alcan worm [RESOLVED]

Welcome Guest ( Log In | Join )

If you don't enter, you can't win! Enter here

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis� Logs Go Here

alcan worm [RESOLVED], i have already ran the bfu program

Options

cthe12string View Member Profile	Nov 7 2007, 09:13 AM Post #1
New Member Posts: 4 OS: windows xp	Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:03:54 AM, on 11/7/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\svchost.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\system32\TPSBattM.exe C:\toshiba\ivp\ism\pinger.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Napster\napster.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\Fonts\svchost.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\explorer.exe C:\Documents and Settings\Jim Cullins\Desktop\New Briefcase\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JIMCUL~1\LOCALS~1\Temp\2006112133313_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [LoadMSvcmm] "C:\Program Files\Movielink\MovielinkManager\Movielink User.exe" O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1185765508\ee\AOLSoftware.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe O4 - Startup: YPOPs.lnk = ? O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Movielink Core Service - Unknown owner - C:\PROGRA~1\MOVIEL~1\MOVIEL~1\MOVIEL~1.EXE (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8899 bytes

racenutalways View Member Profile	Nov 12 2007, 09:15 AM Post #2
Member 1K Posts: 1,620 From: Sudbury Ont. Canada OS: Vista Home Premium	Hello cthe12string and welcome to G2G. Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% (Drive that contains the Windows Directory, typically C:\SDFix) Please then reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, the Advanced Options Menu should appear; Select the first option, to run Windows in Safe Mode, then press Enter. Choose your usual account. Open the extracted SDFix folder and double click RunThis.bat to start the script. Type Y to begin the cleanup process. It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot. Press any Key and it will restart the PC. When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons. Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt (Report.txt will also be copied to Clipboard ready for posting back on the forum). Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

cthe12string View Member Profile	Nov 12 2007, 11:00 AM Post #3
New Member Posts: 4 OS: windows xp	thank you so much...here are the logs i ran i also want to mention that i did reformat my hard drive since the original hijack this log that i posted in the forum...i dont know if it helped any but i appreciate any and all help on this SDFix: Version 1.114 Run by James Cullins on Mon 11/12/2007 at 10:49 AM Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDFix\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\DOCUME~1\JAMESC~1\LOCALS~1\TEMP\WINAMP.TMP - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-12 10:53:17 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch] "Epoch"=dword:000000cc scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths] "Directory"="C:\Documents and Settings\James Cullins\Local Settings\Temporary Internet Files\Content.IE5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1] "CachePath"="C:\Documents and Settings\James Cullins\Local Settings\Temporary Internet Files\Content.IE5\Cache1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2] "CachePath"="C:\Documents and Settings\James Cullins\Local Settings\Temporary Internet Files\Content.IE5\Cache2" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3] "CachePath"="C:\Documents and Settings\James Cullins\Local Settings\Temporary Internet Files\Content.IE5\Cache3" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4] "CachePath"="C:\Documents and Settings\James Cullins\Local Settings\Temporary Internet Files\Content.IE5\Cache4" scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"="C:\\TOSHIBA\\ivp\\NetInt\\Netint.exe::Enabled:NIE - Toshiba Software Upgrade Engine" "C:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"="C:\\TOSHIBA\\IVP\\ISM\\pinger.exe::Enabled:Toshiba Software Upgrades Pinger" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe::Enabled:AOL" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe::Enabled:LimeWire" "C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe::Enabled:Orb" "C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe::Enabled:OrbTray" "C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe::Enabled:Orb Stream Client" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe::Enabled:AOL" "C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe::Enabled:AOL" "C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe::Enabled:AOL" Remaining Files: --------------- File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 7 Feb 2005 54,384 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe" Mon 7 Feb 2005 156,784 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe" Mon 7 Feb 2005 31,344 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe" Sat 10 Nov 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Finished! and here is the new hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:59:23 AM, on 11/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\MySpace\IM\MySpaceIM.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\YPOPs\YPOPs.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: YPOPs.lnk = ? O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O15 - Trusted Zone: .line6.net O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel� Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8226 bytes This post has been edited by cthe12string*: Nov 12 2007, 11:05 AM

racenutalways View Member Profile	Nov 12 2007, 12:27 PM Post #4
Member 1K Posts: 1,620 From: Sudbury Ont. Canada OS: Vista Home Premium	You re-formatted your PC, yet SDFix found a trojan already?? What anti virus program are you using? You are leaving yourself wide open for re-infection, we will be chasing our tails, install one, PRIORITY ONE. these are free for personal use AVG Anti-Virus Avast Home Edition Avira Anti-vir Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. *O15 - Trusted Zone: .line6.net Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Everything else looks ok, are you experiencing any problems, slow, pop-ups etc....? Let's run an online scanner to make sure nothing else is crawling around that shouldn't be. Panda only works if you are using Internet Explorer. This will clean out all cookies and Temp file, making the Panda Scan a little quicker. Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you also use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you also use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. Please go HERE to run Panda's ActiveScan Once you are on the Panda site click the Scan your PC button A new window will open...click the Check Now button Enter your Country Enter your State/Province Enter your e-mail address and click send Select either Home User or Company Click the big Scan Now button If it wants to install an ActiveX component allow it It will start downloading the files it requires for the scan (Note: It may take a couple of minutes) When download is complete, click on My Computer to start the scan When the scan completes, if anything malicious is detected, click the See Report button, then Save Report** and save it to a convenient location. Post the contents of the ActiveScan report Rescan using HijackThis and post those results as well.

cthe12string View Member Profile	Nov 12 2007, 03:43 PM Post #5
New Member Posts: 4 OS: windows xp	here is the results of the scans on my computer... i have zonealarm security suite installed on my computer should i uninstall it and put in one of the free antivirus programs you suggested Incident Status Location Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.2o7.net/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.advertising.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.burstnet.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.atwola.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.azjmp.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.zedo.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\James Cullins\Application Data\Mozilla\Firefox\Profiles\4vnosdqf.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\James Cullins\Cookies\james cullins@2o7[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\James Cullins\Desktop\New Briefcase\SDFix.exe[SDFix\apps\Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\SDFix\apps\Process.exe here is the hijack this log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:42:05 PM, on 11/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ACS.exe C:\WINDOWS\system32\ZCfgSvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe c:\TOSHIBA\IVP\swupdate\swupdtmr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Apoint2K\Apntex.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\toshiba\ivp\ism\pinger.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Winamp Remote\bin\OrbTray.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\Program Files\Paltalk Messenger\paltalk.exe C:\Program Files\YPOPs\YPOPs.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.toshibadirect.com/dpdstart O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe O4 - HKLM\..\Run: [ZCfgSvc.exe] c:\WINDOWS\system32\ZCfgSvc.exe O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Startup: YPOPs.lnk = ? O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 8234 bytes again thank you for your help on this matter

racenutalways View Member Profile	Nov 13 2007, 09:34 AM Post #6
Member 1K Posts: 1,620 From: Sudbury Ont. Canada OS: Vista Home Premium	QUOTE i have zonealarm security suite As long as it has an anti virus and not just the firewall, you're good to go. Having a firewall along with an anti virus program is a must on all PCs. Your log looks good, is everything running ok? This neat little utility will clean out those pesky cookies, Please download ATF Cleaner by Atribune. This program is for XP and Windows 2000 only Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you also use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you also use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

cthe12string View Member Profile	Nov 13 2007, 10:47 AM Post #7
New Member Posts: 4 OS: windows xp	yes ... it has been running fine as usual .... thank you very much

racenutalways View Member Profile	Nov 15 2007, 11:36 AM Post #8
Member 1K Posts: 1,620 From: Sudbury Ont. Canada OS: Vista Home Premium	Now that you are ready to surf the net peacefully, here are things I like to suggest to users; There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes : Firefox Opera Google Toolbar <= Get the free google toolbar to help stop pop up windows. SpywareBlaster to help prevent spyware from installing in the first place. SpywareGuard to catch and block spyware before it can execute. MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer You should also have a good firewall. Here are 2 free ones available for personal use: Kerio Personal Firewall ZoneAlarm To keep your operating system up to date visit monthly Microsoft Windows Update And to keep your system clean run these free malware scanners AdAware SE Personal........How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware. Spybot Search & Destroy............How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware. And lastly, read Tony Klein's article: So how DID you get infected in the first place?