Full Version: Trojans
Suggest A Fix PC Support Forums > Security > Malicious Code: Viruses, Trojans, Spyware and Browser HiJacking
i was updating windows and i got 3 back door trojans. advice?
Read this tutorial on using HijackThis to post a log. It will show if the trojans are active on your system.
well i found out that the 5 trojans that i have are hidding under windows viruse software in programe files. and i can't delete the stupid thing. 
Still need to see the HJT log.
BG
BG
Hey this the Trojan name: Trojan.lodii witch is in program files\antivirus.exe and this is something I am not familiar with adware.adgent.bin. advice?
Still need a HJT log before we can help.
BG
BG
here it is
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:25 AM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\ltmsg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\PC Alarm Clock\pcalarmclock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" /minimize
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201728848899
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
O17 - HKLM\System\CS2\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
O21 - SSODL: KbdSetup - {cbf8cb17-552e-43c4-abce-b96e947a7e5a} - C:\WINDOWS\Installer\{cbf8cb17-552e-43c4-abce-b96e947a7e5a}\KbdSetup.dll (file missing)
O21 - SSODL: zip - {c92c75b4-7a17-4661-8dbd-d703e75b92aa} - C:\WINDOWS\Installer\{c92c75b4-7a17-4661-8dbd-d703e75b92aa}\zip.dll (file missing)
O21 - SSODL: MonCD - {8604726a-e11d-4302-92c3-c67ac9d6033b} - C:\WINDOWS\Installer\{8604726a-e11d-4302-92c3-c67ac9d6033b}\MonCD.dll (file missing)
O21 - SSODL: WinService - {bf02134a-d82c-4645-8de8-a57bfa68a8f2} - C:\WINDOWS\Installer\{bf02134a-d82c-4645-8de8-a57bfa68a8f2}\WinService.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 9293 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:25 AM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\system32\ltmsg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Computer Alarm Clock\cac.exe
C:\Program Files\PC Alarm Clock\pcalarmclock.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" /minimize
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1201728848899
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
O17 - HKLM\System\CS2\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
O21 - SSODL: KbdSetup - {cbf8cb17-552e-43c4-abce-b96e947a7e5a} - C:\WINDOWS\Installer\{cbf8cb17-552e-43c4-abce-b96e947a7e5a}\KbdSetup.dll (file missing)
O21 - SSODL: zip - {c92c75b4-7a17-4661-8dbd-d703e75b92aa} - C:\WINDOWS\Installer\{c92c75b4-7a17-4661-8dbd-d703e75b92aa}\zip.dll (file missing)
O21 - SSODL: MonCD - {8604726a-e11d-4302-92c3-c67ac9d6033b} - C:\WINDOWS\Installer\{8604726a-e11d-4302-92c3-c67ac9d6033b}\MonCD.dll (file missing)
O21 - SSODL: WinService - {bf02134a-d82c-4645-8de8-a57bfa68a8f2} - C:\WINDOWS\Installer\{bf02134a-d82c-4645-8de8-a57bfa68a8f2}\WinService.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
--
End of file - 9293 bytes
Logfile of Trend Micro HijackThis v2.0.2
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
This should be the newest version.
Boot mode: Normal
Very safe This entry was classified from our visitors as good.
C:\WINDOWS\System32\smss.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\csrss.exe
Safe
Systemprozess - Client Server Runtime
C:\WINDOWS\system32\winlogon.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\services.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\spoolsv.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Very safe
Apple Mobile Device Support
C:\WINDOWS\system32\Ati2evxx.exe
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\gearsec.exe
Safe
Allows third party access to burn DVD/CDs. Installs with itunes and some other programs.
C:\Program Files\CDBurnerXP\NMSAccessU.exe
Neutral Fuzzy Algorithmcheck (3.83 / 5.00), Safe
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Spyware Doctor\pctsAuxs.exe
Fuzzy Algorithmcheck (4.41 / 5.00), Safe
C:\Program Files\Spyware Doctor\pctsSvc.exe
Fuzzy Algorithmcheck (4.31 / 5.00), Safe
C:\WINDOWS\system32\ltmsg.exe
Safe
Modem Driver
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Very safe
ATI Desktop Control Panel from ATI Technologies
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Safe
Java Runtime
C:\Program Files\Computer Alarm Clock\cac.exe
Safe Fuzzy Algorithmcheck (3.51 / 5.00), Safe
C:\Program Files\PC Alarm Clock\pcalarmclock.exe
This is a unknown process.
C:\Program Files\iTunes\iTunesHelper.exe
Safe Not dangerous, but unnecessary.
Apple iTunes
C:\Program Files\Spyware Doctor\pctsTray.exe
Fuzzy Algorithmcheck (4.31 / 5.00), Safe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Safe
Associated with GoogleToolbarNotifier from Google Inc.
C:\Program Files\DAEMON Tools Lite\daemon.exe
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\.*tools\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe
Fuzzy Algorithmcheck (4.03 / 5.00), Safe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\palm.*\! Check if you know this process and arrange a viruscheck where required. Palm Hotsync program
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Very safe Fuzzy Algorithmcheck (4.02 / 5.00), Safe
C:\WINDOWS\system32\MsPMSPSv.exe
Neutral
Helper service installed by Windows Media Player 7.
C:\Program Files\iPod\bin\iPodService.exe
Very safe
C:\WINDOWS\System32\alg.exe
Very safe This service is unnecessary if you do not use ICS.
This entry was classified from our visitors as good.
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Very safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Safe This entry was classified from our visitors as good.
R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
This entry has been identified as safe.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
tbfree.dll, tbfre0.dll, tbfre1.dll - free-downloads.net, http://freedownloadsnet.ourtoolbar.com/ Toolbar - a Conduit/EffectiveBrand, http://www.conduit.com/Benefits/Default. aspx "Free Community" toolbar - modifies the default IE SearchHook. Some Cond
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
sssTbar.dll - CyberDefender, http://toolbar.cyberdefender.com/ , formerly eBlocs, http://www.nomorespyware.50megs.com/eblo cs.html Security Toolbar - see this_note, http://spywarewarrior.com/rogue_anti-spy ware.htm#cybdef_note
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
Safe This entry was classified from our visitors as good.
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
msdxm.ocx - Internet Explorer Radio Bar
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
tbfree.dll, tbfre0.dll, tbfre1.dll - free-downloads.net, http://freedownloadsnet.ourtoolbar.com/ Toolbar - a Conduit/EffectiveBrand, http://www.conduit.com/Benefits/Default. aspx "Free Community" toolbar - modifies the default IE SearchHook. Some Cond
O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
sssTbar.dll - CyberDefender, http://toolbar.cyberdefender.com/ , formerly eBlocs, http://www.nomorespyware.50megs.com/eblo cs.html Security Toolbar - see this_note, http://spywarewarrior.com/rogue_anti-spy ware.htm#cybdef_note
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
Neutral System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
Neutral Lucent technologies - handles incoming and outgoing calls
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
Very safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Very safe Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Safe Java von Sun
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
Safe Fuzzy Algorithmcheck (3.51 / 5.00), Safe
O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe
Unknown application.
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Very safe Not dangerous, but unnecessary. Speeds up the time it takes to load the Adobe Reader application. Your choice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Neutral Not dangerous, but unnecessary. QuickTime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
Safe Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
Very safe Fuzzy Algorithmcheck (4.31 / 5.00), Safe
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
Fuzzy Algorithmcheck (4.27 / 5.00), Safe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Very safe Associated with GoogleToolbarNotifier from Google Inc.
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
Fuzzy Algorithmcheck (4.07 / 5.00), Safe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" /minimize
Fuzzy Algorithmcheck (4.27 / 5.00), Safe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
Very safe Part of AVG Anti-Virus 7.0
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
Very safe Part of AVG Anti-Virus 7.0
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
Very safe Part of AVG Anti-Virus 7.0
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
Very safe Part of AVG Anti-Virus 7.0
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
Not dangerous, but unnecessary. Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
LimeWire Startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good.
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
The entry Download with ImTOO Download YouTube Video has been identified as safe.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
The entry E&xport to Microsoft Excel has been identified as safe.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Safe The entry has been identified as safe.
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Neutral The entry Sun Java Console has been identified as safe.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Very safe The entry Messenger has been identified as safe.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe This entry was classified from our visitors as good.
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
Very safe This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...6/client/wuweb_ site.cab?1201728848899
This entry has been identified as safe.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
This entry has been identified as safe.
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
The entered IP or Domain '10.55.1.122,10.55.1.136' has been identified as safe.
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
The entered IP or Domain '10.55.1.122,10.55.1.136' has been identified as safe.
O17 - HKLM\System\CS2\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
The entered IP or Domain '10.55.1.122,10.55.1.136' has been identified as safe.
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Safe This service (AppleMobileDeviceService.exe) was identified as a good one.
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
Very safe This service (Ati2evxx.exe) was identified as a good one.
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Very safe This service (avgamsvr.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Safe This service (avgupsvc.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Very safe This service (avgemc.exe) was identified as a good one.
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
This service (gearsec.exe) was identified as a good one.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Safe This service (GoogleUpdaterService.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Very safe This service (iPodService.exe) was identified as a good one.
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
Safe Fuzzy Algorithmcheck (3.83 / 5.00), Safe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
Very safe Fuzzy Algorithmcheck (4.41 / 5.00), Safe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
Very safe Fuzzy Algorithmcheck (4.31 / 5.00), Safe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Fuzzy Algorithmcheck (4.02 / 5.00), Safe [size=1]
This should be the newest version.
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
This should be the newest version.
Boot mode: Normal
Very safe This entry was classified from our visitors as good.
C:\WINDOWS\System32\smss.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\csrss.exe
Safe
Systemprozess - Client Server Runtime
C:\WINDOWS\system32\winlogon.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\services.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\lsass.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\System32\svchost.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\svchost.exe
Safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\spoolsv.exe
Safe
This entry was classified from our visitors as good.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Very safe
Apple Mobile Device Support
C:\WINDOWS\system32\Ati2evxx.exe
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Very safe
This entry was classified from our visitors as good.
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Very safe
This entry was classified from our visitors as good.
C:\WINDOWS\system32\gearsec.exe
Safe
Allows third party access to burn DVD/CDs. Installs with itunes and some other programs.
C:\Program Files\CDBurnerXP\NMSAccessU.exe
Neutral Fuzzy Algorithmcheck (3.83 / 5.00), Safe
C:\WINDOWS\Explorer.EXE
Very safe
This entry was classified from our visitors as good.
C:\Program Files\Spyware Doctor\pctsAuxs.exe
Fuzzy Algorithmcheck (4.41 / 5.00), Safe
C:\Program Files\Spyware Doctor\pctsSvc.exe
Fuzzy Algorithmcheck (4.31 / 5.00), Safe
C:\WINDOWS\system32\ltmsg.exe
Safe
Modem Driver
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
Very safe
This entry was classified from our visitors as good.
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Very safe
ATI Desktop Control Panel from ATI Technologies
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
Safe
Java Runtime
C:\Program Files\Computer Alarm Clock\cac.exe
Safe Fuzzy Algorithmcheck (3.51 / 5.00), Safe
C:\Program Files\PC Alarm Clock\pcalarmclock.exe
This is a unknown process.
C:\Program Files\iTunes\iTunesHelper.exe
Safe Not dangerous, but unnecessary.
Apple iTunes
C:\Program Files\Spyware Doctor\pctsTray.exe
Fuzzy Algorithmcheck (4.31 / 5.00), Safe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Safe
Associated with GoogleToolbarNotifier from Google Inc.
C:\Program Files\DAEMON Tools Lite\daemon.exe
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\.*tools\! Check if you know this process and arrange a viruscheck where required. This entry was classified from our visitors as good.
C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe
Fuzzy Algorithmcheck (4.03 / 5.00), Safe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
Safe
Possibly nasty! According to our database this process runs normally in c:\programme\palm.*\! Check if you know this process and arrange a viruscheck where required. Palm Hotsync program
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Very safe Fuzzy Algorithmcheck (4.02 / 5.00), Safe
C:\WINDOWS\system32\MsPMSPSv.exe
Neutral
Helper service installed by Windows Media Player 7.
C:\Program Files\iPod\bin\iPodService.exe
Very safe
C:\WINDOWS\System32\alg.exe
Very safe This service is unnecessary if you do not use ICS.
This entry was classified from our visitors as good.
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
Very safe Remember that Hijackthis must be run in an own folder. Only if Hijackthis run in an own folder it will create backups! Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1098640
This entry should be fixed by HijackThis!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This page has been identified as safe.
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
Safe This page has been identified as safe.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Safe This entry was classified from our visitors as good.
R3 - URLSearchHook: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
This entry has been identified as safe.
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
Safe This entry was classified from our visitors as good.
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
tbfree.dll, tbfre0.dll, tbfre1.dll - free-downloads.net, http://freedownloadsnet.ourtoolbar.com/ Toolbar - a Conduit/EffectiveBrand, http://www.conduit.com/Benefits/Default. aspx "Free Community" toolbar - modifies the default IE SearchHook. Some Cond
O2 - BHO: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
sssTbar.dll - CyberDefender, http://toolbar.cyberdefender.com/ , formerly eBlocs, http://www.nomorespyware.50megs.com/eblo cs.html Security Toolbar - see this_note, http://spywarewarrior.com/rogue_anti-spy ware.htm#cybdef_note
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
Safe This entry was classified from our visitors as good.
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\Msdxm6.ocx
msdxm.ocx - Internet Explorer Radio Bar
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
tbfree.dll, tbfre0.dll, tbfre1.dll - free-downloads.net, http://freedownloadsnet.ourtoolbar.com/ Toolbar - a Conduit/EffectiveBrand, http://www.conduit.com/Benefits/Default. aspx "Free Community" toolbar - modifies the default IE SearchHook. Some Cond
O3 - Toolbar: CyberDefender safeSEARCH - {F35CE83E-9EBF-40d5-AE87-53F982389740} - C:\Documents and Settings\nathan\Local Settings\Application Data\CyberDefender\ssstbar.dll
sssTbar.dll - CyberDefender, http://toolbar.cyberdefender.com/ , formerly eBlocs, http://www.nomorespyware.50megs.com/eblo cs.html Security Toolbar - see this_note, http://spywarewarrior.com/rogue_anti-spy ware.htm#cybdef_note
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
Neutral System Tray icon to access ATI graphics card settings and the Hydravision Desktop Manager
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
Neutral Lucent technologies - handles incoming and outgoing calls
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
Very safe This entry was classified from our visitors as good.
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Very safe Control panel for the ATI series of video cards allowing access to such features as display resolution, colour depth, etc. Available via Start -> Settings -> Control Panel -> Display. Some users may need it if they have optimised their settings
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
Safe Java von Sun
O4 - HKLM\..\Run: [Computer Alarm Clock] C:\Program Files\Computer Alarm Clock\cac.exe
Safe Fuzzy Algorithmcheck (3.51 / 5.00), Safe
O4 - HKLM\..\Run: [PC Alarm Clock] C:\Program Files\PC Alarm Clock\pcalarmclock.exe
Unknown application.
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Very safe Not dangerous, but unnecessary. Speeds up the time it takes to load the Adobe Reader application. Your choice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
Neutral Not dangerous, but unnecessary. QuickTime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
Safe Not dangerous, but unnecessary.
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
Very safe Fuzzy Algorithmcheck (4.31 / 5.00), Safe
O4 - HKLM\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\ISSIntro.exe"
Fuzzy Algorithmcheck (4.27 / 5.00), Safe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
Very safe Associated with GoogleToolbarNotifier from Google Inc.
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
Daemon Tools - used to map an image-file (.iso, .bin etc) to a virtual CD/DVD-drive
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\axcmd.exe" /automount
Fuzzy Algorithmcheck (4.07 / 5.00), Safe
O4 - HKCU\..\Run: [CyberDefender Early Detection Center] "C:\Program Files\CyberDefender\AntiSpyware\cdas9.exe" /minimize
Fuzzy Algorithmcheck (4.27 / 5.00), Safe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
Very safe Part of AVG Anti-Virus 7.0
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
Very safe Part of AVG Anti-Virus 7.0
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
Very safe Part of AVG Anti-Virus 7.0
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
Very safe Part of AVG Anti-Virus 7.0
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
Not dangerous, but unnecessary. Installed when connecting a Palm HotSync cradle up to a USB port. The Blue and Red Arrow Icon that enables Palm / Handspring Synchronizing. Available via Start -> Programs
O4 - Startup: LimeWire On Startup.lnk = E:\LimeWire\LimeWire.exe
LimeWire Startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Safe Not dangerous, but unnecessary. This entry was classified from our visitors as good.
O8 - Extra context menu item: Download with ImTOO Download YouTube Video - C:\Program Files\ImTOO\Download YouTube Video\upod_link.HTM
The entry Download with ImTOO Download YouTube Video has been identified as safe.
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
The entry E&xport to Microsoft Excel has been identified as safe.
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Safe The entry has been identified as safe.
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
Neutral The entry Sun Java Console has been identified as safe.
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Very safe The entry Messenger has been identified as safe.
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
Safe This entry was classified from our visitors as good.
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
Very safe This entry should be safe. This entry should not be fixed! Your best bet to repair it is to try the LSPFix from Cexx.org.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...6/client/wuweb_ site.cab?1201728848899
This entry has been identified as safe.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab
This entry has been identified as safe.
O17 - HKLM\System\CCS\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
The entered IP or Domain '10.55.1.122,10.55.1.136' has been identified as safe.
O17 - HKLM\System\CS1\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
The entered IP or Domain '10.55.1.122,10.55.1.136' has been identified as safe.
O17 - HKLM\System\CS2\Services\Tcpip\..\{4ACE2A1B-07E6-4766-A24F-DC4594F74454}: NameServer = 10.55.1.122,10.55.1.136
The entered IP or Domain '10.55.1.122,10.55.1.136' has been identified as safe.
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Safe This service (AppleMobileDeviceService.exe) was identified as a good one.
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
Very safe This service (Ati2evxx.exe) was identified as a good one.
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
Very safe This service (avgamsvr.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
Safe This service (avgupsvc.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
Very safe This service (avgemc.exe) was identified as a good one.
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
This service (gearsec.exe) was identified as a good one.
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Safe This service (GoogleUpdaterService.exe) was identified as a good one. This entry was classified from our visitors as good.
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
Very safe This service (iPodService.exe) was identified as a good one.
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
Safe Fuzzy Algorithmcheck (3.83 / 5.00), Safe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
Very safe Fuzzy Algorithmcheck (4.41 / 5.00), Safe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
Very safe Fuzzy Algorithmcheck (4.31 / 5.00), Safe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
Fuzzy Algorithmcheck (4.02 / 5.00), Safe [size=1]
Hi naterbug bill,
Please rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to anything.exe you feel comfortable with (not starting with the word "Hijack"), as new baddies are now able to detect and hide from HijackThis.exe
I'd strongly suggest you to uninstall any Conduit.com program or toolbar... some are known to have tracking capabilities.
Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").
Download and install AVG Anti-Spyware from http://free.grisoft.com/doc/20/lng/us/tpl/v5 - (Please do not confuse it with AVG Antivirus, which is another thing. Scroll down the page and click the "download the free version" orange button). don't run it for scanning yet, just update it:
Double-click the icon on Desktop to launch AVGAS
You will need to update AVGAS to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
When you have finished updating, EXIT AVGAS.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O21 - SSODL: KbdSetup - {cbf8cb17-552e-43c4-abce-b96e947a7e5a} - C:\WINDOWS\Installer\{cbf8cb17-552e-43c4-abce-b96e947a7e5a}\KbdSetup.dll (file missing)
O21 - SSODL: zip - {c92c75b4-7a17-4661-8dbd-d703e75b92aa} - C:\WINDOWS\Installer\{c92c75b4-7a17-4661-8dbd-d703e75b92aa}\zip.dll (file missing)
O21 - SSODL: MonCD - {8604726a-e11d-4302-92c3-c67ac9d6033b} - C:\WINDOWS\Installer\{8604726a-e11d-4302-92c3-c67ac9d6033b}\MonCD.dll (file missing)
O21 - SSODL: WinService - {bf02134a-d82c-4645-8de8-a57bfa68a8f2} - C:\WINDOWS\Installer\{bf02134a-d82c-4645-8de8-a57bfa68a8f2}\WinService.dll (file missing)
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Run AVG Anti-Spyware.
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine, then click Apply all actions
Once finished, click the Save report button, then click Save Report As. This will create a text file.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
Make sure you know where to find this file again.
Note: If you are unable to run avgas in safe mode, restart in normal mode and perform a full system scan from there.
Restart in Normal Mode.
Post back a fresh HJT log along with the AVGAS report.
Chris
Please rename C:\Program Files\Trend Micro\HijackThis\HijackThis.exe to anything.exe you feel comfortable with (not starting with the word "Hijack"), as new baddies are now able to detect and hide from HijackThis.exe
I'd strongly suggest you to uninstall any Conduit.com program or toolbar... some are known to have tracking capabilities.
Download and run CrapCleaner from http://www.ccleaner.com/
Note: in CCleaner: go to <options/advanced> Uncheck "Only delete files in Windows Temp folders older than 48 hours").
Download and install AVG Anti-Spyware from http://free.grisoft.com/doc/20/lng/us/tpl/v5 - (Please do not confuse it with AVG Antivirus, which is another thing. Scroll down the page and click the "download the free version" orange button). don't run it for scanning yet, just update it:
Double-click the icon on Desktop to launch AVGAS
You will need to update AVGAS to the latest definition files.
- On the top of the main screen click Shield
- Click the word active to change it to inactive
- On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
When you have finished updating, EXIT AVGAS.
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O21 - SSODL: KbdSetup - {cbf8cb17-552e-43c4-abce-b96e947a7e5a} - C:\WINDOWS\Installer\{cbf8cb17-552e-43c4-abce-b96e947a7e5a}\KbdSetup.dll (file missing)
O21 - SSODL: zip - {c92c75b4-7a17-4661-8dbd-d703e75b92aa} - C:\WINDOWS\Installer\{c92c75b4-7a17-4661-8dbd-d703e75b92aa}\zip.dll (file missing)
O21 - SSODL: MonCD - {8604726a-e11d-4302-92c3-c67ac9d6033b} - C:\WINDOWS\Installer\{8604726a-e11d-4302-92c3-c67ac9d6033b}\MonCD.dll (file missing)
O21 - SSODL: WinService - {bf02134a-d82c-4645-8de8-a57bfa68a8f2} - C:\WINDOWS\Installer\{bf02134a-d82c-4645-8de8-a57bfa68a8f2}\WinService.dll (file missing)
Click on Fix Checked when finished and exit HijackThis.
Reboot into Safe Mode: please see here if you are not sure how to do this.
Run AVG Anti-Spyware.
- Click Scanner
- Click on the Scan tab
- Click Complete System Scan to begin scanning.
When the scan is complete click Recommended Action and change it to Quarantine, then click Apply all actions
Once finished, click the Save report button, then click Save Report As. This will create a text file.
IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
Make sure you know where to find this file again.
Note: If you are unable to run avgas in safe mode, restart in normal mode and perform a full system scan from there.
Restart in Normal Mode.
Post back a fresh HJT log along with the AVGAS report.
Chris
thanks the trojan is gone and i put 3 or 4 firewalls up.
QUOTE(naterbug bill @ Mar 28 2008, 01:47 PM) 
thanks the trojan is gone and i put 3 or 4 firewalls up.
No, don't do this..............Only one anti virus and one firewall. Doing more than one can cause conflicts and offer less protection.
PLEASE follow Ironbender directions.
I see it looks like you ran an HJT analzser. It is not considered really bad, but often wrong. Suggest that you stay away from it.
No body can really help you unless you do what they ask. When you go out, on your own and do things, it just slows the helpers down.
BG
i know what u mean i deleted 2 of the 3 so now i have windows firewall and 1 other. thanks ya'll
QUOTE(naterbug bill @ Mar 31 2008, 10:14 AM)
i know what u mean i deleted 2 of the 3 so now i have windows firewall and 1 other. thanks ya'll
You can only have one active / running firewall. Windows Firewall would be my last choice.
BG
ya i know what u all mean now. i had outpost firewall i think it was called and i would not suggest it to anyone cause it blocked me from getting on the internet.
Outpost firewall is a very good one. You did not configure it properly. 
Chris
Chris
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.