Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My log file 8-14-06 [RESOLVED]


  • This topic is locked This topic is locked

#1
mrhart

mrhart

    New Member

  • Member
  • Pip
  • 2 posts
Logfile of HijackThis v1.99.1
Scan saved at 2:37:40 PM, on 8/14/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\user\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.refundcents.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\2.tmp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\system32\2.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O16 - DPF: {0122955E-1FB0-11D2-A238-006097FAEE8B} (CscClnt Class) - http://12.47.101.191...everContent.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxres...m/Preloader.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1954A4B1-9627-4CF2-A041-58AA2045CB35} (Brix6ie Control) - http://a19.g.akamai..../v6/brix6ie.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131578243446
O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} (NMInstall Control) - http://a14.g.akamai....GAPANEL_USA.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....21/cpbrkpie.cab
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} (CBSTIEPrint Class) - http://offers.bright...bin/actxcab.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
O16 - DPF: {B991DA79-51F7-4011-98D2-1F2592E82A56} (ACNPlayer2 Class) - http://204.118.132.1.../ACNePlayer.cab
O16 - DPF: {C6B086D2-146B-47A4-A218-B82DCAF2D872} (cpbrxpie Control) - http://a19.g.akamai....20/cpbrxpie.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - C:\WINDOWS\system32\2.tmp (file missing)
O23 - Service: Windows Genuine Advantage Registration Service (wgareg) - Unknown owner - C:\WINDOWS\System32\wgareg.exe (file missing)

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:30:38 PM 8/14/2006

+ Scan result:



C:\WINDOWS\brix6ie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrkpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
C:\WINDOWS\cpbrxpie.ocx -> Adware.Coupons : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\~884591.tmp -> Adware.Wintol : Error during cleaning.
C:\WINDOWS\Temp\~901321.tmp -> Adware.Wintol : Error during cleaning.
C:\WINDOWS\system32\.exe -> Backdoor.IRCBot.st : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wgareg.exe -> Backdoor.IRCBot.st : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\~685910.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\WINDOWS\Temp\~901005.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\WINDOWS\Temp\~907437.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\WINDOWS\Temp\~938234.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\WINDOWS\Temp\~949836.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\WINDOWS\Temp\~960410.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\WINDOWS\Temp\~961038.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\WINDOWS\Temp\~978818.tmp -> Downloader.Wintool.a : Error during cleaning.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TOCFRYJ4\l9rd6g[1].jpg -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\NT\nrcs.exe -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\3.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\4.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\5.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\6.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\7.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\8.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\9.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\A.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\WINDOWS\system32\B.tmp -> Proxy.Ranky.fv : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Adserver : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Bluemountain : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Clickagents : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Clickagents : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Commission-junction : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Directnetadvertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Directnetadvertising : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Gator : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Specificpop : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Targetnet : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][2].txt.bak -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.X10 : Cleaned with backup (quarantined).
C:\Program Files\Enigma Software Group\SpyHunter\Backup\[email protected][1].txt.bak -> TrackingCookie.X10 : Cleaned with backup (quarantined).


::Report end
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi mrhart and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

A. We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME
  • Click HERE for the update.
  • Apply the update.
  • REBOOT YOUR SYSTEM
B. Please post a fresh HJT log for review.

Regards,

Trevuren

  • 0

#3
mrhart

mrhart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I'm sorry to take of your time.
This computer would never let me install SP1 or SP2.
I formatted and reinstalled the OS and everything is updated and working fine.
I appreciate people like you who give of their time and talents to help others, you're an inspiration.
Much thanks!
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
My Pleasure,

Trevuren

  • 0

#5
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP