Who keeps nicking my TaskManager

Discussion in 'Windows - Virus and spyware problems' started by raffs, Sep 27, 2006.

  1. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Every so often my Task Manager is disabled and when I go to run it I am told it has been disabled by my administrator, ( I am the only account on my home PC).

    I have run Spybot, Adaware & Ewido for spyware with Avast for any viruses. I have included a Hijack This log.

    My system appears clean but obviously somethings causing this, please help.
    Logfile of HijackThis v1.99.1
    Scan saved at 16:30:20, on 27/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\WINDOWS.0\svchost32.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\AOL 9.0b\aoltray.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLServiceHost.exe
    C:\WINDOWS.0\system32\wscntfy.exe
    c:\program files\common files\aol\1158261674\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\AOL 9.0b\waol.exe
    C:\Program Files\AOL 9.0b\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Desktop\shortCuts\utorrent.exe
    C:\WINDOWS.0\explorer.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Desktop\PROTECTION\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.co.jp/thanatos18388
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Viva TermeX !
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [Task Manager] C:\WINDOWS.0\svchost32.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.0\system32\Shdocvw.dll
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4856/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C81775AB-B3A6-4EE7-BD50-DDF16D9565CB}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe
     
    raffs, Sep 27, 2006
    #1
  2. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    You've got a trojan named Agent.evj

    Go here and run ActiveScan so we know where it is located. When it finishes, save the results and post them here.
     
    Niobis, Sep 27, 2006
    #2
  3. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Thanks Niobis, heres the Panda report,


    Incident Status Location

    Virus:W32/Sohanat.B.worm Disinfected Operating system
    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Raff\Cookies\raff@atwola[1].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@adrevolver[2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@adrevolver[3].txt
    Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@apmebf[2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@drivecleaner[2].txt
    Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@go[2].txt
    Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@tickle[2].txt
    Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@toplist[1].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Cookies\raff@www.drivecleaner[1].txt
     
    raffs, Sep 27, 2006
    #3
  4. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Post a new HijackThis log. There was more than 1 worm showing in your first log.
     
    Last edited: Sep 27, 2006
    Niobis, Sep 27, 2006
    #4
  5. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    As requested heres the hijack this log, thanks for the help this is bugging the hell out of me.

    Logfile of HijackThis v1.99.1
    Scan saved at 20:07:58, on 28/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\AOL 9.0b\aoltray.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLServiceHost.exe
    C:\WINDOWS.0\system32\wscntfy.exe
    c:\program files\common files\aol\1158261674\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLServiceHost.exe
    C:\Program Files\AOL 9.0b\waol.exe
    C:\Program Files\AOL 9.0b\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Desktop\shortCuts\utorrent.exe
    C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Desktop\PROTECTION\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.co.jp/thanatos18388
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Viva TermeX !
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.0\system32\Shdocvw.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4856/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C81775AB-B3A6-4EE7-BD50-DDF16D9565CB}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe

     
    raffs, Sep 28, 2006
    #5
  6. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Run a scan only with HijackThis, check to fix this.

    [bold]O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1[/bold]

    The rest I do not want to type 'cause it's long. :) So, go here and follow the directions.

    Restart and come back here and post a new HijackThis log.
     
    Niobis, Sep 28, 2006
    #6
  7. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Thanks Niobis, I really appreciate the time and effort. Here is the log file:

    Logfile of HijackThis v1.99.1
    Scan saved at 06:58:02, on 29/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\WINDOWS.0\system32\wscntfy.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\AOL 9.0b\aoltray.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLServiceHost.exe
    c:\program files\common files\aol\1158261674\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\WINDOWS.0\system32\wuauclt.exe
    C:\Program Files\AOL 9.0b\waol.exe
    C:\Program Files\AOL 9.0b\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Desktop\PROTECTION\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.co.jp/thanatos18388
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Viva TermeX !
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.0\system32\Shdocvw.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4856/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C81775AB-B3A6-4EE7-BD50-DDF16D9565CB}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe

     
    raffs, Sep 28, 2006
    #7
  8. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Fix this with HijackThis.

    [bold]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Viva TermeX ![/bold]

    Close HjT and rename HijackThis_v1.99.1.exe to scanme.exe

    Run a new scan and post the log.
     
    Niobis, Sep 28, 2006
    #8
  9. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    I have done as you asked, the Task Manager ahsn't gone for a while now Yipee!!

    Logfile of HijackThis v1.99.1
    Scan saved at 17:48:07, on 30/09/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS.0\System32\smss.exe
    C:\WINDOWS.0\system32\winlogon.exe
    C:\WINDOWS.0\system32\services.exe
    C:\WINDOWS.0\system32\lsass.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\System32\svchost.exe
    C:\WINDOWS.0\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\WINDOWS.0\system32\nvsvc32.exe
    C:\WINDOWS.0\system32\svchost.exe
    C:\WINDOWS.0\Explorer.EXE
    C:\WINDOWS.0\system32\wscntfy.exe
    C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
    C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    C:\Program Files\VoyagerTest\fts.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    C:\Program Files\Common Files\AOL\1158261674\ee\AOLServiceHost.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    c:\program files\common files\aol\1158261674\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
    C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe
    C:\Program Files\AOL 9.0b\waol.exe
    C:\Program Files\AOL 9.0b\shellmon.exe
    C:\Program Files\Common Files\AOL\aoltpspd.exe
    C:\Documents and Settings\Raff.4F5D5D8EF7C64D7\Desktop\PROTECTION\scanme.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.co.jp/thanatos18388
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
    O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
    O4 - HKLM\..\Run: [%FP%Friendly fts.exe] "C:\Program Files\VoyagerTest\fts.exe"
    O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158261674\ee\AOLHostManager.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0b\aoltray.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.0\system32\Shdocvw.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4856/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C81775AB-B3A6-4EE7-BD50-DDF16D9565CB}: NameServer = 205.188.146.145
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS.0\system32\HPZipm12.exe

     
    raffs, Sep 30, 2006
    #9
  10. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Ok, looks good. Had you rename HjT to check for Vundo. Log was only showing one 02 and zero 020's. Ususally caused by Vundo.

    Log is clean now. Just a few more things.

    Go here and download [bold]CCleaner[/bold].

    [bold]Note[/bold]: If you do not want Yahoo! Toolbar uncheck the option when installing.

    Close all windows.
    Open CCleaner.
    Click "Run Cleaner".
    After cleaning, click "Issues".
    Click "Scan for Issues".
    After scannning, click "Fix selectes issues...".
    When prompted to backup registry, click "Yes".

    Your Java is out of date.
    Go here and download [bold]Java Runtime Environment 5.0 Update 9[/bold].
    Uninstall all previous versions of JRE, restart and then install Update 9.

    Good luck. :)
     
    Niobis, Sep 30, 2006
    #10
  11. raffs

    raffs Regular member

    Joined:
    Apr 22, 2005
    Messages:
    213
    Likes Received:
    0
    Trophy Points:
    26
    Go raibh mile maith agat (Thanks alot),

    I am very grateful for your time and knowledge, keep up the good work. It's good to have someone to get help from when you have problems like this.
     
    Last edited: Sep 30, 2006
    raffs, Sep 30, 2006
    #11
  12. Niobis

    Niobis Active member

    Joined:
    Jan 30, 2005
    Messages:
    2,326
    Likes Received:
    0
    Trophy Points:
    66
    Your welcome and thank you! :)
     
    Niobis, Sep 30, 2006
    #12

Share This Page