Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

OOK,Lostman15 Hijack list


  • This topic is locked This topic is locked

#1
LostMan15

LostMan15

    Member

  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:58:50 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Manuel .MANUEL\Local Settings\Temporary Internet Files\Content.IE5\8X6Z89A7\VundoFix[1].exe
C:\Documents and Settings\Manuel .MANUEL\Local Settings\Temporary Internet Files\Content.IE5\GTIJK9AN\HijackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {0919B190-1F20-9526-3A9E-0AE7C5238F88} - C:\WINDOWS\system32\hakjphh.dll (file missing)
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\system32\mmzarpe.dll (file missing)
O2 - BHO: (no name) - {61D75B23-E2A5-0727-63D8-044BE1E59EC8} - C:\WINDOWS\system32\acrbwi.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159585448375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Advances.Com WinShark (WinShark) - Unknown owner - c:\program files\advances.com\winshark\WinShark.exe (file missing)
  • 0

Advertisements


#2
LostMan15

LostMan15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
VundoFix V6.2.4

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 9:16:29 PM 10/16/2006

Listing files found while scanning....


VundoFix V6.2.4

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 9:20:14 PM 10/16/2006

Listing files found while scanning....

C:\WINDOWS\system32\acrbwi.dll
C:\WINDOWS\system32\hakjphh.dll
C:\WINDOWS\system32\mmzarpe.dll
C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\acrbwi.dll
C:\WINDOWS\system32\acrbwi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hakjphh.dll
C:\WINDOWS\system32\hakjphh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mmzarpe.dll
C:\WINDOWS\system32\mmzarpe.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.2.4

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 10:30:01 PM 10/16/2006

Listing files found while scanning....


VundoFix V6.2.4

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 10:34:05 PM 10/16/2006

Listing files found while scanning....

C:\WINDOWS\system32\sstqp.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.2.4

Checking Java version...

Java version is 1.5.0.6

Java version is 1.5.0.7

Scan started at 11:51:55 PM 10/16/2006

Listing files found while scanning....
  • 0

#3
LostMan15

LostMan15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
[10/16/2006, 23:37:37] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Manuel Llangari.MANUEL\Local Settings\Temporary Internet Files\Content.IE5\S9QV8DMN\VirtumundoBeGone[1].exe" )
[10/16/2006, 23:37:41] - Detected System Information:
[10/16/2006, 23:37:41] - Windows Version: 5.1.2600, Service Pack 2
[10/16/2006, 23:37:41] - Current Username: Manuel (Admin)
[10/16/2006, 23:37:41] - Windows is in NORMAL mode.
[10/16/2006, 23:37:41] - Searching for Browser Helper Objects:
[10/16/2006, 23:37:41] - BHO 1: {0919B190-1F20-9526-3A9E-0AE7C5238F88} ()
[10/16/2006, 23:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:41] - Checking for HKLM\...\Winlogon\Notify\hakjphh
[10/16/2006, 23:37:41] - Key not found: HKLM\...\Winlogon\Notify\hakjphh, continuing.
[10/16/2006, 23:37:41] - BHO 2: {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} ()
[10/16/2006, 23:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:41] - Checking for HKLM\...\Winlogon\Notify\mmzarpe
[10/16/2006, 23:37:41] - Key not found: HKLM\...\Winlogon\Notify\mmzarpe, continuing.
[10/16/2006, 23:37:41] - BHO 3: {61D75B23-E2A5-0727-63D8-044BE1E59EC8} ()
[10/16/2006, 23:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:41] - Checking for HKLM\...\Winlogon\Notify\acrbwi
[10/16/2006, 23:37:41] - Key not found: HKLM\...\Winlogon\Notify\acrbwi, continuing.
[10/16/2006, 23:37:41] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2006, 23:37:41] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/16/2006, 23:37:41] - BHO 6: {E82F81BA-9658-48D2-BD52-A7D71D536D6A} ()
[10/16/2006, 23:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:41] - Checking for HKLM\...\Winlogon\Notify\sstqp
[10/16/2006, 23:37:41] - Found: HKLM\...\Winlogon\Notify\sstqp - This is probably Virtumundo.
[10/16/2006, 23:37:41] - Assigning {E82F81BA-9658-48D2-BD52-A7D71D536D6A} MSEvents Object
[10/16/2006, 23:37:41] - BHO list has been changed! Starting over...
[10/16/2006, 23:37:41] - BHO 1: {0919B190-1F20-9526-3A9E-0AE7C5238F88} ()
[10/16/2006, 23:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:41] - Checking for HKLM\...\Winlogon\Notify\hakjphh
[10/16/2006, 23:37:41] - Key not found: HKLM\...\Winlogon\Notify\hakjphh, continuing.
[10/16/2006, 23:37:41] - BHO 2: {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} ()
[10/16/2006, 23:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:41] - Checking for HKLM\...\Winlogon\Notify\mmzarpe
[10/16/2006, 23:37:41] - Key not found: HKLM\...\Winlogon\Notify\mmzarpe, continuing.
[10/16/2006, 23:37:41] - BHO 3: {61D75B23-E2A5-0727-63D8-044BE1E59EC8} ()
[10/16/2006, 23:37:41] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:41] - Checking for HKLM\...\Winlogon\Notify\acrbwi
[10/16/2006, 23:37:41] - Key not found: HKLM\...\Winlogon\Notify\acrbwi, continuing.
[10/16/2006, 23:37:41] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2006, 23:37:41] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/16/2006, 23:37:41] - BHO 6: {E82F81BA-9658-48D2-BD52-A7D71D536D6A} (MSEvents Object)
[10/16/2006, 23:37:41] - ALERT: Found MSEvents Object!
[10/16/2006, 23:37:41] - Finished Searching Browser Helper Objects
[10/16/2006, 23:37:41] - *** Detected MSEvents Object
[10/16/2006, 23:37:41] - Trying to remove MSEvents Object...
[10/16/2006, 23:37:42] - Terminating Process: IEXPLORE.EXE
[10/16/2006, 23:37:42] - Terminating Process: RUNDLL32.EXE
[10/16/2006, 23:37:43] - Disabling Automatic Shell Restart
[10/16/2006, 23:37:43] - Terminating Process: EXPLORER.EXE
[10/16/2006, 23:37:43] - Suspending the NT Session Manager System Service
[10/16/2006, 23:37:43] - Terminating Windows NT Logon/Logoff Manager
[10/16/2006, 23:37:44] - Re-enabling Automatic Shell Restart
[10/16/2006, 23:37:44] - File to disable: C:\WINDOWS\system32\sstqp.dll
[10/16/2006, 23:37:44] - Removing HKLM\...\Browser Helper Objects\{E82F81BA-9658-48D2-BD52-A7D71D536D6A}
[10/16/2006, 23:37:44] - Removing HKCR\CLSID\{E82F81BA-9658-48D2-BD52-A7D71D536D6A}
[10/16/2006, 23:37:44] - Adding Kill Bit for ActiveX for GUID: {E82F81BA-9658-48D2-BD52-A7D71D536D6A}
[10/16/2006, 23:37:44] - Deleting ATLEvents/MSEvents Registry entries
[10/16/2006, 23:37:44] - Removing HKLM\...\Winlogon\Notify\sstqp
[10/16/2006, 23:37:44] - Searching for Browser Helper Objects:
[10/16/2006, 23:37:44] - BHO 1: {0919B190-1F20-9526-3A9E-0AE7C5238F88} ()
[10/16/2006, 23:37:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:44] - Checking for HKLM\...\Winlogon\Notify\hakjphh
[10/16/2006, 23:37:44] - Key not found: HKLM\...\Winlogon\Notify\hakjphh, continuing.
[10/16/2006, 23:37:44] - BHO 2: {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} ()
[10/16/2006, 23:37:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:44] - Checking for HKLM\...\Winlogon\Notify\mmzarpe
[10/16/2006, 23:37:44] - Key not found: HKLM\...\Winlogon\Notify\mmzarpe, continuing.
[10/16/2006, 23:37:44] - BHO 3: {61D75B23-E2A5-0727-63D8-044BE1E59EC8} ()
[10/16/2006, 23:37:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2006, 23:37:44] - Checking for HKLM\...\Winlogon\Notify\acrbwi
[10/16/2006, 23:37:44] - Key not found: HKLM\...\Winlogon\Notify\acrbwi, continuing.
[10/16/2006, 23:37:44] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2006, 23:37:44] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/16/2006, 23:37:44] - Finished Searching Browser Helper Objects
[10/16/2006, 23:37:44] - Finishing up...
[10/16/2006, 23:37:44] - A restart is needed.
[10/16/2006, 23:38:02] - Attempting to Restart via STOP error (Blue Screen!)
that is what i got from Vitrumondebegone
  • 0

#4
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Open HiJack This and scan. When it finishes, put an X in the box next to these following item(s)

O2 - BHO: (no name) - {0919B190-1F20-9526-3A9E-0AE7C5238F88} - C:\WINDOWS\system32\hakjphh.dll (file missing)
O2 - BHO: (no name) - {2B5E25BC-C1B2-92D8-02F0-081D435BC4F0} - C:\WINDOWS\system32\mmzarpe.dll (file missing)
O2 - BHO: (no name) - {61D75B23-E2A5-0727-63D8-044BE1E59EC8} - C:\WINDOWS\system32\acrbwi.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


Close all open windows except for HiJack This and click fix checked.


Please post a new HiJack This log.

-Ryan
  • 0

#5
LostMan15

LostMan15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:29:34 AM, on 10/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Manuel Llangari.MANUEL\Local Settings\Temporary Internet Files\Content.IE5\8X6Z89A7\VundoFix[1].exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Manuel.MANUEL\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_2.3.1.99.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159585448375
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Advances.Com WinShark (WinShark) - Unknown owner - c:\program files\advances.com\winshark\WinShark.exe (file missing)

new reply
  • 0

#6
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please go HERE to run Panda's ActiveScan. You will need to use Internet Explorer to run it.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the ActiveScan report

-Ryan
  • 0

#7
LostMan15

LostMan15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Incident Status Location

Adware:adware/ist.istbar Not disinfected Windows Registry
Potentially unwanted tool:application/zango Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{99410cde-6f16-42ce-9d49-3807f78f0287}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Cookies\manuel [email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Manuel Llangari.MANUEL\Local Settings\Temp\nsm21B.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst2E7.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst303.tmp
Adware:Adware/Adservice Not disinfected C:\WINDOWS\Temp\mst30F.tmp
this is what i got from from the scan, is there anything serious here?i don't like da potential tools,so how cna i get rid of that?
  • 0

#8
LostMan15

LostMan15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ist.istbar
this is my only problem now,can someone please help me get rid of this?
  • 0

#9
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
I would like to see an Uninstall list.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)

-Ryan
  • 0

#10
LostMan15

LostMan15

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
µTorrent
AC3Filter (remove only)
Acoustica MP3 To Wave Converter PLUS
Ad-Aware SE Personal
Adobe Acrobat 6.0 Professional
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop CS
Adobe Reader 7.0.8
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.0
Agere Systems PCI Soft Modem
America's Army
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
AV Voice Changer Software 4.0
AV Voice Changer Software DIAMOND 4.0
AVG Free Edition
BitTornado 0.3.15
Cypress USB Mass Storage Driver Installation
DivX
DivX Player
DivX Web Player
Enhanced Multimedia Keyboard Solution
GdiplusUpgrade
High Definition Audio Driver Package - KB835221
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
HP Software Update
IGN Download Manager 2.2.2
Intel® Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 6
LimeWire PRO 4.9.28
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
MAIET entertainment - Gunz
Mario Forever 3.5
Mario Forever Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Office 2003 Web Components
Microsoft Office FrontPage 2003
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 6.0 Introductory Edition
Microsoft® Winter Fun Pack 2004 for Windows® XP
Motorola Phone Tools
MSXML 4.0 SP2 (KB925672)
Panda ActiveScan
PowerDVD
PS2
Pure Networks Port Magic
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Roxio Easy Media Creator 7
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Spy Sweeper
TeamSpeak 2 RC2
uCertify M70-176: Visual Basic 6.0 Desktop PrepKit
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
USB Storage Adapter FX (SM1)
VideoLAN VLC media player 0.8.5
Viewpoint Media Player
Virtual DJ - Atomix Productions
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885295
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
ZoneAlarm
  • 0

#11
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


Next, download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
-Ryan
  • 0

#12
Ryan

Ryan

    Member 4k

  • Member
  • PipPipPipPipPipPipPip
  • 4,867 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP