| sonobby1 |
| (regular) |
| Sat Mar 01 2008 09:13 PM |
desktop icons and toolbar have disapeared
|
hi all im new here, usually i can fix my problems on my own but this time i just cant figure it out, hope you can help.
i was downloading a program last night when avg said it found a virus, actually it was a trojan sheur. auua
shortly after that i lost all my desktop icons, ive tried everything to get them back but nothing works. i can open any program through my task manager but thats the only way. the problem seems to be the explorer.exe i can open it in task manager then all my icons reappear, but only for 10 seconds maybe. i read on this forum early today about something to try and fix it, so ive done this so far.
i downloaded the sdfix and ran it in safe mode like it said. it ran for about 25 mins doing all various fixes and deleting files etc. then i was asked to restart which i did, then when windows opened again it carried on with more fixes. so im at this point now where its done all that and the report.txt has been saved to the clipboard and saved in the sdfix folder. so am i missing something, do i need to do something else now because it still hasnt fixed the problem. hope ive explained everything, please help
another guy walnut sugested this first if it didnt work come here, i tried it and it didnt work
Go here http://www.kellys-korner-xp.com/xp_tweaks.htm and scroll down to line 195 on the right hand column and download the file. Save the REG File to your hard disk.
Double click it and answer yes to the import prompt.
If it doesn't work, go to the HiJackThis section of the forum, read the posting rules and post a log.
ok so now ive downloaded hijack this and here is the results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:10, on 01/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\AOL\1140573878\ee\aolsoftware.exe
c:\program files\common files\aol\1140573878\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1140573878\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: msmsgs.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - <a href="res://C:\Program" target="_blank">res://C:\Program</a> Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000</a>
O8 - Extra context menu item: Yahoo! &SMS - <a href="file:///C:\Program" target="_blank">file:///C:\Program</a> Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://81.1.41.137/activex/AxisCamControl.cab
O16 - DPF: {99E10933-61C6-11D6-83CE-00D0B749C940} - http://www.tech-connect.com/ecsa/CSWord/CSWord.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://game19.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63247C4E-A29D-403A-B5CF-E96F96B1CB1C}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7813 bytes
any help would be greatfully appreciated
si
| ourwilly |
| (HijackThis Helper) |
| Sun Mar 02 2008 08:56 AM |
|
Re: desktop icons and toolbar have disapeared
|
Hello sonobby1
Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - blank (file missing)
O4 - HKCU\..\Run: [pbmini]
O4 - Global Startup: msmsgs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
Close all other open windows and click on Fix checked, then exit HijackThis.
Re-Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum). - Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Thank you.
| sonobby1 |
| (regular) |
| Sun Mar 02 2008 12:13 PM |
Re: desktop icons and toolbar have disapeared
|
hi ive done as you asked here is the results
SDFix: Version 1.150
Run by User on 02/03/2008 at 11:49
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 12:02:40
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"NextDetectionTime"="2008-03-02 11:27:40"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\~os65.tmp\\ossproxy.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\~os65.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"="C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe:*:Enabled:PE"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windowsr NetMeetingr"
"C:\\Program Files\\TeVeo\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe"="C:\\Program Files\\TeVeo\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe:*:Disabled:TeVeoLive"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.562\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.562\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.453\\SopCast_062\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.453\\SopCast_062\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX01.421\\SopCast_062\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX01.421\\SopCast_062\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX00.891\\SopCast_062\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX00.891\\SopCast_062\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE:*:Enabled:Share Streaming"
"C:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMini.exe"="C:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMini.exe:*:Enabled:Share Streaming"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
Remaining Files :
Files with Hidden Attributes :
Fri 25 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Fri 25 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Fri 25 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Fri 25 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Sat 1 Oct 2005 56 A.SHR --- "C:\WINDOWS\system32\5DCD1F4E2F.sys"
Sun 12 Oct 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 25 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sun 5 Oct 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sun 5 Oct 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Wed 11 Dec 2002 73,728 A.SH. --- "C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe"
Sun 12 Oct 2003 4,348 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1key.bak"
Sat 13 Mar 2004 20 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 12 Oct 2003 400 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2key.bak"
Sat 13 Mar 2004 1,536 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2lic.bak"
Fri 14 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\81830fade50434252c160da6e86e315c\BIT1C8.tmp"
Sun 27 Aug 2006 6,358 A..H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Office\Shortcut Bar\Des488.tmp"
Sun 27 Aug 2006 7,318 A..H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Office\Shortcut Bar\Off480.tmp"
Sun 27 Aug 2006 31,798 A..H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Office\Shortcut Bar\Pro484.tmp"
Mon 18 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
and here is the hijack this log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:31, on 02/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: msmsgs.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://81.1.41.137/activex/AxisCamControl.cab
O16 - DPF: {99E10933-61C6-11D6-83CE-00D0B749C940} - http://www.tech-connect.com/ecsa/CSWord/CSWord.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://game19.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63247C4E-A29D-403A-B5CF-E96F96B1CB1C}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7145 bytes
ok ive done everything you asked and still the icons are not there, am i doomed lol?
| ourwilly |
| (HijackThis Helper) |
| Sun Mar 02 2008 08:32 PM |
|
Re: desktop icons and toolbar have disapeared
|
Hello sonobby1
We have a lot of work to do here, So please try and work your way through these instructions.
1. Please look at This Post
As these are susceptible to various forms of malware. Please Uninstall all Peer 2 peer software using Add/Remove programs and then Right-Click on and delete the Peer to Peer folders from your system.
2. Click on: Start > Run and type in: services.msc Click "OK"
In the Services window look for AOL Spyware Protection Service
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click "Apply" then "OK"
3. I would like you to now Download AVG Anti-Spyware v7.5 and save it to your Desktop <- (Important! Vista Users should install from that same location).
(This is Ewido 4.0 renamed and updated with a special "clean driver" for removing persistent malware.)
- After download, double click on the file to launch the install process.
- Choose a language, click "OK" and then click "Next".
- Read the "License Agreement" and click "I Agree".
- Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
- After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
- Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
- Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with AVG Anti-Spyware as follows:
- Click on the "Scanner" button and choose the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
- Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
- Under "Reports" select "Do not automatically generate reports".
- Click the "Scan" tab to return to scanning options.
- Click "Complete System Scan" to start.
- When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
- You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
- Click on "Save Report" to view all completed scans. Click on the most recent scan you performed, select "Save report as" and save to your desktop. The default file name will be in date/time format: Report-Scan-200706-1606. A copy of each report will be saved in C:\Documents and Settings\<user profile>\Application Data\Grisoft\AVG Antispyware 7.5\Reports.
- If you installed AVG AS over a previous version, reports are saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
- If you are a Vista user, reports are saved in C:\Users\<username>\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports\
Thank you
| sonobby1 |
| (regular) |
| Mon Mar 03 2008 12:25 AM |
|
Re: desktop icons and toolbar have disapeared
|
hi there our willy, ive read through what i have to do and as its a bit late now and i dont want to make any mistakes, i just want to get things right.
from my logs above can you tell me which p2p programs you want me to remove?
in add remove programs i think theres only 2 sopcast and i think bitlord.?
can you see any more that i need to remove before i start?
thanks for your time
si
ill start tomorrow evening uk time
| ourwilly |
| (HijackThis Helper) |
| Mon Mar 03 2008 07:05 PM |
|
Re: desktop icons and toolbar have disapeared
|
Hello sonobby1
Your Firewall is showing signs of eMule, P2P Networking + Kazaa if these have been removed then thats a good start.
I'll keep a look out for you posting the AVg log report and a new HijackThis log.
ourwilly
| sonobby1 |
| (regular) |
| Tue Mar 04 2008 12:56 AM |
|
Re: desktop icons and toolbar have disapeared
|
hi our willy well i done the avg scan and all wennt well untill it finished , i applied all action and i got an warning.
it said
the file c;\program ...... and another one cannot be removed beacuse it is embedded in the archive. well i got 4 options, do you want to remove the whole archive, and the options were yes ,yes for all, no, no for all
i wasnt sure what to do so i said no. then it repeated itself with another file, and i said no again, i said no 3 times before i realise i was deleting all the bad files i think.
there was 150 bad files of which only 1 was a major threat i think. after them 3, i said yes to all and tthen it finished and i saved the log. i hope i havent messed up. any way here is the log file of avg.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:33:07 04/03/2008
+ Scan result:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msmsgs.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080302-113527-197-msmsgs.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\auctiontypostoolbar.exe -> Not-A-Virus.Adware.Mostofate : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.243:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.405:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.480:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.484:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.685:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.704:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@teletext.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@trinitymirror.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.741:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.742:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.743:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.744:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\User\Cookies\user@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\User\Cookies\user@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\User\Cookies\user@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.547:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.65:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.222:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Casinodelrio : Cleaned.
:mozilla.223:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Casinodelrio : Cleaned.
:mozilla.730:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\User\Cookies\user@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.952:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.840:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.848:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.855:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.881:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.884:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.891:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.909:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.921:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.938:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.983:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wakokmcpabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6waloqgdpgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6walyulcpado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wbk4elajeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wfkikpcjcaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wfkyqicjaco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wjmiqmazcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.351:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
C:\Documents and Settings\User\Cookies\user@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.905:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.908:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.917:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\user@ehg-eset.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\user@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\user@ehg-reed.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.715:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\User\Cookies\user@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.185:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Lasvegasusacasino : Cleaned.
:mozilla.186:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Lasvegasusacasino : Cleaned.
:mozilla.707:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.789:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.59:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.267:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.341:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.592:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.593:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.594:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.365:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.366:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.367:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.368:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.369:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.370:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.371:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\User\Cookies\user@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070517221754.zip/Documents and Settings/User/Cookies/user@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.489:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.490:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.944:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.572:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.573:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.574:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.575:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.576:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.971:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\User\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.89:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\User\Cookies\user@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.112:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
and here is the hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:10, on 04/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1140573878\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1140573878\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://81.1.41.137/activex/AxisCamControl.cab
O16 - DPF: {99E10933-61C6-11D6-83CE-00D0B749C940} - http://www.tech-connect.com/ecsa/CSWord/CSWord.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://game19.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63247C4E-A29D-403A-B5CF-E96F96B1CB1C}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7636 bytes
i hope i have done all you asked let me know m8
thanks for your t
time
si
| ourwilly |
| (HijackThis Helper) |
| Tue Mar 04 2008 05:55 AM |
|
Re: desktop icons and toolbar have disapeared
|
Hello sonobby1
Please visit this webpage for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log
Thank you.
| sonobby1 |
| (regular) |
| Tue Mar 04 2008 10:26 PM |
|
Re: desktop icons and toolbar have disapeared
|
hi our willy can you please bear with me for a few days. i just havent had time tonight, ive read what i have to do and its to late tonight to attampt that. I have a very important night ahead of me tomorow night studying for an exam so tomorrow is out also. Ill get back onto it on thursday, please forgive me for the inconvenience it may cause you.
regards
si
| sonobby1 |
| (regular) |
| Thu Mar 06 2008 05:07 PM |
|
Re: desktop icons and toolbar have disapeared
|
hi our willy thank you for being patient, i think ive done what you asked so here is the combo fix log and a new hijack log.
i would like to add this is the first time my desktop and icons have stayed , they dissapeared for a few seconds when it restarted, but so far after 5 mins they are still there.ok here are the logs.
ComboFix 08-03-05.3 - User 2008-03-06 16:40:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.233 [GMT 0:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\{34F1E~1
C:\Program Files\Common Files\{34F1E~1\Bar888.dll
C:\Program Files\Common Files\{34F1E~1\UnInstall.exe
C:\Program Files\Common Files\{84F1E~1
C:\Program Files\montorgueil
C:\Program Files\montorgueil\14.03619
C:\Program Files\montorgueil\Oversexe_fellations\Oversexe_fellations.ico
C:\Program Files\montorgueil\Oversexe_fellations\Thumbs.db
C:\Program Files\update.exe
C:\Temp\sanR24
C:\WINDOWS\system32\_003713_.tmp.dll
C:\WINDOWS\system32\_003714_.tmp.dll
C:\WINDOWS\system32\_003715_.tmp.dll
C:\WINDOWS\system32\_003716_.tmp.dll
C:\WINDOWS\system32\_003723_.tmp.dll
C:\WINDOWS\system32\_003724_.tmp.dll
C:\WINDOWS\system32\_003725_.tmp.dll
C:\WINDOWS\system32\_003726_.tmp.dll
C:\WINDOWS\system32\_003727_.tmp.dll
C:\WINDOWS\system32\_003728_.tmp.dll
C:\WINDOWS\system32\_003735_.tmp.dll
C:\WINDOWS\system32\_003736_.tmp.dll
C:\WINDOWS\system32\_003737_.tmp.dll
C:\WINDOWS\system32\_003738_.tmp.dll
C:\WINDOWS\system32\_003740_.tmp.dll
C:\WINDOWS\system32\_003741_.tmp.dll
C:\WINDOWS\system32\_003744_.tmp.dll
C:\WINDOWS\system32\_003745_.tmp.dll
C:\WINDOWS\system32\_003747_.tmp.dll
C:\WINDOWS\system32\_003748_.tmp.dll
C:\WINDOWS\system32\_003749_.tmp.dll
C:\WINDOWS\system32\_003751_.tmp.dll
C:\WINDOWS\system32\_003752_.tmp.dll
C:\WINDOWS\system32\_003753_.tmp.dll
C:\WINDOWS\system32\_003754_.tmp.dll
C:\WINDOWS\system32\_003755_.tmp.dll
C:\WINDOWS\system32\_003762_.tmp.dll
C:\WINDOWS\system32\_003763_.tmp.dll
C:\WINDOWS\system32\_003764_.tmp.dll
C:\WINDOWS\system32\_003765_.tmp.dll
C:\WINDOWS\system32\_003767_.tmp.dll
C:\WINDOWS\system32\_003768_.tmp.dll
C:\WINDOWS\system32\_003771_.tmp.dll
C:\WINDOWS\system32\_003772_.tmp.dll
C:\WINDOWS\system32\_003774_.tmp.dll
C:\WINDOWS\system32\_003775_.tmp.dll
C:\WINDOWS\system32\_003776_.tmp.dll
C:\WINDOWS\system32\_003778_.tmp.dll
C:\WINDOWS\system32\_003779_.tmp.dll
C:\WINDOWS\system32\_003781_.tmp.dll
C:\WINDOWS\system32\_003785_.tmp.dll
C:\WINDOWS\system32\_003786_.tmp.dll
C:\WINDOWS\system32\_003788_.tmp.dll
C:\WINDOWS\system32\_003789_.tmp.dll
C:\WINDOWS\system32\_003791_.tmp.dll
C:\WINDOWS\system32\_003793_.tmp.dll
C:\WINDOWS\system32\_003794_.tmp.dll
C:\WINDOWS\system32\_003795_.tmp.dll
C:\WINDOWS\system32\_003796_.tmp.dll
C:\WINDOWS\system32\_003797_.tmp.dll
C:\WINDOWS\system32\_003800_.tmp.dll
C:\WINDOWS\system32\_003802_.tmp.dll
C:\WINDOWS\system32\_003803_.tmp.dll
C:\WINDOWS\system32\_003804_.tmp.dll
C:\WINDOWS\system32\_003808_.tmp.dll
C:\WINDOWS\system32\_003809_.tmp.dll
C:\WINDOWS\system32\_003810_.tmp.dll
C:\WINDOWS\system32\_003814_.tmp.dll
C:\WINDOWS\System32\awtsq.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-03-03 21:59 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 21:08 . 2008-03-01 21:08 812,344 --a------ C:\HJTInstall.exe
2008-03-01 20:59 . 2008-03-01 21:03 2,521 --a------ C:\xp_taskbar_desktop_fixall.vbs
2008-03-01 18:22 . 2008-03-01 18:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 18:02 . 2008-03-02 12:09 <DIR> d-------- C:\SDFix
2008-03-01 17:35 . 2002-05-14 12:08 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll
2008-02-29 20:02 . 2008-03-06 16:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-29 20:02 . 2008-03-06 16:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-29 19:38 . 2008-03-06 16:41 <DIR> d-------- C:\Temp
2008-02-26 22:23 . 2008-02-26 22:23 5,564,979 --a------ C:\Program Files\xpmanager.exe
2008-02-12 00:24 . 2008-02-12 00:24 5,617,160 --a------ C:\Program Files\camfrog.exe
2008-02-08 23:32 . 2006-03-17 05:04 8,351,232 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-02-08 23:32 . 2004-08-20 22:01 700,928 --a------ C:\WINDOWS\system32\sxs.dll
2008-02-08 23:32 . 2004-08-20 22:01 700,928 --a--c--- C:\WINDOWS\system32\dllcache\sxs.dll
2008-02-08 23:32 . 2004-08-20 22:01 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2008-02-08 23:32 . 2004-08-20 22:01 82,432 --a--c--- C:\WINDOWS\system32\dllcache\fldrclnr.dll
2008-02-08 23:27 . 2004-03-30 01:48 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-08 23:27 . 2004-03-30 01:48 36,864 --a--c--- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-02-08 23:26 . 2005-10-20 22:33 991,232 --a------ C:\WINDOWS\system32\esent.dll
2008-02-08 23:25 . 2004-10-12 16:22 170,112 --a--c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-02-08 23:25 . 2004-10-28 01:29 92,160 --a--c--- C:\WINDOWS\system32\dllcache\cscdll.dll
2008-02-08 23:25 . 2004-10-28 01:29 92,160 --a------ C:\WINDOWS\system32\cscdll.dll
2008-02-08 23:20 . 2005-08-22 18:36 154,624 --a------ C:\WINDOWS\system32\netman.dll
2008-02-08 23:20 . 2005-08-23 03:51 111,104 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2008-02-08 23:16 . 2005-06-15 17:50 285,184 --a------ C:\WINDOWS\system32\kerberos.dll
2008-02-08 23:16 . 2005-06-10 23:55 53,248 --a------ C:\WINDOWS\system32\spoolsv.exe
2008-02-08 23:15 . 2005-07-08 16:09 238,592 --a------ C:\WINDOWS\system32\tapisrv.dll
2008-02-08 23:15 . 2005-06-29 01:54 68,608 --a------ C:\WINDOWS\system32\mscms.dll
2008-02-08 23:12 . 2005-04-22 05:20 51,712 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2008-02-08 23:10 . 2005-03-02 18:20 53,760 --a------ C:\WINDOWS\system32\authz.dll
2008-02-08 23:07 . 2005-01-11 01:20 118,272 -----c--- C:\WINDOWS\system32\dllcache\dhtmled.ocx
2008-02-08 23:06 . 2004-12-07 19:34 79,872 -----c--- C:\WINDOWS\system32\dllcache\srvsvc.dll
2008-02-08 23:05 . 2004-11-16 21:32 68,096 --a------ C:\WINDOWS\system32\hlink.dll
2008-02-08 23:05 . 2004-11-16 21:32 68,096 --a--c--- C:\WINDOWS\system32\dllcache\hlink.dll
2008-02-08 23:02 . 2004-10-28 18:06 201,216 -----c--- C:\WINDOWS\system32\dllcache\wordpad.exe
2008-02-08 23:01 . 2004-10-28 01:29 681,984 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-02-08 23:01 . 2004-11-17 17:57 493,056 --a------ C:\WINDOWS\system32\hypertrm.dll
2008-02-08 23:01 . 2004-10-28 01:29 116,736 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll
2008-02-08 23:00 . 2004-10-15 21:01 577,536 --a------ C:\WINDOWS\system32\mlang.dll
2008-02-08 23:00 . 2004-10-15 21:01 577,536 -----c--- C:\WINDOWS\system32\dllcache\mlang.dll
2008-02-07 21:13 . 2008-02-07 21:20 <DIR> d-------- C:\Program Files\SlySoft
2008-02-07 21:08 . 2008-02-07 21:08 9,868,672 --a------ C:\Program Files\Alcohol120_trial_1[1].9.7.6022.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 16:49 --------- d-----w C:\Program Files\PestPatrol
2008-03-06 09:36 --------- d-----w C:\Documents and Settings\User\Application Data\AVG7
2008-03-01 21:08 --------- d-----w C:\Program Files\Trend Micro
2008-02-23 16:50 --------- d-----w C:\Program Files\AOL 9.0
2008-02-21 18:57 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-21 18:57 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-10 15:59 1,362,977 ----a-w C:\Program Files\BitLord_1.01.exe
2008-02-10 13:57 --------- d-----w C:\Program Files\SopCast
2008-02-10 10:39 --------- d-----w C:\Program Files\TVUPlayer
2008-02-07 21:57 --------- d-----w C:\Program Files\XviD
2008-02-05 18:22 --------- d-----w C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-02-04 20:49 6,033,094 ----a-w C:\Program Files\easy_video_to_dvd.exe
2008-01-27 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 23:44 1,528,418 ----a-w C:\Program Files\revosetup.exe
2008-01-26 23:40 1,709,019 ----a-w C:\Program Files\MoffCalc2Setup.exe
2008-01-21 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
2008-01-20 23:05 100,274 ----a-w C:\Program Files\onecentauction.pdf
2008-01-20 18:52 23,405,072 ----a-w C:\Program Files\AdbeRdr811_en_US.exe
2008-01-17 22:54 --------- d-----w C:\Program Files\Ulead Systems
2008-01-17 22:52 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-17 22:50 --------- d-----w C:\Program Files\Oront Burning Kit 2
2008-01-17 22:48 --------- d-----w C:\Program Files\mIRC
2008-01-11 22:45 --------- d-----w C:\Documents and Settings\User\Application Data\Obsidium
2008-01-11 22:43 6,143,310 ----a-w C:\Program Files\burningkit2_basic.exe
2008-01-10 23:27 287,240 ----a-w C:\Program Files\dxwebsetup.exe
2008-01-10 23:26 15,452,536 ----a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
2008-01-10 23:25 1,446,464 ----a-w C:\Program Files\Silverlight.exe
2007-12-31 13:14 18,067,416 ----a-w C:\Program Files\turbo lister.exe
2007-12-30 19:54 10,178,247 ----a-w C:\Program Files\orlRNM450e_enu.exe
2007-12-21 21:17 2,003,176 ----a-w C:\Program Files\WindowsInstaller-KB884016-v2-x86.exe
2007-12-12 00:25 53,143 ----a-w C:\Program Files\media.htm
2007-10-07 14:08 91,346,756 ----a-w C:\Program Files\diagnostic disc.exe
2007-09-29 12:09 3,497,773 ----a-w C:\Program Files\TVUPlayer.zip
2007-09-25 22:40 309,072 ----a-w C:\Program Files\AOLDNLD.exe
2007-09-25 21:29 689,376 ----a-w C:\Program Files\wpsetup.exe
2007-09-23 22:06 278,927,592 ----a-w C:\Program Files\WindowsXP-KB835935-SP2-ENU.exe
2007-09-23 21:09 2,585,872 ----a-w C:\Program Files\WindowsInstaller-KB893803-v2-x86.exe
2007-09-22 21:51 6,016,952 ----a-w C:\Program Files\Firefox Setup 2.0.0.7.exe
2007-09-08 23:00 66,927 ----a-w C:\Program Files\business-guide.rar
2007-08-30 16:49 5,302 ----a-w C:\Program Files\3009.xls
2007-08-23 20:57 3,902,784 ----a-w C:\Documents and Settings\User\gosetup.exe
2007-08-22 18:21 24,048,424 ----a-w C:\Program Files\SkypeSetup.exe
2007-07-05 22:04 290 ----a-w C:\Program Files\userpassenable.zip
2007-05-30 15:19 728,624 ----a-w C:\Program Files\aolsetup.exe
2007-05-30 15:19 4,424 ----a-w C:\Program Files\aolsetup.bin
2007-05-30 15:19 1,640 ----a-w C:\Program Files\main.ini
2007-04-21 15:01 1,276,220 ----a-w C:\Program Files\PoolDeletingDomainsList.zip
2007-01-29 17:27 35,312 ----a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2007-01-06 20:02 28,032 ----a-w C:\Program Files\SignUp1.aspx
2007-01-03 19:12 1,607,569 ----a-w C:\Program Files\domain research tool.exe
2006-12-01 01:03 12,684,992 ----a-w C:\Program Files\winamp532_full_bundle_emusic-7plus.exe
2006-11-25 19:56 1,831,155 ----a-w C:\Program Files\ppm_en.exe
2006-11-25 16:38 1,810,858 ----a-w C:\Program Files\827setup.rar
2006-11-20 21:19 7,871,004 ----a-w C:\Program Files\domain checker.zip
2006-11-19 17:50 9,128,448 ----a-w C:\Program Files\RSExpiredDomainSnifferDemo.msi
2006-10-07 12:17 32,768 ----a-w C:\Program Files\viviplay.exe
2006-10-04 19:49 35,453 ----a-w C:\Program Files\infodown.htm
2006-09-25 21:08 21,290,704 ----a-w C:\Program Files\AdbeRdr708_en_US.exe
2006-09-01 18:56 38,456,328 ----a-w C:\Program Files\NVE-3.1.0.25_no_yt.exe
2006-08-27 21:56 6,206,440 ----a-w C:\Program Files\winamp524_full_emusic-7plus.exe
2006-08-27 21:40 3,815,789 ----a-w C:\Program Files\FFDShow-20060823-rev-2546.zip
2006-06-17 16:16 473,939 ----a-w C:\Program Files\2006-wallchart-Mars.pdf
2006-06-13 08:38 17,975 ----a-w C:\Program Files\AccountStatement.ofx
2006-06-10 22:01 402,897 ----a-w C:\Program Files\maketorrent-2.1.exe
2006-06-04 19:09 50,352 ----a-w C:\Program Files\1nw0206win.pdf
2006-05-16 06:57 22,370 ----a-w C:\Program Files\AccountStatement 10.ofx
2006-04-22 13:46 186,490 ----a-w C:\Program Files\unlocker1.8.1.exe
2006-04-11 16:29 21,254,280 ----a-w C:\Program Files\AdbeRdr707_en_US.exe
2006-03-26 18:45 643,711 ----a-w C:\Program Files\XviD-1.1.0-30122005.exe
2006-03-02 22:43 15,487,432 ----a-w C:\Program Files\DivXPlay.exe
2006-02-26 21:24 1,309,448 ----a-w C:\Program Files\windowsmedia10-kb898549-x86-enu.exe
2006-02-26 21:22 6,202,120 ----a-w C:\Program Files\WindowsMedia-KB891122-x86-ENU.exe
2006-02-26 21:13 3,512,037 ----a-w C:\Program Files\AVICodecPackPlus2.exe
2006-02-23 23:17 601,448 ----a-w C:\Program Files\Q810243_WXP_SP2_x86_ENU.exe
2006-02-11 22:08 172,195 ----a-w C:\Program Files\icmap24a.exe
2006-01-18 20:01 20,921,040 ----a-w C:\Program Files\AdbeRdr705_enu_full.exe
2006-01-08 22:07 13,045 ----a-w C:\Program Files\im sure it is.torrent
2006-01-07 18:29 16,858 ----a-w C:\Program Files\account statement 1.ofx
2005-12-17 22:59 1,341,976 ----a-w C:\Program Files\vp6_decoder.exe
2005-12-07 19:51 959,968 ----a-w C:\Program Files\winamp5112_lite.exe
2005-12-01 21:40 887,637 ----a-w C:\Program Files\PixelFusionWMP130.exe
2005-10-19 17:46 310 ----a-w C:\Program Files\ffff.asx
2005-09-20 21:21 26,335 -c--a-w C:\Program Files\download.torrent
2005-07-17 23:03 73,209 ----a-w C:\Program Files\super_pi.zip
2005-07-15 16:48 952,014 ----a-w C:\Program Files\VodeiSetup109.exe
2005-07-12 23:35 1,362,977 ----a-w C:\Program Files\BitLord_1.1.exe
2005-06-20 22:24 1,094,021 ----a-w C:\Program Files\dvdshrink32setup.zip
2005-05-20 23:13 1,405,672 ----a-w C:\Program Files\installspeedfan424.exe
2005-05-06 15:07 6,526,608 ----a-w C:\Program Files\MicrosoftAntiSpywareInstall.exe
2005-05-06 08:12 1,588,224 ----a-w C:\Program Files\XoftSpy413Installer.exe
2005-05-05 13:34 1,444,560 ----a-w C:\Program Files\taskmanager16.exe
2005-05-04 21:51 6,093,917 ----a-w C:\Program Files\msjavx86.exe
2005-04-23 21:36 491,768 ----a-w C:\Program Files\ie6setup.exe
2005-04-23 20:24 360 ----a-w C:\Program Files\install.log
2005-04-19 22:52 7,741,336 ----a-w C:\Program Files\DivX521XP2K.exe
2005-04-18 22:51 3,856,695 ----a-w C:\Program Files\NeroExpress_eng.zip
2005-04-15 23:17 680,335 ----a-w C:\Program Files\3ivx_d4_451_win.exe
2005-04-15 23:05 592,496 ----a-w C:\Program Files\Codecs6026_allin1[www.free-codecs.com].zip
2005-04-15 21:35 3,384,315 ----a-w C:\Program Files\ffdshow-20050312.zip
2005-04-11 20:32 8,046,472 ----a-w C:\Program Files\DivX52XP2K[Codec-Download.de].exe
2002-12-11 16:27 73,728 --sha-w C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
2005-10-01 18:55 56 --sha-r C:\WINDOWS\system32\5DCD1F4E2F.sys
.
------- Sigcheck -------
4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
----a-w 29,056 2004-08-03 23:00:08 C:\WINDOWS\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2003-03-31 12:00 13312]
"pbmini"=" " []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-11 11:00 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2007-12-07 15:30 71008]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 13:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 13:19 323584 C:\WINDOWS\system32\nwiz.exe]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2004-12-16 19:55 339968]
"HostManager"="C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe" [2006-11-17 13:21 50736]
"PestPatrolCL"="" []
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2004-04-02 15:11 148480]
"CookiePatrol"="C:\PROGRA~1\PESTPA~1\CookiePatrol.exe" [2005-01-10 09:35 73728]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 08:54 579072]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2005-11-03 09:12 106496]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2005-08-16 20:54 339968]
"%FP%Friendly fts.exe"="C:\Program Files\Voyager100Test\fts.exe" [2003-05-06 09:28 72192]
"GSICONEXE"="gsicon.exe" [2003-05-14 20:25 90112 C:\WINDOWS\system32\gsicon.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-06 15:03 77824]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 98304]
"SoundMan"="SOUNDMAN.EXE" [2003-05-14 05:20 55296 C:\WINDOWS\SOUNDMAN.EXE]
"Lexmark 3100 Series"="C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe" [2003-09-04 02:33 106496]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-10-09 23:01 180269]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 12:00 13312]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 07:53 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2005-02-21 01:52:31 156784]
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2005-07-17 20:51:11 548864]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoChangeKeyboardNavigationIndicators"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfcaax]
khfcaax.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\User\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 3100 Series]
--a------ 2003-09-04 02:33 106496 C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXBRKsk]
--a------ 2003-06-13 14:57 294912 C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PestPatrol Control Center]
--a------ 2004-11-15 11:49 98304 C:\PROGRA~1\PESTPA~1\PPControl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-06 15:03 77824 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-10-09 23:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2005-08-18 10:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"33493:TCP"= 33493:TCP:ppLive
"43826:UDP"= 43826:UDP:ppLive
"39696:TCP"= 39696:TCP:ppLive
"45363:UDP"= 45363:UDP:ppLive
"8216:TCP"= 8216:TCP:ppLive
"3439:UDP"= 3439:UDP:ppLive
"4304:TCP"= 4304:TCP:ppLive
"4331:UDP"= 4331:UDP:ppLive
"4778:TCP"= 4778:TCP:ppLive
"6752:UDP"= 6752:UDP:ppLive
"7277:TCP"= 7277:TCP:ppLive
"2280:UDP"= 2280:UDP:ppLive
R3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\System32\DRIVERS\Intels51.sys [2002-05-10 13:31]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [2005-09-21 12:31]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 01:50]
S3 CA500AI;XGA Digital Camera Still Image Capture Version 1.00;C:\WINDOWS\System32\Drivers\3NF.sys [2000-09-19 10:27]
S3 CA500AV;XGA Digital Camera WDM Video Capture;C:\WINDOWS\System32\DRIVERS\3NFAV.SYS [2000-09-01 17:30]
S3 CoolerXPDriver;CoolerXPDriver;C:\Program Files\MSI\PC Alert 4\NTCooler.sys [2002-12-10 10:26]
S3 DCamUSBNW820;DVR-210 USB Web Camera;C:\WINDOWS\System32\DRIVERS\pccam.sys [2004-06-17 17:52]
S3 glausb;GlobeSpan USB ADSL LAN Modem;C:\WINDOWS\System32\DRIVERS\glausb.sys [2003-04-27 23:09]
S3 PCAlertDriver;PCAlertDriver;C:\Program Files\MSI\PC Alert 4\NTGLM7X.sys [2003-05-31 15:03]
S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\System32\DRIVERS\PPPoEWin.SYS [2003-09-25 16:52]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-06 16:49:46
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ATWPKT2]
"ImagePath"="\??\C:\WINDOWS\System32\drivers\ATWPKT2.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\OMSCAN]
"ImagePath"="\Sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1140573878\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
C:\WINDOWS\System32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-03-06 16:54:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-06 16:54:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:03:39, on 06/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Voyager100Test\fts.exe
C:\WINDOWS\System32\gsicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Lexmark 3100 Series\lxbrbmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\common files\aol\1140573878\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1140573878\ee\aolsoftware.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - blank (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Starware - {F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://81.1.41.137/activex/AxisCamControl.cab
O16 - DPF: {99E10933-61C6-11D6-83CE-00D0B749C940} - http://www.tech-connect.com/ecsa/CSWord/CSWord.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://game19.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63247C4E-A29D-403A-B5CF-E96F96B1CB1C}: NameServer = 192.168.0.1,4.2.2.2
O20 - Winlogon Notify: khfcaax - khfcaax.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 9190 bytes
ok thats it all done look forward to hearing from you
regards
simon
| sonobby1 |
| (regular) |
| Thu Mar 06 2008 06:01 PM |
|
Re: desktop icons and toolbar have disapeared
|
hi our willy can i just add, ive had a normal comp for over an hour now, but aol spyware protection has opened 3 times saying i have a threat.
its called bifrost
hope this helps thanks
simon
| ourwilly |
| (HijackThis Helper) |
| Fri Mar 07 2008 06:07 AM |
|
Re: desktop icons and toolbar have disapeared
|
Hello sonobby1
Quote:
aol spyware protection has opened 3 times saying i have a threat.its called bifrost
I think this is a False Positive, behavior based detection which has detected a tool embedded with CF as a threat. Please try opening AOL AS, and check the threat log...
-----------------
Please Open notepad - don't use any other text editor
I would like you to now Copy/paste the text in the quotebox below into notepad:
Quote:
Registry::
[-HKEY_LOCAL_MACHINE\~\BrowserHelperObjects\{F7C7AA47-BCA6-451D-8DBC-C10A8F75C8C7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pbmini"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PestPatrolCL"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windowsnt\currentversion\winlogon\notify\khfcaax]
Name the file CFScript and Save it to your Desktop
Refering to the picture above, drag CFScript.txt into ComboFix.exe
Please now use Internet Explorer and run this online scan with Kaspersky WebScanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan: Select My Computer
This will program will start and scan your system, This will take a while so be patient and let it run.
When the scan has completed, click Save Report As a Text File.
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste that information in your next post along with a new HijackThis log.
Thank you
| sonobby1 |
| (regular) |
| Fri Mar 07 2008 07:04 PM |
|
Re: desktop icons and toolbar have disapeared
|
hi our willy ive done what you asked but maybe ive done to much?
first of all i checked aol spyware and all it says is bitfrost is a potential backdoor threat.
i copied that text into notepad and then draged it into combo, but what you didnt mention was when i dragged it in, combo fix started scanning . so now i got a new combo fix log, hope thats right as you didnt mention that? anyway heres the combo log
ComboFix 08-03-05.3 - User 2008-03-07 16:03:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.158 [GMT 0:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.
2008-03-06 21:30 . <DIR> C:\WINDOWS\LastGood.Tmp
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-03-03 21:59 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 21:08 . 2008-03-01 21:08 812,344 --a------ C:\HJTInstall.exe
2008-03-01 20:59 . 2008-03-01 21:03 2,521 --a------ C:\xp_taskbar_desktop_fixall.vbs
2008-03-01 18:22 . 2008-03-01 18:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 18:02 . 2008-03-02 12:09 <DIR> d-------- C:\SDFix
2008-03-01 17:35 . 2002-05-14 12:08 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll
2008-02-29 20:02 . 2008-03-07 16:12 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-29 20:02 . 2008-03-07 16:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-29 19:38 . 2008-03-06 16:41 <DIR> d-------- C:\Temp
2008-02-26 22:23 . 2008-02-26 22:23 5,564,979 --a------ C:\Program Files\xpmanager.exe
2008-02-12 00:24 . 2008-02-12 00:24 5,617,160 --a------ C:\Program Files\camfrog.exe
2008-02-08 23:32 . 2006-03-17 05:04 8,351,232 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-02-08 23:32 . 2004-08-20 22:01 700,928 --a------ C:\WINDOWS\system32\sxs.dll
2008-02-08 23:32 . 2004-08-20 22:01 700,928 --a--c--- C:\WINDOWS\system32\dllcache\sxs.dll
2008-02-08 23:32 . 2004-08-20 22:01 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2008-02-08 23:32 . 2004-08-20 22:01 82,432 --a--c--- C:\WINDOWS\system32\dllcache\fldrclnr.dll
2008-02-08 23:27 . 2004-03-30 01:48 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-08 23:27 . 2004-03-30 01:48 36,864 --a--c--- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-02-08 23:26 . 2005-10-20 22:33 991,232 --a------ C:\WINDOWS\system32\esent.dll
2008-02-08 23:25 . 2004-10-12 16:22 170,112 --a--c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-02-08 23:25 . 2004-10-28 01:29 92,160 --a--c--- C:\WINDOWS\system32\dllcache\cscdll.dll
2008-02-08 23:25 . 2004-10-28 01:29 92,160 --a------ C:\WINDOWS\system32\cscdll.dll
2008-02-08 23:20 . 2005-08-22 18:36 154,624 --a------ C:\WINDOWS\system32\netman.dll
2008-02-08 23:20 . 2005-08-23 03:51 111,104 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2008-02-08 23:16 . 2005-06-15 17:50 285,184 --a------ C:\WINDOWS\system32\kerberos.dll
2008-02-08 23:16 . 2005-06-10 23:55 53,248 --a------ C:\WINDOWS\system32\spoolsv.exe
2008-02-08 23:15 . 2005-07-08 16:09 238,592 --a------ C:\WINDOWS\system32\tapisrv.dll
2008-02-08 23:15 . 2005-06-29 01:54 68,608 --a------ C:\WINDOWS\system32\mscms.dll
2008-02-08 23:12 . 2005-04-22 05:20 51,712 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2008-02-08 23:10 . 2005-03-02 18:20 53,760 --a------ C:\WINDOWS\system32\authz.dll
2008-02-08 23:07 . 2005-01-11 01:20 118,272 -----c--- C:\WINDOWS\system32\dllcache\dhtmled.ocx
2008-02-08 23:06 . 2004-12-07 19:34 79,872 -----c--- C:\WINDOWS\system32\dllcache\srvsvc.dll
2008-02-08 23:05 . 2004-11-16 21:32 68,096 --a------