Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJackThis log. I suspect Malware/Spyware


  • Please log in to reply

#1
spazzy

spazzy

    New Member

  • Member
  • Pip
  • 8 posts
[size=7Logfile of HijackThis v1.99.1
Scan saved at 7:52:11 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\AOL\1153773034\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgFat.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
c:\program files\common files\aol\1153773034\ee\aim6.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\DOCUME~1\OWNER~1.HPD\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = (value not set)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153773034\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153983174156
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Vikesrock8411

Vikesrock8411

    Visiting Staff

  • Member
  • PipPipPip
  • 456 posts
There isn't much showing in your log, so we'll try a general cleaning and see what turns up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Downloads(make sure to save these in a permanent location)
Cleanup!- Install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Ewido Anti-Spyware
  • Install Ewido Anti-Spyware
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • I also recommend changing the "Update interval" to something more reasonable like 12 hours.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Tools
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
  • Click on the "Temporary Files" and uncheck the box for "Scan drives for file matching" if itís checked.
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted. If prompted to reboot, click No.

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
Once finished, click the Save report button, then click Save Report As and save it to your desktop.

Reboot your system in Normal Mode.

Online Scans
Perform an online scan with Internet Explorer with Panda ActiveScan
** click on "Free use ActiveScan" located on the top right hand corner
  • Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  • Click Scan Now
  • Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan


In your next post please include:
  • Panda Activescan Log
  • Ewido Log
  • A new Hijackthis! Log

  • 0

#3
spazzy

spazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:24:28 PM, on 8/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1153773034\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Owner.HPDESKTOP\Desktop\HijackThis.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = (value not set)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153773034\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153983174156
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

hey guys i was told to post here because when it comes to reading those logs i am :whistling: <---- so please let me know if my computer is bad :help: or good :blink: Thanks so much for help you guys are a ton of help for all of my computer needs :)
  • 0

#4
Vikesrock8411

Vikesrock8411

    Visiting Staff

  • Member
  • PipPipPip
  • 456 posts
Download combofix.exe-Save it to your Desktop.

Double click combofix.exe & follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  • 0

#5
spazzy

spazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Alright, Scanning now.
  • 0

#6
spazzy

spazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Alrighty vikes heres what came back after using combofix:

Owner - 06-08-20 2:25:23.50
ComboFix 06.08.18 - Running from: C:\Documents and Settings\Owner.HPDESKTOP\Desktop

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Administrator\Application Data\Sskknwrd.dll
C:\Documents and Settings\Brandon\Application Data\Sskknwrd.dll
C:\Documents and Settings\Default User\Application Data\Sskknwrd.dll
C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\timessquare1.dat
C:\Program Files\Common Files\Download\mc-110-12-0000228.exe
C:\Program Files\Common Files\download
C:\Program Files\Common Files\windows
C:\Program Files\outlook
C:\Program Files\winupdate
C:\Program Files\winupdates


((((((((((((((((((((((((((((((( Files Created from 2006-07-20 to 2006-08-20 ))))))))))))))))))))))))))))))))))


2006-08-18 02:27 65,536 C:\WINDOWS\system32\nvrszht.dll
2006-08-18 02:27 65,536 C:\WINDOWS\system32\nvrszhc.dll
2006-08-18 02:27 262,144 C:\WINDOWS\system32\nvwrses.dll
2006-08-18 02:27 253,952 C:\WINDOWS\system32\nvwrspt.dll
2006-08-18 02:27 249,856 C:\WINDOWS\system32\nvwrsptb.dll
2006-08-18 02:27 249,856 C:\WINDOWS\system32\nvwrsit.dll
2006-08-18 02:27 249,856 C:\WINDOWS\system32\nvwrsfr.dll
2006-08-18 02:27 245,760 C:\WINDOWS\system32\nvwrsnl.dll
2006-08-18 02:27 241,664 C:\WINDOWS\system32\nvwrsde.dll
2006-08-18 02:27 237,568 C:\WINDOWS\system32\nvwrstr.dll
2006-08-18 02:27 237,568 C:\WINDOWS\system32\nvwrsfi.dll
2006-08-18 02:27 233,472 C:\WINDOWS\system32\nvwrsno.dll
2006-08-18 02:27 229,376 C:\WINDOWS\system32\nvwrssv.dll
2006-08-18 02:27 229,376 C:\WINDOWS\system32\nvwrsda.dll
2006-08-18 02:27 221,184 C:\WINDOWS\system32\nvwrseng.dll
2006-08-18 02:27 221,184 C:\WINDOWS\system32\nvwrsar.dll
2006-08-18 02:27 172,032 C:\WINDOWS\system32\nvrsar.dll
2006-08-18 02:27 163,840 C:\WINDOWS\system32\nvwrsja.dll
2006-08-18 02:27 151,552 C:\WINDOWS\system32\nvwrsko.dll
2006-08-18 02:27 143,360 C:\WINDOWS\system32\nvrsko.dll
2006-08-18 02:27 143,360 C:\WINDOWS\system32\nvrsja.dll
2006-08-18 02:27 135,168 C:\WINDOWS\system32\nvrsit.dll
2006-08-18 02:27 135,168 C:\WINDOWS\system32\nvrsfr.dll
2006-08-18 02:27 131,072 C:\WINDOWS\system32\nvwrszht.dll
2006-08-18 02:27 131,072 C:\WINDOWS\system32\nvrsptb.dll
2006-08-18 02:27 131,072 C:\WINDOWS\system32\nvrsnl.dll
2006-08-18 02:27 131,072 C:\WINDOWS\system32\nvrses.dll
2006-08-18 02:27 131,072 C:\WINDOWS\system32\nvrsde.dll
2006-08-18 02:27 126,976 C:\WINDOWS\system32\nvwrszhc.dll
2006-08-18 02:27 126,976 C:\WINDOWS\system32\nvrspt.dll
2006-08-18 02:27 122,880 C:\WINDOWS\system32\nvrstr.dll
2006-08-18 02:27 122,880 C:\WINDOWS\system32\nvrsda.dll
2006-08-18 02:27 118,784 C:\WINDOWS\system32\nvrssv.dll
2006-08-18 02:27 118,784 C:\WINDOWS\system32\nvrsno.dll
2006-08-18 02:27 118,784 C:\WINDOWS\system32\nvrseng.dll
2006-08-18 02:27 114,688 C:\WINDOWS\system32\nvrsfi.dll
2006-08-18 02:27 1,007,616 C:\WINDOWS\system32\nviewimg.dll
2006-08-18 01:15 204,800 C:\WINDOWS\WPUninstall.exe
2006-08-18 01:05 111,564 C:\WINDOWS\system32\dneinobj.dll
2006-08-18 01:04 299,520 C:\WINDOWS\uninst.exe
2006-08-18 00:17 87,040 C:\WINDOWS\UnGins.exe
2006-08-14 23:49 368,912 C:\WINDOWS\system32\vbar332.dll
2006-08-14 23:47 73,216 C:\WINDOWS\ST6UNST.EXE
2006-08-14 23:47 249,856 C:\WINDOWS\Setup1.exe
2006-08-12 23:57 117,760 C:\WINDOWS\system32\xmllite.dll
2006-08-07 05:43 6,656 C:\WINDOWS\system32\c_is2022.dll
2006-08-07 05:42 8,704 C:\WINDOWS\system32\kbdjpn.dll
2006-08-07 05:42 8,192 C:\WINDOWS\system32\kbdkor.dll
2006-08-07 05:42 6,144 C:\WINDOWS\system32\kbd106.dll
2006-08-07 05:42 6,144 C:\WINDOWS\system32\kbd101c.dll
2006-08-07 05:42 6,144 C:\WINDOWS\system32\kbd101b.dll
2006-08-07 05:42 5,632 C:\WINDOWS\system32\kbd103.dll
2006-07-28 06:41 36,864 C:\WINDOWS\system32\wbsys.dll
2006-07-28 06:41 20,480 C:\WINDOWS\system32\wbload.dll
2006-07-28 06:31 208,896 C:\WINDOWS\system32\NVUNINST.EXE
2006-07-27 19:24 28,672 C:\WINDOWS\system32\verclsid.exe
2006-07-27 02:53 18,200 C:\WINDOWS\system32\wups2.dll
2006-07-27 02:24 9,216 C:\WINDOWS\system32\proxycfg.exe
2006-07-27 02:24 88,064 C:\WINDOWS\system32\p2pnetsh.dll
2006-07-27 02:24 870,784 C:\WINDOWS\system32\ati3d1ag.dll
2006-07-27 02:24 86,016 C:\WINDOWS\system32\p2pgasvc.dll
2006-07-27 02:24 86,016 C:\WINDOWS\system32\mdmxsdk.dll
2006-07-27 02:24 81,408 C:\WINDOWS\system32\wscsvc.dll
2006-07-27 02:24 8,192 C:\WINDOWS\system32\smbinst.exe
2006-07-27 02:24 8,192 C:\WINDOWS\system32\bitsprx2.dll
2006-07-27 02:24 78,848 C:\WINDOWS\system32\ieencode.dll
2006-07-27 02:24 75,776 C:\WINDOWS\system32\strmfilt.dll
2006-07-27 02:24 73,832 C:\WINDOWS\system32\slcoinst.dll
2006-07-27 02:24 73,796 C:\WINDOWS\system32\slserv.exe
2006-07-27 02:24 71,680 C:\WINDOWS\system32\blastcln.exe
2006-07-27 02:24 7,680 C:\WINDOWS\system32\kbdsmsno.dll
2006-07-27 02:24 7,680 C:\WINDOWS\system32\kbdsmsfi.dll
2006-07-27 02:24 7,168 C:\WINDOWS\system32\kbdukx.dll
2006-07-27 02:24 7,168 C:\WINDOWS\system32\kbdno1.dll
2006-07-27 02:24 7,168 C:\WINDOWS\system32\kbdfi1.dll
2006-07-27 02:24 7,168 C:\WINDOWS\system32\bitsprx3.dll
2006-07-27 02:24 60,416 C:\WINDOWS\system32\fwcfg.dll
2006-07-27 02:24 6,656 C:\WINDOWS\system32\kbdinmal.dll
2006-07-27 02:24 6,656 C:\WINDOWS\system32\kbdinben.dll
2006-07-27 02:24 6,144 C:\WINDOWS\system32\kbdmlt48.dll
2006-07-27 02:24 6,144 C:\WINDOWS\system32\kbdmlt47.dll
2006-07-27 02:24 6,144 C:\WINDOWS\system32\kbdinbe1.dll
2006-07-27 02:24 59,392 C:\WINDOWS\system32\logman.exe
2006-07-27 02:24 526,848 C:\WINDOWS\system32\p2psvc.dll
2006-07-27 02:24 516,768 C:\WINDOWS\system32\ativvaxx.dll
2006-07-27 02:24 50,688 C:\WINDOWS\system32\btpanui.dll
2006-07-27 02:24 50,176 C:\WINDOWS\system32\xmlprovi.dll
2006-07-27 02:24 5,632 C:\WINDOWS\system32\kbdmaori.dll
2006-07-27 02:24 49,152 C:\WINDOWS\system32\powercfg.exe
2006-07-27 02:24 48,640 C:\WINDOWS\system32\pnrpnsp.dll
2006-07-27 02:24 44,032 C:\WINDOWS\system32\twext.dll
2006-07-27 02:24 438,784 C:\WINDOWS\system32\xpob2res.dll
2006-07-27 02:24 397,056 C:\WINDOWS\system32\s3gnb.dll
2006-07-27 02:24 377,984 C:\WINDOWS\system32\ati2dvaa.dll
2006-07-27 02:24 32,866 C:\WINDOWS\system32\slrundll.exe
2006-07-27 02:24 32,768 C:\WINDOWS\system32\ativtmxx.dll
2006-07-27 02:24 32,285 C:\WINDOWS\system32\hsfcisp2.dll
2006-07-27 02:24 312,320 C:\WINDOWS\system32\p2pgraph.dll
2006-07-27 02:24 30,208 C:\WINDOWS\system32\bthserv.dll
2006-07-27 02:24 29,184 C:\WINDOWS\system32\sdhcinst.dll
2006-07-27 02:24 286,792 C:\WINDOWS\system32\slextspk.dll
2006-07-27 02:24 24,576 C:\WINDOWS\system32\httpapi.dll
2006-07-27 02:24 229,376 C:\WINDOWS\system32\ati2cqag.dll
2006-07-27 02:24 22,528 C:\WINDOWS\system32\fltmc.exe
2006-07-27 02:24 201,728 C:\WINDOWS\system32\ati2dvag.dll
2006-07-27 02:24 20,992 C:\WINDOWS\system32\bthci.dll
2006-07-27 02:24 193,024 C:\WINDOWS\system32\fsquirt.exe
2006-07-27 02:24 188,508 C:\WINDOWS\system32\slgen.dll
2006-07-27 02:24 17,408 C:\WINDOWS\system32\winshfhc.dll
2006-07-27 02:24 16,896 C:\WINDOWS\system32\fltlib.dll
2006-07-27 02:24 15,872 C:\WINDOWS\system32\w3ssl.dll
2006-07-27 02:24 14,336 C:\WINDOWS\system32\auditusr.exe
2006-07-27 02:24 13,824 C:\WINDOWS\system32\wscntfy.exe
2006-07-27 02:24 13,824 C:\WINDOWS\system32\cmsetacl.dll
2006-07-27 02:24 129,536 C:\WINDOWS\system32\xmlprov.dll
2006-07-27 02:24 118,784 C:\WINDOWS\system32\msdadiag.dll
2006-07-27 02:24 116,224 C:\WINDOWS\system32\p2p.dll
2006-07-27 02:24 108,032 C:\WINDOWS\system32\wshbth.dll
2006-07-27 02:24 1,888,992 C:\WINDOWS\system32\ati3duag.dll
2006-07-27 02:24 1,737,856 C:\WINDOWS\system32\mtxparhd.dll
2006-07-27 02:20 22,752 C:\WINDOWS\system32\spupdsvc.exe
2006-07-26 21:18 87,040 C:\WINDOWS\system32\drmstor.dll
2006-07-26 21:18 809,984 C:\WINDOWS\system32\wmvdmod.dll
2006-07-26 21:18 759,296 C:\WINDOWS\system32\wmsdmod.dll
2006-07-26 21:18 695,296 C:\WINDOWS\system32\drmv2clt.dll
2006-07-26 21:18 670,720 C:\WINDOWS\system32\wmadmoe.dll
2006-07-26 21:18 6,656 C:\WINDOWS\system32\laprxy.dll
2006-07-26 21:18 408,064 C:\WINDOWS\system32\wmadmod.dll
2006-07-26 21:18 299,520 C:\WINDOWS\system32\drmclien.dll
2006-07-26 21:18 286,208 C:\WINDOWS\system32\blackbox.dll
2006-07-26 21:18 259,072 C:\WINDOWS\system32\msnetobj.dll
2006-07-26 21:18 240,640 C:\WINDOWS\system32\mpg4dmod.dll
2006-07-26 21:18 237,568 C:\WINDOWS\system32\qasf.dll
2006-07-26 21:18 230,400 C:\WINDOWS\system32\wmasf.dll
2006-07-26 21:18 2,105,344 C:\WINDOWS\system32\wmvcore.dll
2006-07-26 21:18 103,936 C:\WINDOWS\system32\logagent.exe
2006-07-26 21:18 1,050,624 C:\WINDOWS\system32\wmnetmgr.dll
2006-07-26 21:17 86,016 C:\WINDOWS\unvise32qt.exe
2006-07-26 21:17 102,400 C:\WINDOWS\system32\SimpleRegistry.dll
2006-07-26 21:17 10,752 C:\WINDOWS\system32\aamd532.dll
2006-07-25 22:21 57,344 C:\WINDOWS\system32\dpwsockx.dll
2006-07-25 22:21 385,024 C:\WINDOWS\system32\qdvd.dll
2006-07-25 22:21 367,616 C:\WINDOWS\system32\dsound.dll
2006-07-25 22:21 279,040 C:\WINDOWS\system32\qdv.dll
2006-07-25 22:21 266,240 C:\WINDOWS\system32\ddraw.dll
2006-07-25 22:21 104,448 C:\WINDOWS\system32\dmusic.dll
2006-07-25 22:21 1,689,088 C:\WINDOWS\system32\d3d9.dll
2006-07-25 22:21 1,179,648 C:\WINDOWS\system32\d3d8.dll
2006-07-25 09:01 2,297,552 C:\WINDOWS\system32\d3dx9_26.dll
2006-07-25 09:00 63,768 C:\WINDOWS\system32\dxdllreg.exe
2006-07-25 09:00 50,688 C:\WINDOWS\system32\wstdecod.dll
2006-07-25 09:00 363,520 C:\WINDOWS\system32\psisdecd.dll
2006-07-25 09:00 229,888 C:\WINDOWS\system32\dplayx.dll
2006-07-25 09:00 2,113,536 C:\WINDOWS\system32\dxdiagn.dll
2006-07-25 09:00 181,248 C:\WINDOWS\system32\dmime.dll
2006-07-25 09:00 17,408 C:\WINDOWS\system32\msyuv.dll
2006-07-25 09:00 1,428,480 C:\WINDOWS\system32\msvidctl.dll
2006-07-25 09:00 1,298,432 C:\WINDOWS\system32\dxdiag.exe
2006-07-24 22:21 465,176 C:\WINDOWS\system32\wuapi.dll
2006-07-24 22:21 41,240 C:\WINDOWS\system32\wups.dll
2006-07-24 22:21 194,328 C:\WINDOWS\system32\wuaueng1.dll
2006-07-24 22:21 173,536 C:\WINDOWS\system32\wuweb.dll
2006-07-24 22:21 172,312 C:\WINDOWS\system32\wuauclt1.exe
2006-07-24 22:21 127,256 C:\WINDOWS\system32\wucltui.dll
2006-07-23 16:33 221,184 C:\WINDOWS\system32\wmpns.dll
2006-07-23 16:33 198,424 C:\WINDOWS\system32\iuengine.dll
2006-07-23 16:17 204,800 C:\WINDOWS\system32\IVIresizeW7.dll
2006-07-23 16:17 200,704 C:\WINDOWS\system32\IVIresizeA6.dll
2006-07-23 16:17 20,480 C:\WINDOWS\system32\IVIresize.dll
2006-07-23 16:17 192,512 C:\WINDOWS\system32\IVIresizeP6.dll
2006-07-23 16:17 192,512 C:\WINDOWS\system32\IVIresizeM6.dll
2006-07-23 16:17 188,416 C:\WINDOWS\system32\IVIresizePX.dll
2006-07-23 16:15 753,664 C:\WINDOWS\system32\nwiz.exe
2006-07-23 16:15 450,560 C:\WINDOWS\system32\nvshell.dll
2006-07-23 16:15 397,312 C:\WINDOWS\system32\nvappbar.exe
2006-07-23 16:15 208,896 C:\WINDOWS\system32\nvudisp.exe
2006-07-23 16:15 1,175,552 C:\WINDOWS\system32\nview.dll
2006-07-22 02:51 2,560 C:\WINDOWS\_MSRSTRT.EXE


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-20 02:29 -------- d-------- C:\Program Files\Common Files
2006-08-20 01:55 -------- d-------- C:\Program Files\Trillian
2006-08-20 00:24 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-20 00:24 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-08-19 23:50 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\teamspeak2
2006-08-19 23:23 -------- d-------- C:\Program Files\Lavasoft
2006-08-19 14:39 -------- d-------- C:\Program Files\GameSpy Arcade
2006-08-19 14:36 -------- d-------- C:\Program Files\Microsoft Games
2006-08-19 13:34 163644 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2006-08-19 13:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-19 13:11 -------- d-------- C:\Program Files\Activision
2006-08-18 21:56 -------- d---s---- C:\Program Files\Xfire
2006-08-18 18:22 -------- d-------- C:\Program Files\AOL
2006-08-18 18:22 -------- d-------- C:\Program Files\AOD
2006-08-18 03:33 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\ACStealth4
2006-08-18 01:05 -------- d-------- C:\Program Files\Common Files\Deterministic Networks
2006-08-18 01:05 -------- d-------- C:\Program Files\Blue Coat Systems
2006-08-18 00:17 -------- d-------- C:\Program Files\Intelore
2006-08-17 21:31 -------- d-------- C:\Program Files\Jetico
2006-08-17 20:08 -------- d-------- C:\Program Files\Common Files\AOL
2006-08-17 20:08 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\AOL
2006-08-17 19:56 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-08-17 19:36 -------- d-------- C:\Program Files\TGTSoft
2006-08-16 19:39 19961 --a------ C:\Documents and Settings\Owner.HPDESKTOP\Application Data\CleanUp!.log
2006-08-16 18:11 -------- d-------- C:\Program Files\Messenger History
2006-08-16 18:10 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\Messenger History
2006-08-15 15:52 777472 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-08-15 15:52 27904 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-08-15 01:11 -------- d-------- C:\Program Files\Yahoo!
2006-08-15 01:11 -------- d-------- C:\Program Files\CCleaner
2006-08-15 01:04 -------- d-------- C:\Program Files\Privacy Shield
2006-08-15 00:54 -------- d-------- C:\Program Files\Steam
2006-08-14 23:48 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-08-14 23:48 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-08-14 23:48 23424 --a------ C:\WINDOWS\system32\drivers\avgmfrs.sys
2006-08-14 23:48 -------- d-------- C:\Program Files\Grisoft
2006-08-14 23:48 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\AVG7
2006-08-14 23:47 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-08-14 23:47 249856 --------- C:\WINDOWS\Setup1.exe
2006-08-13 19:08 95852 --a------ C:\Documents and Settings\Owner.HPDESKTOP\Application Data\Applist.txt
2006-08-13 18:59 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\CyberScrub
2006-08-13 00:16 -------- d-------- C:\Program Files\Internet Explorer
2006-08-13 00:08 -------- d-------- C:\Program Files\PCPitstop
2006-08-11 21:47 -------- d-------- C:\Program Files\America Online 9.0
2006-08-11 19:01 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\LimeWire
2006-08-07 00:28 -------- d-------- C:\Program Files\Google
2006-08-04 04:46 -------- d-------- C:\Program Files\IGN
2006-07-30 10:54 -------- d-------- C:\Program Files\MUSICMATCH
2006-07-29 18:47 -------- d---s---- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\Microsoft
2006-07-29 18:47 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\Ventrilo
2006-07-27 19:50 -------- d-------- C:\Program Files\Windows Defender
2006-07-27 19:34 -------- d-------- C:\Program Files\Windows Media Player
2006-07-27 19:34 -------- d-------- C:\Program Files\Messenger
2006-07-27 19:30 -------- d-------- C:\Program Files\Outlook Express
2006-07-27 19:30 -------- d-------- C:\Program Files\Common Files\System
2006-07-27 19:12 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\Macromedia
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-27 02:24 -------- d-------- C:\Program Files\Windows NT
2006-07-27 02:24 -------- d-------- C:\Program Files\NetMeeting
2006-07-27 02:24 -------- d-------- C:\Program Files\Movie Maker
2006-07-26 22:02 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\AdobeUM
2006-07-26 21:30 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-26 21:29 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-07-26 21:29 -------- d-------- C:\Program Files\Common Files\DESIGNER
2006-07-26 21:25 -------- d-------- C:\Program Files\Common Files\aolshare
2006-07-26 21:18 -------- d-------- C:\Program Files\Common Files\aolback
2006-07-26 21:18 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\You've Got Pictures Screensaver
2006-07-26 21:17 -------- d-------- C:\Program Files\QuickTime
2006-07-26 21:17 -------- d-------- C:\Program Files\Pure Networks
2006-07-25 09:07 -------- d-------- C:\Program Files\Teamspeak2_RC2
2006-07-25 08:57 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\Xfire
2006-07-25 08:27 -------- d-------- C:\Program Files\Java
2006-07-24 22:21 -------- d--h----- C:\Program Files\WindowsUpdate
2006-07-24 16:31 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\acccore
2006-07-24 16:30 -------- d-------- C:\Program Files\Viewpoint
2006-07-24 16:30 -------- d-------- C:\Documents and Settings\Owner.HPDESKTOP\Application Data\Mozilla
2006-07-23 18:51 -------- d-------- C:\Program Files\Common Files\Services
2006-07-23 17:49 -------- d-------- C:\Program Files\CleanUp!
2006-07-23 17:33 4113 --a------ C:\WINDOWS\viassary-hp.reg
2006-07-23 16:46 33952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-07-23 16:40 -------- d-------- C:\Program Files\Easy Internet signup
2006-07-22 15:04 -------- d-------- C:\Program Files\MSXML 4.0
2006-07-22 01:48 -------- d-------- C:\Program Files\Brother
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-20 21:58 -------- d-------- C:\Program Files\fsupport
2006-06-23 18:55 208896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2006-06-23 18:55 208896 --a------ C:\WINDOWS\system32\nvugart.exe
2006-06-23 18:55 208896 --a------ C:\WINDOWS\system32\nvudisp.exe
2006-06-23 16:49 888832 --a------ C:\WINDOWS\system32\nvmobls.dll
2006-06-23 16:49 794624 --a------ C:\WINDOWS\system32\nvcplui.exe
2006-06-23 16:49 581632 --a------ C:\WINDOWS\system32\nvhwvid.dll
2006-06-23 16:49 5652480 --a------ C:\WINDOWS\system32\nvdisps.dll
2006-06-23 16:49 45056 --a------ C:\WINDOWS\system32\nvmccsrs.dll
2006-06-23 16:49 425984 --a------ C:\WINDOWS\system32\keystone.exe
2006-06-23 16:49 311296 --a------ C:\WINDOWS\system32\nvexpbar.dll
2006-06-23 16:49 3026944 --a------ C:\WINDOWS\system32\nvgames.dll
2006-06-23 16:49 2924544 --a------ C:\WINDOWS\system32\nvvitvs.dll
2006-06-23 16:49 286720 --a------ C:\WINDOWS\system32\nvnt4cpl.dll
2006-06-23 16:49 229376 --a------ C:\WINDOWS\system32\nvmccs.dll
2006-06-23 16:49 196608 --a------ C:\WINDOWS\system32\nvapi.dll
2006-06-23 16:49 188416 --a------ C:\WINDOWS\system32\nvmccss.dll
2006-06-23 16:49 147456 --a------ C:\WINDOWS\system32\nvcolor.exe
2006-06-23 16:49 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2006-06-23 16:49 1257472 --a------ C:\WINDOWS\system32\nvwss.dll
2006-06-23 16:49 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2006-06-23 09:28 5512704 --------- C:\WINDOWS\system32\ieframe.dll
2006-06-23 09:28 47616 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-06-23 09:28 454144 --------- C:\WINDOWS\system32\msfeeds.dll
2006-06-23 09:28 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-06-23 09:28 223744 --a------ C:\WINDOWS\system32\webcheck.dll
2006-06-23 09:28 179200 --------- C:\WINDOWS\system32\ieui.dll
2006-06-23 09:28 155648 --a------ C:\WINDOWS\system32\msls31.dll
2006-06-23 05:41 172544 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-06-23 05:40 78848 --a------ C:\WINDOWS\system32\ieencode.dll
2006-06-23 05:40 40960 --a------ C:\WINDOWS\system32\url.dll
2006-06-23 05:39 99328 --a------ C:\WINDOWS\system32\occache.dll
2006-06-23 05:39 39424 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-06-23 05:37 14336 --a------ C:\WINDOWS\system32\corpol.dll
2006-06-23 05:34 81920 --a------ C:\WINDOWS\system32\admparse.dll
2006-06-23 05:34 50688 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-06-23 05:34 372736 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-06-23 05:34 228864 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-06-23 05:34 167936 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-06-23 05:33 54272 --a------ C:\WINDOWS\system32\iesetup.dll
2006-06-23 05:33 41984 --a------ C:\WINDOWS\system32\iernonce.dll
2006-06-23 05:33 121856 --a------ C:\WINDOWS\system32\advpack.dll
2006-06-23 05:30 11776 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-06-23 05:29 55296 --------- C:\WINDOWS\system32\icardie.dll
2006-06-23 05:29 35328 --a------ C:\WINDOWS\system32\imgutil.dll
2006-06-23 05:27 251392 --------- C:\WINDOWS\system32\iertutil.dll
2006-06-23 05:26 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-06-23 04:46 377856 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-06-23 04:45 48640 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-06-23 04:41 172032 --a------ C:\WINDOWS\system32\ieakui.dll
2006-06-21 14:25 -------- d-------- C:\Program Files\Incomplete
2006-06-19 15:18 23552 --------- C:\WINDOWS\system32\idndl.dll
2006-06-19 15:18 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-06-19 15:18 20480 --------- C:\WINDOWS\system32\normaliz.dll
2006-05-31 07:22 63768 --a------ C:\WINDOWS\system32\dxdllreg.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HPHUPD05"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"HPHmon05"="C:\\WINDOWS\\System32\\hphmon05.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"VTTimer"="VTTimer.exe"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"Sunkist2k"="C:\\Program Files\\Multimedia Card Reader\\shwicon2k.exe"
"Reminder"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"AlcxMonitor"="ALCXMNTR.EXE"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1153773034\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"BCWipeTM Startup"="\"C:\\Program Files\\Jetico\\BCWipe\\BCWipeTM.exe\" startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\\Program Files\\HP\\Digital Imaging\\bin\\backupnotify.exe"
"Aim6"="\"C:\\Program Files\\Common Files\\AOL\\Launch\\AOLLaunch.exe\" /d locale=en-US ee://aol/imApp"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,ea,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

Completion time: Sun 08/20/2006 2:32:52.60
ComboFix.txt
  • 0

#7
Vikesrock8411

Vikesrock8411

    Visiting Staff

  • Member
  • PipPipPip
  • 456 posts
Download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Post a new Hijackthis log and let me know how your PC is running now please
  • 0

#8
spazzy

spazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
alright doing that now
  • 0

#9
spazzy

spazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
here you are, the new hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 5:11:19 PM, on 8/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\AOL\1153773034\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\interMute\SpamSubtract\SpamSub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trillian\trillian.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\OWNER~1.HPD\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = (value not set)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = (value not set)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1153773034\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSub.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1153983174156
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (file missing)
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
  • 0

#10
Vikesrock8411

Vikesrock8411

    Visiting Staff

  • Member
  • PipPipPip
  • 456 posts
How is the PC running now?
  • 0

#11
spazzy

spazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
:whistling: still slow like just now it took about 1 minute to load this reply page and i am running on cable modem and a 3ghz processor with 512 mb ram tomorrow i am upgrading to 1 gig but i dont think that ram is the issue
  • 0

#12
spazzy

spazzy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
whoa man i have no idea what i just done but i took off that yahoo toolbar and now its flying (i have no idea if it had anything to do with the toolbar or not but now its like way faster) also there are some things dealing with aol on my computer and aol isnt my isp and i want to clear all of aol things off my pc do you know what i should delete or uninstall ? :whistling: you are the man


also this is a log of everything installed on my computer


Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Reader 6.0
Adobe Shockwave Player
Age of Empires III
AIOMinimal
AiOSoftware
AiO_Scan
AOL Uninstaller (Choose which Products to Remove)
AVG Free Edition
BCWipe 3.0
Call of Duty Game of the Year Edition
Call of Duty® 2
CameraDrivers
CCleaner (remove only)
CleanUp!
Copy
CreativeProjects
Director
DocProc
Fax
GameSpy Arcade
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.0
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ350
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1
Microsoft Halo
Microsoft Money 2004 System Pack
Microsoft Money 2004
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox (1.5.0.6)
MSXML 4.0 SP2 Parser and SDK
Multimedia Card Reader
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA GART Driver
Panda ActiveScan
PC-Doctor for Windows
PhotoGallery
Photosmart 140,240,7200,7600,7700,7900 Series
PrintScreen
PS2
PSShortcutsP
Pure Networks Port Magic
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
RealOne Player
RecordNow!
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
SkinsHP1
SkinsHP2
Sonic Update Manager
SpamSubtract
Steam
StyleXP (remove only)
TeamSpeak 2 RC2
Toolkit View(HP)
TrayApp
Trillian
Unload
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Updates from HP
Viewpoint Media Player
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7 Beta 3
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
Xfire (remove only)

Edited by spazzy, 21 August 2006 - 12:40 AM.

  • 0

#13
Vikesrock8411

Vikesrock8411

    Visiting Staff

  • Member
  • PipPipPip
  • 456 posts
Click as if you are going to remove the entry "AOL Uninstaller". It should give you some type of prompt asking you what you wish to uninstall. Choose an item from the list (if checkboxes are present chek all of them). Repeat the process until all items listed are removed.

Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved.

Setting a new Restore Point
Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
  • Tick the checkbox - Turn off System Restore on all drives
  • Click Apply
  • Turn it back 'On' by unticking the same checkbox & click OK
Windows Update
Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site.

Prevention
A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include:
AVG Free
Avast! Home Edition (Antivirus & Firewall)
AntiVir

A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are:
Zone Alarm
Outpost
Tiny Personal Firewall
Sunbelt Kerio Personal Firewall

Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed.

Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses.

IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC.

The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed.

Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all.

Alternative Programs
Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

Desktop Weather - Free taskbar weather program that is free, malware free, and resource light.

Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP