how am i lookin????? hijackthis

Discussion in 'adware, spyware & hijack cleaning' started by phatkid77, Jun 24, 2004.

Thread Status:
Not open for further replies.
  1. phatkid77

    phatkid77 Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    107
    avast home found it said 8, i saw 3 virus's
    2 on them avast4data\....\[upx].vir.win.32k
    2X softwareavast4\....\pavdll.dll.vir.win32k
    programfiles\platinum.w32n....?


    Logfile of HijackThis v1.97.7
    Scan saved at 4:15:53 AM, on 24/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Documents and Settings\MDG Customer\Desktop\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/slv/ycheck/as/*http://search.yahoo.com/search?p=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Freedom Popup Killer - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Freedom BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\pcbooster.exe
    O9 - Extra button: Real.com (HKLM)
    O9 - Extra button: MoneySide (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
    O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4368/mcfscan.cab
    O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8FC8364F-F2D9-4F52-984D-FEEEECDB1750}: Domain = sympatico.ca
    O17 - HKLM\System\CS1\Services\Tcpip\..\{092E4EA9-DAAA-4F8C-A902-BF050FE89CCE}: NameServer = 206.47.244.53 206.47.244.105

    any ideas/comments...

    thanks
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    I may be reading your post wrong, but it looks like they are finding viruses in each others definitions or vaultso_O

    Regards,

    Pieter
     
  3. phatkid77

    phatkid77 Registered Member

    Joined:
    Jun 12, 2004
    Posts:
    107
    my other posto_O?? yeah i think that is what is happening

    had to uninstall panda and reinstall/register again as one of the scanners deleted...........pavdll.dll.....dammit

    phats
     
Thread Status:
Not open for further replies.