM
jobel60's Avatar
jobel60 jobel60 is offline
Senior Member
 
Join Date: Dec 2001
O/S: Windows XP Pro
Location: uk
Age: 64
Posts: 201
Comp gone nuts/possibly a Trojan?

Windows XP Pro. 80gb hardrive 1994 mhz RAM – 2.2mb broadand Samsung cdrw/dvd sm – 352b - NEC DVD RW - Nero 6 ultra ed. + upgrades,Roxio 7
Avast! Firewall. Spybot. Adaware. Cwshreddeer. Hijackthis. Regcleaner


Hi all, I have had so many problems with the comp for the last few days. Basically it wouldn't load quickly. It froze every prog that was anti spyware - like spybot etc - and was extremely slow opening any other folders. It wouldn't let me connect to the net or would it close down to just have the screensacer and the pointer. I had to pull out the mains plug. If I tried to use task manager it just froze. I tred to do a system restore from tools, my comp, and F8 but would not reboot for it to take effect!
I read the sticky about doing an online scan after I had tried the Trend mico online scan ( which in my opinion is the best one ) and the ewido so don't get Ann Marie to it me with that stick again! The ewido scan is clear but as soon as I try to scan with TM it just shuts the prog down.
When I loaded my asdl one touch speed modem it never showed up in the hardware list and I had to use a remote comp to connect to the net.
When I did the HJT scan it said something about having too many infected domains and it would be easier to get rid of the core file; anything that starts 01 but as far as I can see, most 01 files are winmx which I on't think I have used for 6 months now so I don't know why that should appear now.

Could someone look at my HJT log please?




Logfile of HijackThis v1.99.1
Scan saved at 08:53:29, on 23/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\qttask.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IDDevice\pwm.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\AMD\My Documents\New Folder (7)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file)
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\1911.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start PasswordCenter.lnk = C:\Program Files\IDDevice\pwm.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\1911.dll/blogimage
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148365893288
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148366690825
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0045C35F-B8C5-4546-AF4B-FF0603EC10B0}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

Thanks for any help
Reply With Quote
  #2  
Old May 24th, 2006, 02:31 AM
Pancake Pancake is offline
CTH Subscriber
 
Join Date: Jan 2004
Location: Australia
Posts: 11,317
Hi

To help clean out Trusted Zones,download and run DELDOMAINS then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.


Then run HJT and remove these items.


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...ww.yahoo.co.uk
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.1 www.winmx.com
O1 - Hosts: 205.238.40.1 err.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1305.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1305.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.1 c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3311.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3312.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3313.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1306.winmx.com
O1 - Hosts: 82.195.155.6 c3317.z1306.winmx.com
O1 - Hosts: 82.195.155.7 c3318.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1301.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1302.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1302.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1303.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1303.winmx.com
O1 - Hosts: 82.195.155.7 c3528.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.1 c3520.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3521.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3522.z1304.winmx.com
O1 - Hosts: 82.195.155.7 c3523.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1304.winmx.com
O1 - Hosts: 82.195.155.6 c3527.z1304.winmx.com
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} (Sinstaller Class) - http://dm.screensavers.com/dm/instal...sinstaller.cab

Last edited by Pancake; May 24th, 2006 at 02:34 AM.
Reply With Quote
  #3  
Old May 25th, 2006, 10:28 PM
jobel60's Avatar
jobel60 jobel60 is offline
Senior Member
 
Join Date: Dec 2001
O/S: Windows XP Pro
Location: uk
Age: 64
Posts: 201
Hi Pancake, thanks for all your help; it is much appreciated.
I don't know if I fixed all the ones you listed because my printer is knacked as well and I had to resort to ye old fashioned pen and paper and got confused.
Anyway, here is my new HJT log. I also got rid of Winmx totally and installed AVG scanner. Tell me if there is anything else but my comp is running much smoother after following you advice. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 22:27:14, on 25/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IDDevice\pwm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: Stumble&Upon - {22D003CE-6952-46C5-80B9-D19B479620AB} - C:\WINDOWS\1911.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Start PasswordCenter.lnk = C:\Program Files\IDDevice\pwm.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: StumbleUpon: &Blog This - res://C:\WINDOWS\1911.dll/blogimage
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache...up1.0.0.15.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1148365893288
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1148366690825
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {95844941-7934-4693-92D9-8202EA7B20ED} - http://www.stumbleupon.com/stumble.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} - http://www.freedom.net/viruscenter/o...abs/cssweb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0045C35F-B8C5-4546-AF4B-FF0603EC10B0}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
Reply With Quote
  #4  
Old May 26th, 2006, 01:27 AM
Pancake Pancake is offline
CTH Subscriber
 
Join Date: Jan 2004
Location: Australia
Posts: 11,317
That all looks fine.I dont see anymore problems....
Reply With Quote
  #5  
Old May 26th, 2006, 08:01 AM
jobel60's Avatar
jobel60 jobel60 is offline
Senior Member
 
Join Date: Dec 2001
O/S: Windows XP Pro
Location: uk
Age: 64
Posts: 201
Thanks Mate
Reply With Quote
  #6  
Old May 26th, 2006, 08:55 AM
Pancake Pancake is offline
CTH Subscriber
 
Join Date: Jan 2004
Location: Australia
Posts: 11,317
Your welcome.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Possibly have a Trojan--need help! thevioletstorm2 Malware Removal 16 April 7th, 2015 06:22 AM
Help! Computer Virus! Possibly a Trojan? RandomKid Malware Removal 1 December 25th, 2010 04:01 AM
Trojan Possibly Neo2741 Malware Removal 1 February 19th, 2009 05:31 PM
Some trojan possibly changed some settings xGAx Malware Removal 9 May 27th, 2008 03:16 AM
Comp doesn't start, fan goes nuts. KillaAssassin Hardware 2 May 1st, 2007 04:00 AM


All times are GMT +1. The time now is 06:08 PM.