Ad-aware shutting down my computer

Gumby · 03-27-2006, 04:18 AM

Hello,
I had a big virus problem about 3 months ago. I thought I got all the viruses and malware out then. But I was looking through the processes that were running, and I have "mscon" and "ctfmon". Now I know the ctfmon can be a normal thing, but the last time I was having problems, that was one of them. Anyway back to the point, I try to run ad-aware program to get the malware panda (the boxed set that is sold at staples, Titanium 2005) and Spy Bot missed, and it goes through and starts scanning gets to 548 things scaned, and the computer restarts. When windows is finished loading, it says there was an error and asks me if I want to send an error report. Then after I go through that (it doesn't give me a web link to explain the snafu) it says there was an error in mscon.exe
What's going on?
Thanks a billion
Gumby

EDIT
I am having pop ups on my computer when I'm viewing my folders. Ex. My Document window will be open, then a pop up jumps up right on top of the window. here's a highjack log

Logfile of HijackThis v1.99.1
Scan saved at 10:40:34 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Network\network.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [objupdate] C:\WINDOWS\system32\msucom.exe
O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133050465405
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: SQL Backup - Unknown owner - C:\WINDOWS\sqlbkup.exe (file missing)

Ku-sama · 03-27-2006, 04:56 AM

O23 - Service: SQL Backup - Unknown owner - C:\WINDOWS\sqlbkup.exe (file missing)

Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it.

Unknown service. (sqlbkup.exe (file missing))
Unnecessary (deactivated) entry that can be fixed.
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab

Nasty This entry is possibly nasty.

Should be fixed.

O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll

Nasty Entries found in this registry zone are potentially nasty. This application ([78653A3E-A63F-42A9-A6FE-7524F4058767] - Result: 78653A3E-A63F-42A9-A6FE-7524F4058767) has been checked. Hit rate: 99 %

Must be fixed!

Gumby · 03-27-2006, 05:46 AM

Ok this is the new and improved highjackthis report:

Logfile of HijackThis v1.99.1
Scan saved at 11:52:27 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\system32\msucom.exe
C:\Program Files\Network\network.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [objupdate] C:\WINDOWS\system32\msucom.exe
O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133050465405
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

Ok, anyideas about the ad-aware program restarting my computer? I haven't tried it after these fixes, will in a few seconds then update.

EDIT:
Still restarts my computer, and yes I did try and remove the O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll
Twice even, and no luck.
Could I go through into the system32 file and delete it then search the registry for gebca.dll and delete anything that comes up?

Thanks for the info and help Ku-sama

sidthereal · 03-27-2006, 08:16 AM

okay you have a trojan on your computer,
and I would suggest you adopt the following steps with immediate effect.
Delete the following entry using HJT:
C:\Program Files\Network\network.exe

Delete the files from C:\Windows\System32 folder
* Network.exe
* Network.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run key:

* Name value: Network Task
* Data value: C:\WINDOWS\SYSTEM\network.exe

Search and delete this key from the registry: vbs.network

Please download, install, and update the free version of Ewido Security Suite:

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
2. When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
3. From the main Ewido screen, click on update in the left menu, then click the Start update button.
4. After the update finishes, the status bar at the bottom will display "Update successful"

REBOOT IN SAFE MODE
* Click on Scanner
* Click on Complete System Scan and the scan will begin.
* If ewido finds anything, it will pop up a notification. Select "Remove" and "Perform action on all Infections" and "Create encrypted backup".
* DO NOT select "Perform action on all infections"
* When the scan is finished, click the Save report button at the bottom of the screen.
* Save the report to your desktop
* Close Ewido

Please post the report here.

**Buzz1927** · 03-27-2006, 11:13 AM

Download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post a new HiJackThis log.

Bootup05 · 03-27-2006, 12:10 PM

Just backup your files and do a windows reinstallation

simple and will totally get rid of the trojan

Crazydude185 · 03-27-2006, 03:21 PM

Is ther anyway to track down the maker of a trojan,virus,or worm etc... I would really love to get his ip address and give it to some kind of authority... I cant stand people that have nothing better to do then mess up other ppl's computers.

Gumby · 03-27-2006, 04:43 PM

Alrighty, I have done the ewido scan, here's the report for that

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:19:25 AM, 3/27/2006
+ Report-Checksum: FF466929

+ Scan result:

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SQL4S18X\out[1].exe -> Proxy.Daemonize.bv : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLMZCP2F\network[1].exe -> Adware.Maxifiles : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLMZCP2F\out[1].exe -> Proxy.Daemonize.bv : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Program Files\Network\network.exe -> Adware.Maxifiles : Cleaned with backup
C:\WINDOWS\system32\avpe64.sys -> Backdoor.Haxdoor.fh : Cleaned with backup
C:\WINDOWS\system32\msucom.exe -> Proxy.Daemonize.bv : Cleaned with backup
C:\womp.exe -> Proxy.Daemonize.bv : Cleaned with backup

::Report End

Here's the Highjackthis report

Logfile of HijackThis v1.99.1
Scan saved at 10:48:06 AM, on 3/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\MultiRes\MultiRes.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133050465405
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

After I "fixed" the C:\Program Files\Network\network.exe
entry in highjackthis, I couldn't find

Delete the files from C:\Windows\System32 folder
* Network.exe
* Network.dll
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run key:

* Name value: Network Task
* Data value: C:\WINDOWS\SYSTEM\network.exe

Search and delete this key from the registry: vbs.network

I looked and searched and then looked again. I dunno what went on but those files and registry entries aren't on my computer, well that I can see.

Going to try the Ad-aware and see if it restarts the computer still.

EDIT:
Ad-Aware doesn't restart my computer anymore. Also I decided to look for the hkey_local_machine registry entry myself instead of the find, and couldn't find the network task in the folder so. (before ewido and after)

**Buzz1927** · 03-27-2006, 05:25 PM

Log looks good.

Ewido took care of network.exe.

Gumby · 03-27-2006, 05:54 PM

Thanks a ton to Buzz, sidthereal and Ku-sama.
Another computer helped

-Gumby

03-27-2006, 04:18 AM	#1 (permalink)
Gumby New Member Join Date: Mar 2006 Location: Athens, Ohio Posts: 9	Ad-aware shutting down my computer Hello, I had a big virus problem about 3 months ago. I thought I got all the viruses and malware out then. But I was looking through the processes that were running, and I have "mscon" and "ctfmon". Now I know the ctfmon can be a normal thing, but the last time I was having problems, that was one of them. Anyway back to the point, I try to run ad-aware program to get the malware panda (the boxed set that is sold at staples, Titanium 2005) and Spy Bot missed, and it goes through and starts scanning gets to 548 things scaned, and the computer restarts. When windows is finished loading, it says there was an error and asks me if I want to send an error report. Then after I go through that (it doesn't give me a web link to explain the snafu) it says there was an error in mscon.exe What's going on? Thanks a billion Gumby EDIT I am having pop ups on my computer when I'm viewing my folders. Ex. My Document window will be open, then a pop up jumps up right on top of the window. here's a highjack log Logfile of HijackThis v1.99.1 Scan saved at 10:40:34 PM, on 3/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\MultiRes\MultiRes.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE C:\Program Files\Network\network.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM\aim.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [objupdate] C:\WINDOWS\system32\msucom.exe O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133050465405 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: SQL Backup - Unknown owner - C:\WINDOWS\sqlbkup.exe (file missing) Last edited by Gumby; 03-27-2006 at 04:39 AM.

03-27-2006, 05:46 AM	#3 (permalink)
Gumby New Member Join Date: Mar 2006 Location: Athens, Ohio Posts: 9	Ok this is the new and improved highjackthis report: Logfile of HijackThis v1.99.1 Scan saved at 11:52:27 PM, on 3/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\MultiRes\MultiRes.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE C:\WINDOWS\system32\msucom.exe C:\Program Files\Network\network.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe C:\WINDOWS\System32\alg.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [objupdate] C:\WINDOWS\system32\msucom.exe O4 - HKLM\..\Run: [Network] C:\Program Files\Network\network.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133050465405 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe Ok, anyideas about the ad-aware program restarting my computer? I haven't tried it after these fixes, will in a few seconds then update. EDIT: Still restarts my computer, and yes I did try and remove the O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll Twice even, and no luck. Could I go through into the system32 file and delete it then search the registry for gebca.dll and delete anything that comes up? Thanks for the info and help Ku-sama Last edited by Gumby; 03-27-2006 at 05:51 AM.

03-27-2006, 08:16 AM	#4 (permalink)
sidthereal Gold Member Join Date: Jun 2005 Posts: 269	okay you have a trojan on your computer, and I would suggest you adopt the following steps with immediate effect. Delete the following entry using HJT: C:\Program Files\Network\network.exe Delete the files from C:\Windows\System32 folder * Network.exe * Network.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run key: * Name value: Network Task * Data value: C:\WINDOWS\SYSTEM\network.exe Search and delete this key from the registry: vbs.network Please download, install, and update the free version of Ewido Security Suite: 1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". 2. When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment. 3. From the main Ewido screen, click on update in the left menu, then click the Start update button. 4. After the update finishes, the status bar at the bottom will display "Update successful" REBOOT IN SAFE MODE * Click on Scanner * Click on Complete System Scan and the scan will begin. * If ewido finds anything, it will pop up a notification. Select "Remove" and "Perform action on all Infections" and "Create encrypted backup". * DO NOT select "Perform action on all infections" * When the scan is finished, click the Save report button at the bottom of the screen. * Save the report to your desktop * Close Ewido Please post the report here. __________________ he who laughs last must have a terrible sense of humor :eek:

03-27-2006, 11:13 AM	#5 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,613	Download VundoFix.exe to your desktop. Double-click VundoFix.exe to run it. Click the Scan for Vundo button. Once it's done scanning, click the Remove Vundo button. You will receive a prompt asking if you want to remove the files, click YES Once you click yes, your desktop will go blank as it starts removing Vundo. When completed, it will prompt that it will shutdown your computer, click OK. Turn your computer back on. Please post a new HiJackThis log. __________________ Son of Glyndwr Mae hen wlad fy nhadau yn annwyl i mi

03-27-2006, 12:10 PM	#6 (permalink)
Bootup05 Diamond Member Join Date: Jan 2006 Location: South East England Age: 18 Posts: 2,665	Just backup your files and do a windows reinstallation simple and will totally get rid of the trojan __________________ Intel Q6700 @ 3.7GHz Gigabyte UD3P P45 6GB DDR2 800MHz Asus 4890 @ 975/4500 750GB Samsung Spinpoint - 320GB WD Caviar - 160GB Seagate USB Belinea 26" Wide LCD SoundBlaster Live 24bit USB - Acoustic Energy Aego M Thermaltate Ultimate Extreme Back in Push Pull Tagan 600W 48A Quad Rail Win 7 x64 RC

03-27-2006, 04:56 AM	#2 (permalink)
Ku-sama banned Join Date: Aug 2005 Location: Computer Cave. AKA: King Computer Inc. Age: 19 Posts: 5,312	O23 - Service: SQL Backup - Unknown owner - C:\WINDOWS\sqlbkup.exe (file missing) Unnecessarily These entries shows all services which are not from Microsoft. Often malware is starting as a systemservice and it's not easy to detect it. Unknown service. (sqlbkup.exe (file missing)) Unnecessary (deactivated) entry that can be fixed. O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab Nasty This entry is possibly nasty. Should be fixed. O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\gebca.dll Nasty Entries found in this registry zone are potentially nasty. This application ([78653A3E-A63F-42A9-A6FE-7524F4058767] - Result: 78653A3E-A63F-42A9-A6FE-7524F4058767) has been checked. Hit rate: 99 % Must be fixed!

03-27-2006, 03:21 PM	#7 (permalink)
Crazydude185 Silver Member Join Date: Feb 2006 Location: NC Age: 20 Posts: 223	Is ther anyway to track down the maker of a trojan,virus,or worm etc... I would really love to get his ip address and give it to some kind of authority... I cant stand people that have nothing better to do then mess up other ppl's computers.

03-27-2006, 04:43 PM	#8 (permalink)
Gumby New Member Join Date: Mar 2006 Location: Athens, Ohio Posts: 9	Alrighty, I have done the ewido scan, here's the report for that --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 10:19:25 AM, 3/27/2006 + Report-Checksum: FF466929 + Scan result: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Ext\Stats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{2296428D-C133-4928-B76A-A200FF409572} -> Adware.Generic : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\S tats\{EA32FB3B-21C9-42CC-B8EF-01A9B28EDB0D} -> Adware.Virtumonde : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\SQL4S18X\out[1].exe -> Proxy.Daemonize.bv : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLMZCP2F\network[1].exe -> Adware.Maxifiles : Cleaned with backup C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WLMZCP2F\out[1].exe -> Proxy.Daemonize.bv : Cleaned with backup :mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.17:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.23:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Euroclick : Cleaned with backup :mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Tacoda : Cleaned with backup :mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.131:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Masterstats : Cleaned with backup :mozilla.318:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.319:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.320:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.321:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.330:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.331:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vtrrbujr.default\coo kies.txt -> TrackingCookie.Liveperson : Cleaned with backup C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup C:\Program Files\Network\network.exe -> Adware.Maxifiles : Cleaned with backup C:\WINDOWS\system32\avpe64.sys -> Backdoor.Haxdoor.fh : Cleaned with backup C:\WINDOWS\system32\msucom.exe -> Proxy.Daemonize.bv : Cleaned with backup C:\womp.exe -> Proxy.Daemonize.bv : Cleaned with backup ::Report End Here's the Highjackthis report Logfile of HijackThis v1.99.1 Scan saved at 10:48:06 AM, on 3/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\MultiRes\MultiRes.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Owner\Desktop\hijackthis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [MultiRes] C:\Program Files\MultiRes\MultiRes.exe O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409 O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1133050465405 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe After I "fixed" the C:\Program Files\Network\network.exe entry in highjackthis, I couldn't find Delete the files from C:\Windows\System32 folder * Network.exe * Network.dll HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run key: * Name value: Network Task * Data value: C:\WINDOWS\SYSTEM\network.exe Search and delete this key from the registry: vbs.network I looked and searched and then looked again. I dunno what went on but those files and registry entries aren't on my computer, well that I can see. Going to try the Ad-aware and see if it restarts the computer still. EDIT: Ad-Aware doesn't restart my computer anymore. Also I decided to look for the hkey_local_machine registry entry myself instead of the find, and couldn't find the network task in the folder so. (before ewido and after) Last edited by Gumby; 03-27-2006 at 04:57 PM.

03-27-2006, 05:25 PM	#9 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 7,613	Log looks good. Ewido took care of network.exe. __________________ Son of Glyndwr Mae hen wlad fy nhadau yn annwyl i mi

03-27-2006, 05:54 PM	#10 (permalink)
Gumby New Member Join Date: Mar 2006 Location: Athens, Ohio Posts: 9	Thanks a ton to Buzz, sidthereal and Ku-sama. Another computer helped -Gumby

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode