Access MemberArea.exe

Discussion in 'Windows - Virus and spyware problems' started by casters, Mar 26, 2006.

  1. casters

    casters Guest

    Hi,

    I have picked up a nasty little virus/trojan (not sure what it is) but it places a Access Members Area icon on my desktop. Seems others here have the same problem

    Zone-alarm security suite warns me that an id***8.tmp file is trying to gain access to execute a command; when I try to deny the file access to any services a message box appears telling me I have no rights or the path to the file cannot be found - when I look in the zone alarm program control centre I see a list of files as below:
    Id1366.tmp; ID1848.tmp; ID1C8E.tmp; ID1FBB.tmp; ID1CCF.tmp; IDF7E.tmp - I have never seen these files listed before. I have set zone alarm to kill if these files try to request access for any resources. My disk drive is also thrashing away in the background. I have scanned using lavasoft and spybot + scanned with zonealarms built in spyware detector - nothing ever found.

    Anyway - below is my HJT logfile - hope somebody can help out

    Logfile of HijackThis v1.99.1
    Scan saved at 13:08:18, on 26/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Ahead\InCD\InCDsrv.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\KService\KService.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\HPZipm12.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\UAService7.exe
    E:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Ahead\InCD\InCD.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    E:\Program Files\KSE\nHancer\nHancer.exe
    E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\WINDOWS\system32\tbctray.exe
    E:\Program Files\Logitech\Profiler\lwemon.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\WINDOWS\system32\ZoneLabs\isafe.exe
    E:\WINDOWS\system32\nvctrl.exe
    E:\hjt\HijackThis.exe

    O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - E:\WINDOWS\system32\hp2345.tmp
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "E:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nHancer] "E:\Program Files\KSE\nHancer\nHancer.exe" /tray
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ABIT uGuru] E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TraySantaCruz] E:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "E:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco//app/opcuploader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
    O20 - Winlogon Notify: WB - E:\Program Files\AlienGUIse\fastload.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - E:\Program Files\KService\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - E:\WINDOWS\system32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    casters, Mar 26, 2006
    #1
  2. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    Download ewido
    http://www.ewido.net/en/download/
    You don't have to scan yet

    Download smitrem
    http://noahdfear.geekstogo.com/click counter/click.php?id=1
    Save to desktop, Don't run yet

    Close all open windows, open HijackThis, do a system scan only and check this:

    O2 - BHO: Nothing - {4da4616d-7e6e-4fd9-a2d5-b6c535733e22} - E:\WINDOWS\system32\hp2345.tmp

    And click fix cheked

    Then restart your computer to safe mode
    http://www.pchell.com/support/safemode.shtml

    Open the smitrem folder on your desktop and doubleclick runthis.bat. Follow the instructions.

    Next do a full system scan with ewido and save report

    After that boot back to normal mode and post a new HijackThis log, the contents of C:\smitfiles.txt and the report from ewido


     
    Last edited: Mar 26, 2006
    Jurppis, Mar 26, 2006
    #2
  3. casters

    casters Guest

    Hi there - thanks for the help. Have carried out the instructions with the following results:

    [bold]smitremlogfile:[/bold]


    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: 26/03/2006
    The current time is: 14:51:55.17

    Running from
    E:\Documents and Settings\Simon\Desktop\smitRem

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Pre-run SharedTask Export

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32]
    @="E:\WINDOWS\system32\stickrep.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    SpywareStrike uninstaller NOT present

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~

    Antivirus Test Online.url


    ~~~ system32 folder ~~~

    ll.exe
    1024 dir
    ld****.tmp
    mssearchnet.exe
    ncompat.tlb
    nvctrl.exe
    hp***.tmp


    ~~~ Icons in System32 ~~~

    ts.ico
    ot.ico


    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
    Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
    Killing PID 800 'explorer.exe'
    Killing PID 800 'explorer.exe'

    Starting registry repairs

    Registry repairs complete

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    SharedTask Export after registry fix

    (GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
    Copyright(C) 2006 BleepingComputer.com

    Registry Pseudo-Format Mode (Not a valid reg file):

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
    "{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
    @="%SystemRoot%\System32\browseui.dll"


    [HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}\InProcServer32]
    @="E:\WINDOWS\system32\stickrep.dll"


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Deleting files

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~


    ~~~ Wininet.dll ~~~

    CLEAN! :)

    [bold]ewido report here[/bold]

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 19:52:56, 26/03/2006
    + Report-Checksum: 1F101D03

    + Scan result:

    HKU\S-1-5-21-515967899-1275210071-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DA4616D-7E6E-4FD9-A2D5-B6C535733E22} -> Adware.Generic : Cleaned with backup
    :mozilla.12:E:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\gj3m93tt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    :mozilla.16:E:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\gj3m93tt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.17:E:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\gj3m93tt.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.18:E:\Documents and Settings\Anita\Application Data\Mozilla\Firefox\Profiles\gj3m93tt.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
    E:\Documents and Settings\Anita\Cookies\anita@e-2dj6wjkoghczcfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    E:\Documents and Settings\Anita\Cookies\anita@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup


    ::Report End

    [bold]HJT logfile 2 here:[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 20:08:11, on 26/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Ahead\InCD\InCDsrv.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\ewido anti-malware\ewidoctrl.exe
    E:\Program Files\ewido anti-malware\ewidoguard.exe
    E:\Program Files\KService\KService.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\HPZipm12.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\UAService7.exe
    E:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\WINDOWS\system32\ZoneLabs\isafe.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Ahead\InCD\InCD.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    E:\Program Files\KSE\nHancer\nHancer.exe
    E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\WINDOWS\system32\tbctray.exe
    E:\Program Files\Logitech\Profiler\lwemon.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    E:\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "E:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [USBToolTip] "E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nHancer] "E:\Program Files\KSE\nHancer\nHancer.exe" /tray
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [ABIT uGuru] E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TraySantaCruz] E:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "E:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco//app/opcuploader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
    O20 - Winlogon Notify: WB - E:\Program Files\AlienGUIse\fastload.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - E:\Program Files\KService\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - E:\WINDOWS\system32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

    thanks,

    Simon.

     
    casters, Mar 26, 2006
    #3
  4. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    Your computer is almost clean :)

    Download SQfix
    http://castlecops.com/zx/flrman1/FixSQ.zip
    Unzip it to desktop and doubleclick the .reg file. Click yes to every question it asks you.

    Then delete this file E:\WINDOWS\system32\->stickrep.dll
    If you can't delete it, try deleting it in safe mode
     
    Jurppis, Mar 27, 2006
    #4
  5. casters

    casters Guest

    Hi - and thanks again for all your help:

    Latest HJT logfile posted below:

    Logfile of HijackThis v1.99.1
    Scan saved at 19:47:49, on 27/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Ahead\InCD\InCDsrv.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\ewido anti-malware\ewidoctrl.exe
    E:\Program Files\ewido anti-malware\ewidoguard.exe
    E:\Program Files\KService\KService.exe
    E:\WINDOWS\system32\nvsvc32.exe
    E:\WINDOWS\system32\HPZipm12.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\UAService7.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
    E:\WINDOWS\SOUNDMAN.EXE
    E:\Program Files\QuickTime\qttask.exe
    E:\Program Files\KSE\nHancer\nHancer.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\Ahead\InCD\InCD.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    E:\WINDOWS\system32\tbctray.exe
    E:\Program Files\Logitech\Profiler\lwemon.exe
    E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    E:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    E:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    E:\WINDOWS\system32\ZoneLabs\vsmon.exe
    E:\WINDOWS\system32\ZoneLabs\isafe.exe
    E:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
    E:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [USBToolTip] "E:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
    O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "E:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "E:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nHancer] "E:\Program Files\KSE\nHancer\nHancer.exe" /tray
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [InCD] E:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [HP Software Update] "E:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [ABIT uGuru] E:\Program Files\ABIT\ABIT uGuru\uGuru.exe
    O4 - HKLM\..\Run: [TraySantaCruz] E:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [Start WingMan Profiler] "E:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = E:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://e:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://e:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BF6BBE9A-0656-4598-A0CD-32DAC03959B5} (Image Uploader 3.0 Control) - http://www.tescophoto.com/wpp/tesco//app/opcuploader.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EC7E1CD0-649D-42AA-BA3D-033F8D01B95B}: NameServer = 194.168.4.100 194.168.8.100
    O20 - Winlogon Notify: WB - E:\Program Files\AlienGUIse\fastload.dll
    O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - E:\WINDOWS\system32\ZoneLabs\isafe.exe
    O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: KService - Kontiki Inc. - E:\Program Files\KService\KService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - E:\WINDOWS\system32\UAService7.exe


    I think things are sorted now - can u confirm. Again - many thanks for your help over this, much appreciated.

    Simon. :^)
     
    casters, Mar 27, 2006
    #5
  6. Jurppis

    Jurppis Regular member

    Joined:
    Feb 22, 2006
    Messages:
    659
    Likes Received:
    0
    Trophy Points:
    26
    Log is clean, and if you aren't having any more problems, this is it :)
     
    Jurppis, Mar 27, 2006
    #6
  7. casters

    casters Guest

    Yep, problems seem to have gone away. Thats great - many thanks :^)

    Simon
     
    casters, Mar 27, 2006
    #7

Share This Page