|
|
sonobby1
regular
Reg'd: Sat
Posts: 51
|
|
hi all im new here, usually i can fix my problems on my own but this time i just cant figure it out, hope you can help.
i was downloading a program last night when avg said it found a virus, actually it was a trojan sheur. auua
shortly after that i lost all my desktop icons, ive tried everything to get them back but nothing works. i can open any program through my task manager but thats the only way. the problem seems to be the explorer.exe i can open it in task manager then all my icons reappear, but only for 10 seconds maybe. i read on this forum early today about something to try and fix it, so ive done this so far.
i downloaded the sdfix and ran it in safe mode like it said. it ran for about 25 mins doing all various fixes and deleting files etc. then i was asked to restart which i did, then when windows opened again it carried on with more fixes. so im at this point now where its done all that and the report.txt has been saved to the clipboard and saved in the sdfix folder. so am i missing something, do i need to do something else now because it still hasnt fixed the problem. hope ive explained everything, please help
another guy walnut sugested this first if it didnt work come here, i tried it and it didnt work
Go here http://www.kellys-korner-xp.com/xp_tweaks.htm and scroll down to line 195 on the right hand column and download the file. Save the REG File to your hard disk.
Double click it and answer yes to the import prompt.
If it doesn't work, go to the HiJackThis section of the forum, read the posting rules and post a log.
ok so now ive downloaded hijack this and here is the results
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:09:10, on 01/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\AOL\1140573878\ee\aolsoftware.exe
c:\program files\common files\aol\1140573878\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1140573878\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - blank (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: msmsgs.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - <a href="res://C:\Program" target="_blank">res://C:\Program</a> Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - <a href="res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000" target="_blank">res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000</a>
O8 - Extra context menu item: Yahoo! &SMS - <a href="file:///C:\Program" target="_blank">file:///C:\Program</a> Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://81.1.41.137/activex/AxisCamControl.cab
O16 - DPF: {99E10933-61C6-11D6-83CE-00D0B749C940} - http://www.tech-connect.com/ecsa/CSWord/CSWord.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://game19.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63247C4E-A29D-403A-B5CF-E96F96B1CB1C}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7813 bytes
any help would be greatfully appreciated
si
Edited by sonobby1 (Sat Mar 01 2008 09:36 PM)
|
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2820
Loc: England.
|
|
Hello sonobby1
Open HijackThis again, select "Do a System Scan only" and place a checkmark in the boxes before the following entries:
R3 - URLSearchHook: (no name) - - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - blank (file missing)
O3 - Toolbar: Starware - {9839B3B7-3F99-4498-884D-6CFCCD251AB1} - blank (file missing)
O4 - HKCU\..\Run: [pbmini]
O4 - Global Startup: msmsgs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
Close all other open windows and click on Fix checked, then exit HijackThis.
Re-Download SDFix and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
- Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
Thank you.
|
sonobby1
regular
Reg'd: Sat
Posts: 51
|
|
hi ive done as you asked here is the results
SDFix: Version 1.150
Run by User on 02/03/2008 at 11:49
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 12:02:40
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]
"NextDetectionTime"="2008-03-02 11:27:40"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\~os65.tmp\\ossproxy.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\~os65.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"c:\\windows\\system32\\rk.exe"="c:\\windows\\system32\\rk.exe:*:Enabled:rk.exe"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe"="C:\\Program Files\\Common Files\\Synacast\\SynaLive\\PE.exe:*:Enabled:PE"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Disabled:Windowsr NetMeetingr"
"C:\\Program Files\\TeVeo\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe"="C:\\Program Files\\TeVeo\\TeVeo VIDiO Suite\\Live\\TeVeoLive.exe:*:Disabled:TeVeoLive"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"C:\\Program Files\\PPLive\\PPLive.exe"="C:\\Program Files\\PPLive\\PPLive.exe:*:Enabled:PPLive"
"C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe"="C:\\WINDOWS\\system32\\P2P Networking\\P2P Networking.exe:*:Enabled:P2P Networking"
"C:\\Program Files\\Kazaa\\kazaa.exe"="C:\\Program Files\\Kazaa\\kazaa.exe:*:Enabled:Kazaa"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.562\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.562\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.453\\SopCast_062\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX02.453\\SopCast_062\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX01.421\\SopCast_062\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX01.421\\SopCast_062\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX00.891\\SopCast_062\\SopCast\\SopCast.exe"="C:\\Documents and Settings\\User\\Local Settings\\Temp\\Rar$EX00.891\\SopCast_062\\SopCast\\SopCast.exe:*:Enabled:SoP Client"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~1.EXE:*:Enabled:Share Streaming"
"C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE"="C:\\PROGRA~1\\pcast\\PODCAS~1\\PODCAS~2.EXE:*:Enabled:Share Streaming"
"C:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMini.exe"="C:\\Program Files\\pcast\\PodcastbarMini\\PodcastBarMini.exe:*:Enabled:Share Streaming"
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\PPStream\\PPStream.exe"="C:\\Program Files\\PPStream\\PPStream.exe:*:Enabled:PPStream"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe:*:Enabled:AOL"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
Remaining Files :
Files with Hidden Attributes :
Fri 25 Apr 2003 49,221 A..H. --- "C:\Program Files\AOL 8.0\aolphx.exe"
Fri 25 Apr 2003 36,937 A..H. --- "C:\Program Files\AOL 8.0\aoltray.exe"
Fri 25 Apr 2003 40,960 A..H. --- "C:\Program Files\AOL 8.0\RBM.exe"
Fri 25 Apr 2003 237,633 A..H. --- "C:\Program Files\AOL 8.0\waol.exe"
Tue 22 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 22 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 22 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Sat 1 Oct 2005 56 A.SHR --- "C:\WINDOWS\system32\5DCD1F4E2F.sys"
Sun 12 Oct 2003 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 25 Apr 2003 49,223 A..H. --- "C:\Program Files\AOL 8.0\COMIT\cswitch.exe"
Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"
Sun 5 Oct 2003 1,206 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\ccReg.reg"
Sun 5 Oct 2003 12,368 A..HR --- "C:\Program Files\Common Files\Symantec Shared\Registry Backup\CommonClient.reg"
Wed 11 Dec 2002 73,728 A.SH. --- "C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe"
Sun 12 Oct 2003 4,348 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1key.bak"
Sat 13 Mar 2004 20 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv1lic.bak"
Sun 12 Oct 2003 400 ...H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2key.bak"
Sat 13 Mar 2004 1,536 A..H. --- "C:\Documents and Settings\User\My Documents\My Music\License Backup\drmv2lic.bak"
Fri 14 Oct 2005 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\81830fade50434252c160da6e86e315c\BIT1C8.tmp"
Sun 27 Aug 2006 6,358 A..H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Office\Shortcut Bar\Des488.tmp"
Sun 27 Aug 2006 7,318 A..H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Office\Shortcut Bar\Off480.tmp"
Sun 27 Aug 2006 31,798 A..H. --- "C:\Documents and Settings\User\Application Data\Microsoft\Office\Shortcut Bar\Pro484.tmp"
Mon 18 Sep 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Finished!
and here is the hijack this log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:31, on 02/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: msmsgs.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://81.1.41.137/activex/AxisCamControl.cab
O16 - DPF: {99E10933-61C6-11D6-83CE-00D0B749C940} - http://www.tech-connect.com/ecsa/CSWord/CSWord.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://game19.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63247C4E-A29D-403A-B5CF-E96F96B1CB1C}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - AOL LLC - (no file)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7145 bytes
ok ive done everything you asked and still the icons are not there, am i doomed lol?
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2820
Loc: England.
|
|
Hello sonobby1
We have a lot of work to do here, So please try and work your way through these instructions.
1. Please look at This Post
As these are susceptible to various forms of malware. Please Uninstall all Peer 2 peer software using Add/Remove programs and then Right-Click on and delete the Peer to Peer folders from your system.
2. Click on: Start > Run and type in: services.msc Click "OK"
In the Services window look for AOL Spyware Protection Service
Select/highlight and right click the entry, and choose: Properties
On the General tab, under Service Status click the Stop button
Beside: Startup Type, in the drop menu, select: Disabled
Click "Apply" then "OK"
3. I would like you to now Download AVG Anti-Spyware v7.5 and save it to your Desktop <- (Important! Vista Users should install from that same location).
(This is Ewido 4.0 renamed and updated with a special "clean driver" for removing persistent malware.)- After download, double click on the file to launch the install process.
- Choose a language, click "OK" and then click "Next".
- Read the "License Agreement" and click "I Agree".
- Accept default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click "Next", then click "Install".
- After setup completes, click "Finish" to start the program automatically or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
- Connect to the Internet, go back to AVG Anti-Spyware, select the "Update" button and click "Start update". Wait until you see the "Update successful" message. If you are having problems with the updater, manually download and update with the AVG Anti-Spyware Full database installer.
- Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
Reboot your computer in "SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
Scan with AVG Anti-Spyware as follows:- Click on the "Scanner" button and choose the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
- Under "How to Scan?", "Possibly unwanted software", and What to Scan?" leave all the default settings.
- Under "Reports" select "Do not automatically generate reports".
- Click the "Scan" tab to return to scanning options.
- Click "Complete System Scan" to start.
- When the scan has finished, it should automatically be set to Quarantine--if not click on Recommended Action and set it there.
- You will also be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the :Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.- Click on "Save Report" to view all completed scans. Click on the most recent scan you performed, select "Save report as" and save to your desktop. The default file name will be in date/time format: Report-Scan-200706-1606. A copy of each report will be saved in C:\Documents and Settings\<user profile>\Application Data\Grisoft\AVG Antispyware 7.5\Reports.
- If you installed AVG AS over a previous version, reports are saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
- If you are a Vista user, reports are saved in C:\Users\<username>\AppData\Roaming\Grisoft\AVG Antispyware 7.5\Reports\
Exit AVG Anti-Spyware when done, reboot normally and post the AVg log report and a new HijackThis log.
Thank you
|
sonobby1
regular
Reg'd: Sat
Posts: 51
|
|
hi there our willy, ive read through what i have to do and as its a bit late now and i dont want to make any mistakes, i just want to get things right.
from my logs above can you tell me which p2p programs you want me to remove?
in add remove programs i think theres only 2 sopcast and i think bitlord.?
can you see any more that i need to remove before i start?
thanks for your time
si
ill start tomorrow evening uk time
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2820
Loc: England.
|
|
Hello sonobby1
Your Firewall is showing signs of eMule, P2P Networking + Kazaa if these have been removed then thats a good start.
I'll keep a look out for you posting the AVg log report and a new HijackThis log.
ourwilly
|
sonobby1
regular
Reg'd: Sat
Posts: 51
|
|
hi our willy well i done the avg scan and all wennt well untill it finished , i applied all action and i got an warning.
it said
the file c;\program ...... and another one cannot be removed beacuse it is embedded in the archive. well i got 4 options, do you want to remove the whole archive, and the options were yes ,yes for all, no, no for all
i wasnt sure what to do so i said no. then it repeated itself with another file, and i said no again, i said no 3 times before i realise i was deleting all the bad files i think.
there was 150 bad files of which only 1 was a major threat i think. after them 3, i said yes to all and tthen it finished and i saved the log. i hope i havent messed up. any way here is the log file of avg.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 00:33:07 04/03/2008
+ Scan result:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\msmsgs.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080302-113527-197-msmsgs.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\auctiontypostoolbar.exe -> Not-A-Virus.Adware.Mostofate : Cleaned with backup (quarantined).
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.243:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.25:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.26:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.327:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.405:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.480:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.484:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.685:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.704:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@opodo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@teletext.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\User\Cookies\user@trinitymirror.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.741:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.742:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.743:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.744:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@3.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\User\Cookies\user@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\User\Cookies\user@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\User\Cookies\user@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@adviva[1].txt -> TrackingCookie.Adviva : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.547:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.65:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.222:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Casinodelrio : Cleaned.
:mozilla.223:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Casinodelrio : Cleaned.
:mozilla.730:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\User\Cookies\user@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.952:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.840:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.848:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.855:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.881:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.884:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.891:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.909:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.921:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.938:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.983:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wakokmcpabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6waloqgdpgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6walyulcpado.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wbk4elajeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wfkikpcjcaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wfkyqicjaco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\User\Cookies\user@e-2dj6wjmiqmazcbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.351:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
C:\Documents and Settings\User\Cookies\user@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.905:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.908:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.917:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\user@ehg-eset.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\user@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\user@ehg-reed.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.715:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Information : Cleaned.
C:\Documents and Settings\User\Cookies\user@searchportal.information[1].txt -> TrackingCookie.Information : Cleaned.
:mozilla.185:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Lasvegasusacasino : Cleaned.
:mozilla.186:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Lasvegasusacasino : Cleaned.
:mozilla.707:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.789:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.59:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.267:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.341:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.592:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.593:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.594:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\User\Cookies\user@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.365:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.366:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.367:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.368:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.369:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.370:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.371:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\User\Cookies\user@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070517221754.zip/Documents and Settings/User/Cookies/user@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.489:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.490:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.944:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060326234854.zip/Documents and Settings/User/Cookies/user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060630234343.zip/Documents and Settings/User/Cookies/user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.572:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.573:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.574:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.575:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.576:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.971:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\User\Cookies\user@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20060914202249.zip/Documents and Settings/User/Cookies/user@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.89:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\User\Cookies\user@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Program Files\PestPatrol\Quarantine\20070831173005.zip/Documents and Settings/User/Cookies/user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.112:C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\hgflsai9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
and here is the hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:53:10, on 04/03/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1140573878\ee\services\antiSpywareApp\ver2_0_12\AOLSP Scheduler.exe
c:\program files\common files\aol\1140573878\ee\aolsoftware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140573878\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [%FP%Friendly fts.exe] C:\Program Files\Voyager100Test\fts.exe
O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Lexmark 3100 Series] "C:\Program Files\Lexmark 3100 Series\lxbrbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [pbmini]
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/activex/TmHcmsX.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} - http://www.cult3d.com/download/cult.cab
O16 - DPF: {52A5CD24-64C6-4BAF-A4EC-4D13F451763F} - https://www.cuworld.com/PIC/inner_pic/packages/CUworld.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://81.1.41.137/activex/AxisCamControl.cab
O16 - DPF: {99E10933-61C6-11D6-83CE-00D0B749C940} - http://www.tech-connect.com/ecsa/CSWord/CSWord.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} - http://www.nullsoft.com/nsv/embed/nsvplayx_vp6_mp3.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} - http://game19.zylomgames.com/activex/zylomloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63247C4E-A29D-403A-B5CF-E96F96B1CB1C}: NameServer = 192.168.0.1,4.2.2.2
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7636 bytes
i hope i have done all you asked let me know m8
thanks for your t
time
si
|
ourwilly
HijackThis Helper
Reg'd: Sun
Posts: 2820
Loc: England.
|
|
Hello sonobby1
Please visit this webpage for instructions for downloading and running ComboFix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
This includes installing the Windows XP Recovery Console in case you have not installed it yet.
When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a new HijackThis log
Thank you.
|
sonobby1
regular
Reg'd: Sat
Posts: 51
|
|
hi our willy can you please bear with me for a few days. i just havent had time tonight, ive read what i have to do and its to late tonight to attampt that. I have a very important night ahead of me tomorow night studying for an exam so tomorrow is out also. Ill get back onto it on thursday, please forgive me for the inconvenience it may cause you.
regards
si
|
sonobby1
regular
Reg'd: Sat
Posts: 51
|
|
hi our willy thank you for being patient, i think ive done what you asked so here is the combo fix log and a new hijack log.
i would like to add this is the first time my desktop and icons have stayed , they dissapeared for a few seconds when it restarted, but so far after 5 mins they are still there.ok here are the logs.
ComboFix 08-03-05.3 - User 2008-03-06 16:40:50.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.233 [GMT 0:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\{34F1E~1
C:\Program Files\Common Files\{34F1E~1\Bar888.dll
C:\Program Files\Common Files\{34F1E~1\UnInstall.exe
C:\Program Files\Common Files\{84F1E~1
C:\Program Files\montorgueil
C:\Program Files\montorgueil\14.03619
C:\Program Files\montorgueil\Oversexe_fellations\Oversexe_fellations.ico
C:\Program Files\montorgueil\Oversexe_fellations\Thumbs.db
C:\Program Files\update.exe
C:\Temp\sanR24
C:\WINDOWS\system32\_003713_.tmp.dll
C:\WINDOWS\system32\_003714_.tmp.dll
C:\WINDOWS\system32\_003715_.tmp.dll
C:\WINDOWS\system32\_003716_.tmp.dll
C:\WINDOWS\system32\_003723_.tmp.dll
C:\WINDOWS\system32\_003724_.tmp.dll
C:\WINDOWS\system32\_003725_.tmp.dll
C:\WINDOWS\system32\_003726_.tmp.dll
C:\WINDOWS\system32\_003727_.tmp.dll
C:\WINDOWS\system32\_003728_.tmp.dll
C:\WINDOWS\system32\_003735_.tmp.dll
C:\WINDOWS\system32\_003736_.tmp.dll
C:\WINDOWS\system32\_003737_.tmp.dll
C:\WINDOWS\system32\_003738_.tmp.dll
C:\WINDOWS\system32\_003740_.tmp.dll
C:\WINDOWS\system32\_003741_.tmp.dll
C:\WINDOWS\system32\_003744_.tmp.dll
C:\WINDOWS\system32\_003745_.tmp.dll
C:\WINDOWS\system32\_003747_.tmp.dll
C:\WINDOWS\system32\_003748_.tmp.dll
C:\WINDOWS\system32\_003749_.tmp.dll
C:\WINDOWS\system32\_003751_.tmp.dll
C:\WINDOWS\system32\_003752_.tmp.dll
C:\WINDOWS\system32\_003753_.tmp.dll
C:\WINDOWS\system32\_003754_.tmp.dll
C:\WINDOWS\system32\_003755_.tmp.dll
C:\WINDOWS\system32\_003762_.tmp.dll
C:\WINDOWS\system32\_003763_.tmp.dll
C:\WINDOWS\system32\_003764_.tmp.dll
C:\WINDOWS\system32\_003765_.tmp.dll
C:\WINDOWS\system32\_003767_.tmp.dll
C:\WINDOWS\system32\_003768_.tmp.dll
C:\WINDOWS\system32\_003771_.tmp.dll
C:\WINDOWS\system32\_003772_.tmp.dll
C:\WINDOWS\system32\_003774_.tmp.dll
C:\WINDOWS\system32\_003775_.tmp.dll
C:\WINDOWS\system32\_003776_.tmp.dll
C:\WINDOWS\system32\_003778_.tmp.dll
C:\WINDOWS\system32\_003779_.tmp.dll
C:\WINDOWS\system32\_003781_.tmp.dll
C:\WINDOWS\system32\_003785_.tmp.dll
C:\WINDOWS\system32\_003786_.tmp.dll
C:\WINDOWS\system32\_003788_.tmp.dll
C:\WINDOWS\system32\_003789_.tmp.dll
C:\WINDOWS\system32\_003791_.tmp.dll
C:\WINDOWS\system32\_003793_.tmp.dll
C:\WINDOWS\system32\_003794_.tmp.dll
C:\WINDOWS\system32\_003795_.tmp.dll
C:\WINDOWS\system32\_003796_.tmp.dll
C:\WINDOWS\system32\_003797_.tmp.dll
C:\WINDOWS\system32\_003800_.tmp.dll
C:\WINDOWS\system32\_003802_.tmp.dll
C:\WINDOWS\system32\_003803_.tmp.dll
C:\WINDOWS\system32\_003804_.tmp.dll
C:\WINDOWS\system32\_003808_.tmp.dll
C:\WINDOWS\system32\_003809_.tmp.dll
C:\WINDOWS\system32\_003810_.tmp.dll
C:\WINDOWS\system32\_003814_.tmp.dll
C:\WINDOWS\System32\awtsq.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\qstwa.ini
C:\WINDOWS\system32\qstwa.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\nm
((((((((((((((((((((((((( Files Created from 2008-02-06 to 2008-03-06 )))))))))))))))))))))))))))))))
.
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d-------- C:\Documents and Settings\User\Application Data\Grisoft
2008-03-03 21:59 . 2007-05-30 12:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-01 21:08 . 2008-03-01 21:08 812,344 --a------ C:\HJTInstall.exe
2008-03-01 20:59 . 2008-03-01 21:03 2,521 --a------ C:\xp_taskbar_desktop_fixall.vbs
2008-03-01 18:22 . 2008-03-01 18:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-01 18:02 . 2008-03-02 12:09 <DIR> d-------- C:\SDFix
2008-03-01 17:35 . 2002-05-14 12:08 20,540 --a------ C:\WINDOWS\system32\dllcache\admin.dll
2008-02-29 20:02 . 2008-03-06 16:49 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-29 20:02 . 2008-03-06 16:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-29 19:38 . 2008-03-06 16:41 <DIR> d-------- C:\Temp
2008-02-26 22:23 . 2008-02-26 22:23 5,564,979 --a------ C:\Program Files\xpmanager.exe
2008-02-12 00:24 . 2008-02-12 00:24 5,617,160 --a------ C:\Program Files\camfrog.exe
2008-02-08 23:32 . 2006-03-17 05:04 8,351,232 --a--c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-02-08 23:32 . 2004-08-20 22:01 700,928 --a------ C:\WINDOWS\system32\sxs.dll
2008-02-08 23:32 . 2004-08-20 22:01 700,928 --a--c--- C:\WINDOWS\system32\dllcache\sxs.dll
2008-02-08 23:32 . 2004-08-20 22:01 82,432 --a------ C:\WINDOWS\system32\fldrclnr.dll
2008-02-08 23:32 . 2004-08-20 22:01 82,432 --a--c--- C:\WINDOWS\system32\dllcache\fldrclnr.dll
2008-02-08 23:27 . 2004-03-30 01:48 36,864 --a------ C:\WINDOWS\system32\mf3216.dll
2008-02-08 23:27 . 2004-03-30 01:48 36,864 --a--c--- C:\WINDOWS\system32\dllcache\mf3216.dll
2008-02-08 23:26 . 2005-10-20 22:33 991,232 --a------ C:\WINDOWS\system32\esent.dll
2008-02-08 23:25 . 2004-10-12 16:22 170,112 --a--c--- C:\WINDOWS\system32\dllcache\rdbss.sys
2008-02-08 23:25 . 2004-10-28 01:29 92,160 --a--c--- C:\WINDOWS\system32\dllcache\cscdll.dll
2008-02-08 23:25 . 2004-10-28 01:29 92,160 --a------ C:\WINDOWS\system32\cscdll.dll
2008-02-08 23:20 . 2005-08-22 18:36 154,624 --a------ C:\WINDOWS\system32\netman.dll
2008-02-08 23:20 . 2005-08-23 03:51 111,104 --a------ C:\WINDOWS\system32\umpnpmgr.dll
2008-02-08 23:16 . 2005-06-15 17:50 285,184 --a------ C:\WINDOWS\system32\kerberos.dll
2008-02-08 23:16 . 2005-06-10 23:55 53,248 --a------ C:\WINDOWS\system32\spoolsv.exe
2008-02-08 23:15 . 2005-07-08 16:09 238,592 --a------ C:\WINDOWS\system32\tapisrv.dll
2008-02-08 23:15 . 2005-06-29 01:54 68,608 --a------ C:\WINDOWS\system32\mscms.dll
2008-02-08 23:12 . 2005-04-22 05:20 51,712 --a--c--- C:\WINDOWS\system32\dllcache\agentdpv.dll
2008-02-08 23:10 . 2005-03-02 18:20 53,760 --a------ C:\WINDOWS\system32\authz.dll
2008-02-08 23:07 . 2005-01-11 01:20 118,272 -----c--- C:\WINDOWS\system32\dllcache\dhtmled.ocx
2008-02-08 23:06 . 2004-12-07 19:34 79,872 -----c--- C:\WINDOWS\system32\dllcache\srvsvc.dll
2008-02-08 23:05 . 2004-11-16 21:32 68,096 --a------ C:\WINDOWS\system32\hlink.dll
2008-02-08 23:05 . 2004-11-16 21:32 68,096 --a--c--- C:\WINDOWS\system32\dllcache\hlink.dll
2008-02-08 23:02 . 2004-10-28 18:06 201,216 -----c--- C:\WINDOWS\system32\dllcache\wordpad.exe
2008-02-08 23:01 . 2004-10-28 01:29 681,984 -----c--- C:\WINDOWS\system32\dllcache\lsasrv.dll
2008-02-08 23:01 . 2004-11-17 17:57 493,056 --a------ C:\WINDOWS\system32\hypertrm.dll
2008-02-08 23:01 . 2004-10-28 01:29 116,736 -----c--- C:\WINDOWS\system32\dllcache\shsvcs.dll
2008-02-08 23:00 . 2004-10-15 21:01 577,536 --a------ C:\WINDOWS\system32\mlang.dll
2008-02-08 23:00 . 2004-10-15 21:01 577,536 -----c--- C:\WINDOWS\system32\dllcache\mlang.dll
2008-02-07 21:13 . 2008-02-07 21:20 <DIR> d-------- C:\Program Files\SlySoft
2008-02-07 21:08 . 2008-02-07 21:08 9,868,672 --a------ C:\Program Files\Alcohol120_trial_1[1].9.7.6022.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 16:49 --------- d-----w C:\Program Files\PestPatrol
2008-03-06 09:36 --------- d-----w C:\Documents and Settings\User\Application Data\AVG7
2008-03-01 21:08 --------- d-----w C:\Program Files\Trend Micro
2008-02-23 16:50 --------- d-----w C:\Program Files\AOL 9.0
2008-02-21 18:57 --------- d-----w C:\Program Files\Common Files\aolshare
2008-02-21 18:57 --------- d-----w C:\Program Files\Common Files\AOL
2008-02-10 15:59 1,362,977 ----a-w C:\Program Files\BitLord_1.01.exe
2008-02-10 13:57 --------- d-----w C:\Program Files\SopCast
2008-02-10 10:39 --------- d-----w C:\Program Files\TVUPlayer
2008-02-07 21:57 --------- d-----w C:\Program Files\XviD
2008-02-05 18:22 --------- d-----w C:\Program Files\Easy MPEG AVI DIVX WMV RM to DVD
2008-02-04 20:49 6,033,094 ----a-w C:\Program Files\easy_video_to_dvd.exe
2008-01-27 18:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 23:44 1,528,418 ----a-w C:\Program Files\revosetup.exe
2008-01-26 23:40 1,709,019 ----a-w C:\Program Files\MoffCalc2Setup.exe
2008-01-21 23:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU networks
2008-01-20 23:05 100,274 ----a-w C:\Program Files\onecentauction.pdf
2008-01-20 18:52 23,405,072 ----a-w C:\Program Files\AdbeRdr811_en_US.exe
2008-01-17 22:54 --------- d-----w C:\Program Files\Ulead Systems
2008-01-17 22:52 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-17 22:50 --------- d-----w C:\Program Files\Oront Burning Kit 2
2008-01-17 22:48 --------- d-----w C:\Program Files\mIRC
2008-01-11 22:45 --------- d-----w C:\Documents and Settings\User\Application Data\Obsidium
2008-01-11 22:43 6,143,310 ----a-w C:\Program Files\burningkit2_basic.exe
2008-01-10 23:27 287,240 ----a-w C:\Program Files\dxwebsetup.exe
2008-01-10 23:26 15,452,536 ----a-w C:\Program Files\IE7-WindowsXP-x86-enu.exe
2008-01-10 23:25 1,446,464 ----a-w C:\Program Files\Silverlight.exe
2007-12-31 13:14 18,067,416 ----a-w C:\Program Files\turbo lister.exe
2007-12-30 19:54 10,178,247 ----a-w C:\Program Files\orlRNM450e_enu.exe
2007-12-21 21:17 2,003,176 ----a-w C:\Program Files\WindowsInstaller-KB884016-v2-x86.exe
2007-12-12 00:25 53,143 ----a-w C:\Program Files\media.htm
2007-10-07 14:08 91,346,756 ----a-w C:\Program Files\diagnostic disc.exe
2007-09-29 12:09 | |
Previous
Index
Next
Threaded
Edit
Reply
Quote
