Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer boots up slowly

Started by Steve Soleimani , Nov 01 2006 08:17 PM

  • This topic is locked This topic is locked

#1
Steve Soleimani
Posted 01 November 2006 - 08:17 PM

Steve Soleimani

    Member

  • Member
  • PipPipPip
  • 272 posts
Items in MSCONFIG - Startup tab:

Checked:
avgcc
WMCCFG
zlclient
qttask
iTunes Helper
blank
aim
ctfmon
Google ToolbarNotifier
Microsoft Office
Run Google Webaccelerator
check-ip-changed

Unchecked:
apdproxy
aim
AnyDVD
APVXDWIN
BearShare
ccApp
CloneCDTray
EDICT
EDICT
fdm
InCD
ItunesHelper
NeroCheck
blank
qttask
Incio
ibm00001
Steam
realsched
WMCCFG
Spy Sweeper Fix
WinZip Quick Pick
Spy Sweeper Fix

Can you tell me whats nessesary and whats not.



Logfile of HijackThis v1.99.1
Scan saved at 9:15:29 PM, on 11/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\windows\system32\eimcljhn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: check-ip-changed.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144367547234
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...s/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Thank you
  • 0

Advertisements

#2
Linkmaster
Posted 05 November 2006 - 03:29 PM

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Hi Steve Soleimani, Welcome to GTG !!
Sorry for the delay in reviewing your post

You may wish to print out a copy of these instructions to follow while you complete this procedure

We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
Open Windows Defender.
Click on Tools, General Settings
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender
After all of the fixes are complete, it is very important that you enable Real-time Protection again

I need you to download some programs to aide in our fix :Do Not Run Them Yet

Download VundoFix.exe© by Atribune to your desktop.

Download ATF (Atribune Temp File) Cleaner© by Atribune

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.

Firefox :
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Run VundoFix
Double-click VundoFix.exe
Click the Scan for Vundo button.
When it finishes scanning, click the Remove Vundo button
You will receive a prompt asking if you want to "remove the files", click YES
Once you click yes, your desktop will go blank as it starts removing Vundo
When completed, it will prompt that it will reboot your computer, click OK
The .txt file will be in C:\Vundofix.txt

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot

Post a fresh HijackThis log and the vundofix.txt file here
  • 0

#3
Steve Soleimani
Posted 05 November 2006 - 05:20 PM

Steve Soleimani

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
VundoFix V6.1.6 did'nt find anything so here is a HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 6:19:51 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\windows\system32\eimcljhn.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: check-ip-changed.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144367547234
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...s/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#4
Linkmaster
Posted 05 November 2006 - 06:47 PM

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Download and Install AVG Anti-Spyware© by Grisoft

Launch AVG Anti-Spyware, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update AVG Anti-Spyware to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close AVG Anti-Spyware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run HijackThis
Scan and when it finishes, put a check mark only next to these following items : (if present)

O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\windows\system32\eimcljhn.dll (file missing)

Close all browsers and any open Windows, making sure that only HijackThis is open
Click Fix Checked
Close HijackThis

Run AVG Anti-Spyware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware

Reboot to Normal Mode

Post a fresh HijackThis log]/b] and the [b]AVG Anti-Spyware log here
  • 0

#5
Steve Soleimani
Posted 05 November 2006 - 09:58 PM

Steve Soleimani

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:51:37 PM 11/5/2006

+ Scan result:



C:\!KillBox\nfamvklb.exe -> Adware.Searchcolor : Cleaned.
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP661\A0109524.exe -> Adware.Searchcolor : Cleaned.
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP645\A0107886.dll -> Adware.Searchcolours : Cleaned.
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP655\A0109385.dll -> Adware.Virtumionde : Cleaned.
C:\!KillBox\npclntax.dll -> Adware.Zango : Cleaned.
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP662\A0109550.dll -> Adware.Zango : Cleaned.
C:\Program Files\Cain\Abel.dll -> Not-A-Virus.PSWTool.Win32.Cain.284 : Cleaned.
C:\Program Files\Cain\Abel.exe -> Not-A-Virus.PSWTool.Win32.Cain.284 : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.11:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Advertising : Error during cleaning.
:mozilla.16:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.
:mozilla.135:C:\Documents and Settings\Owner\Application Data\Flock\Browser\Profiles\xdlsm0gw.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.14:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.
:mozilla.12:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.13:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.17:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.18:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.19:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.20:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.30:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.48:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.49:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.50:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.51:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.
:mozilla.339:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\n9yhx1z7.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tracking101 : Error during cleaning.
:mozilla.10:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 10:58:33 PM, on 11/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Startup: check-ip-changed.bat
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144367547234
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...s/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#6
Linkmaster
Posted 06 November 2006 - 07:04 AM

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Your log seems to be OK !!

These are optional removals from startup :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

They do no harm but can be removed from startup !

Just one more thing :
**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

How is your system running now ??

Here are a few tools that I recommend for protecting your system and reduce the risk of infection again !!

Real Time Prevention
SpywareBlaster© by Javacool Software

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

File Cleaners (temp, prefetch, cookie, etc)
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

Spyware Scanners:
Ad-aware SE© by Lavasoft : Provides protection and removal of trojans, dialers, malware, browser hijackers, and tracking components
Spybot - Search & Destroy© by Safer Networking : Detects and removes spyware of different kinds from your computer

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Free Personal Firewalls :
ZoneAlarm Firewall© by Zone Labs
Sunbelt Kerio Personal Firewall© by Sunbelt
Outpost Firewall Free© by Agnitum Ltd
Jetico Personal Firewall© by Jetico, Inc.

Install Java :
Java Runtime Environment© Sun Microsystems. It's much more secure than Microsoft's Java Virtual Machine

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Do you have any questions??
  • 0

#7
Steve Soleimani
Posted 06 November 2006 - 02:26 PM

Steve Soleimani

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts

Your log seems to be OK !!

These are optional removals from startup :

O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

They do no harm but can be removed from startup !


Just one more thing :
**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot





First quote - should I remove them in HJT or MSCONFIG?

Second Quote - what is the purpose of this?



Thank you
  • 0

#8
Linkmaster
Posted 06 November 2006 - 04:20 PM

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
First Quote : removing them in HijackThis will remove them from Msconfig

Second Quote : it will clear your restore points so as to make sure there are no infected files to be restored
  • 0

#9
Steve Soleimani
Posted 08 November 2006 - 09:52 PM

Steve Soleimani

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
Argggg, my Internet (Firefox) started becoming slow, I tired ATF Cleaner, SpyBot S&D, and AVG both dectected some type of Maleware. Ad-Aware will not update for some reason keeps on giving me a connection error, even though there is nothing wrong with my Internet.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:20:19 PM 11/8/2006

+ Scan result:



:mozilla.11:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Advertising : Error during cleaning.

:mozilla.16:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Atdmt : Error during cleaning.

:mozilla.14:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Doubleclick : Error during cleaning.

:mozilla.12:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.

:mozilla.13:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.

:mozilla.17:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.

:mozilla.18:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.

:mozilla.19:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.

:mozilla.20:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.

:mozilla.30:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Fastclick : Error during cleaning.

:mozilla.47:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.

:mozilla.48:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.

:mozilla.49:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.

:mozilla.50:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.

:mozilla.51:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tacoda : Error during cleaning.

:mozilla.33:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Tracking101 : Error during cleaning.

:mozilla.10:C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt -> TrackingCookie.Yieldmanager : Error during cleaning.


::Report end

7 objects found (17 traces) - all error while deleting - all medium risk



Logfile of HijackThis v1.99.1
Scan saved at 10:49:10 PM, on 11/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144367547234
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...s/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




My computer would also freeze for like 5 sec, come back to normal state, and keep on repeating...so annoying, I cant get anything done.
  • 0

#10
Linkmaster
Posted 09 November 2006 - 05:57 AM

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Your log seems to be OK

The errored files are cookies. AVG can't get to them in the LimeWire folder. They are coming from the portableFirefox. You can delete the cookie.txt file and see if that gets rid of them.

Open Windows Explorer, locate and Delete the following folders or files in RED : (if present)

C:\Documents and Settings\Owner\Desktop\LimeWire\stuff\Portable Apps\yourwar_usb_setup.rar/yourwar_usb_setup\PortableFirefox\Data\profile\cookies.txt

Empty your Recycle Bin

The connection error from AdawareSE may be caused by a setting in ZoneAlarm or the site itself.

Lets run one more scan to see if anything is hiding :

Download and Extract ComboFix to your Desktop
Double click combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Read the Disclaimer and make sure you have closed ALL open Windows, other than ComboFix, then hit Y to continue
You may receive the following message : Follow its instructions then let me know you got it

COMSPEC ERROR !!!

THE ABOVE ENVIRONMENT VARIABLE WAS FOUND TO BE CORRUPT.

ComboFix has attempted repair & will need to be restarted.
Please run ComboFix again & inform the person helping you
Press any key to exit
When finished, it will produce a log for you

Post a fresh HijackThis log and the ComboFix log here
  • 0

Advertisements

#11
Steve Soleimani
Posted 10 November 2006 - 10:04 AM

Steve Soleimani

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
Owner - 06-11-10 11:00:17.85 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Owner\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-10 to 2006-11-10 ))))))))))))))))))))))))))))))))))


2006-11-05 20:02 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-12 14:52 561,179 --a------ C:\WINDOWS\system32\dao360.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-10 10:52 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-09 22:26 1163 --a------ C:\Documents and Settings\Owner\Application Data\.googlewebacchosts
2006-11-08 22:48 -------- d-------- C:\Program Files\Hijackthis
2006-11-08 22:00 -------- d-------- C:\Program Files\BitTorrent
2006-11-08 22:00 -------- d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2006-11-08 18:32 -------- d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2006-11-08 16:49 -------- d-------- C:\Documents and Settings\Owner\Application Data\Lavasoft
2006-11-07 19:34 11 --a------ C:\Program Files\TechMan1000.stats
2006-11-06 23:22 -------- d-------- C:\Program Files\iTunes
2006-11-06 23:22 -------- d-------- C:\Program Files\iPod
2006-11-06 23:19 -------- d-------- C:\Program Files\QuickTime
2006-11-06 15:28 -------- d-------- C:\Program Files\Java
2006-11-05 20:02 -------- d-------- C:\Program Files\Grisoft
2006-10-31 22:36 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-31 15:50 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 22:06 -------- d-------- C:\Program Files\AIOv2 ProgramFiles
2006-10-27 21:59 -------- d-------- C:\Program Files\Xplorer 360
2006-10-27 13:48 -------- d-------- C:\Program Files\Microsoft Office
2006-10-27 13:46 -------- d-------- C:\Program Files\Microsoft Visual Studio 8
2006-10-27 13:43 -------- d-------- C:\Program Files\Common Files\System
2006-10-27 13:39 -------- d-------- C:\Program Files\Microsoft ActiveSync
2006-10-17 18:21 -------- d-------- C:\Program Files\Apple Software Update
2006-10-15 10:18 -------- d-------- C:\Documents and Settings\Owner\Application Data\Purple Ghost Software, Inc
2006-10-13 14:41 -------- d-------- C:\Program Files\Opera
2006-10-12 14:52 -------- d-------- C:\Program Files\Query Spree
2006-10-11 14:14 -------- d-------- C:\Program Files\MSXML 4.0
2006-10-08 22:03 -------- d-------- C:\Documents and Settings\Owner\Application Data\Avant Profiles
2006-10-08 21:59 -------- d-------- C:\Documents and Settings\Owner\Application Data\Opera
2006-10-08 21:44 -------- d-------- C:\Program Files\Cain
2006-10-07 22:42 -------- d-------- C:\Program Files\Vodei
2006-10-04 17:46 -------- d-------- C:\Program Files\WinZip
2006-10-04 17:46 -------- d-------- C:\Program Files\WinRAR
2006-10-04 17:46 -------- d-------- C:\Program Files\Windows Defender
2006-10-04 17:35 -------- d-------- C:\Program Files\Google
2006-10-04 17:32 -------- d-------- C:\Program Files\AIM
2006-10-02 10:03 -------- d-------- C:\Program Files\Common Files
2006-09-30 18:25 -------- d-------- C:\Program Files\Common Files\Real
2006-09-30 18:25 -------- d-------- C:\Documents and Settings\Owner\Application Data\Real
2006-09-29 14:05 -------- d-------- C:\Documents and Settings\Owner\Application Data\Morpheus
2006-09-28 20:09 -------- d-------- C:\Program Files\Zone Labs
2006-09-28 20:07 -------- d-------- C:\Program Files\WinPcap
2006-09-26 21:11 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-25 20:03 -------- d-------- C:\Program Files\Windows Media Player
2006-09-19 15:44 15664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-09-18 14:15 22768 --a------ C:\WINDOWS\system32\drivers\usbsermpt.sys
2006-09-17 20:10 -------- d-------- C:\Program Files\Flock
2006-09-17 20:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\Flock
2006-09-17 12:05 -------- d-------- C:\Program Files\Motorola Phone Tools
2006-09-16 14:14 -------- d-------- C:\Program Files\Motorola
2006-09-15 16:36 -------- d-------- C:\Program Files\AnMing
2006-09-13 15:38 -------- d-------- C:\Program Files\Windows Media Connect 2
2006-09-13 14:53 -------- d-------- C:\Program Files\Avanquest update
2006-09-13 14:45 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-12 21:18 -------- d-------- C:\Program Files\Common Files\Motorola Shared
2006-09-12 20:35 -------- d-------- C:\Program Files\CyberLink
2006-09-12 16:51 1245184 --a------ C:\WINDOWS\system32\msxml4.dll
2006-09-03 22:28 28672 --a------ C:\WINDOWS\gscr.dll
2006-09-03 22:28 1237343 --a------ C:\WINDOWS\lamborghini.exe
2006-09-03 22:28 120908 --a------ C:\WINDOWS\lamborghini.scr
2006-08-25 10:45 617472 --a------ C:\WINDOWS\system32\comctl32.dll
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 06:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-08-12 13:36 940 --a------ C:\Documents and Settings\Owner\Application Data\AdobeDLM.log
2006-08-12 13:36 0 --a------ C:\Documents and Settings\Owner\Application Data\dm.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.0.720.3640\\GoogleToolbarNotifier.exe"
"BitTorrent"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\\windows\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\windows\\system32\\hkcmd.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"PinnacleDriverCheck"="C:\\windows\\system32\\PSDrvCheck.exe -CheckReg"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableTaskMgr"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~3\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spy Sweeper Fix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Spy Sweeper Fix.lnk"
"backup"="C:\\windows\\pss\\Spy Sweeper Fix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperFix.bat "
"item"="Spy Sweeper Fix"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\WinZip Quick Pick.lnk"
"backup"="C:\\windows\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^check-ip-changed.bat]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\check-ip-changed.bat"
"backup"="C:\\WINDOWS\\pss\\check-ip-changed.batStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\check-ip-changed.bat"
"item"="check-ip-changed"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Spy Sweeper Fix.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Spy Sweeper Fix.lnk"
"backup"="C:\\windows\\pss\\Spy Sweeper Fix.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperFix.bat "
"item"="Spy Sweeper Fix"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="apdproxy"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\AnyDVD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AnyDVD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\APVXDWIN]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APVXDWIN"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\APVXDWIN.EXE\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ccApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ccApp"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\E06AXLRD_11163171]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Encarta\\Encarta Premium DVD 2006\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\E06AXLRD_70333890]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EDICT"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Microsoft Encarta\\Encarta Premium DVD 2006\\EDICT.EXE\" -m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"command"="C:\\Program Files\\Free Download Manager\\fdm.exe -autorun"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NWEReboot]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SCANINICIO]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Inicio"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\Inicio.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Shell]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ibm00001"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Common Files\\Microsoft Shared\\Web Folders\\ibm00001.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Steam"
"hkey"="HKCU"
"command"="C:\\Valve\\Steam\\Steam.exe -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Windows Media Connect 2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WMCCFG"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Zone Labs Client]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zlclient"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job

Completion time: Fri 11/10/2006 11:01:44.76
ComboFix.txt
ComboFix2.txt




Logfile of HijackThis v1.99.1
Scan saved at 11:03:58 AM, on 11/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\windows\system32\hkcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save Flash By FlashFavorite - res://C:\PROGRA~1\FLASHF~1\FFCom.dll/IeMenu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144367547234
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresp...s/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\windows\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\OpenSA\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#12
Linkmaster
Posted 10 November 2006 - 11:45 AM

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
This may be the cause if your problems:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
(DO NOT REMOVE IT YET)

It is associated with Google WebAccelerator

Go to Start, Control Panel, Add/Remove Programs and Uninstall the following : (if present)

Google WebAccelerator

Reboot and check your internet connection again !!

Let us know !
  • 0

#13
Steve Soleimani
Posted 10 November 2006 - 03:55 PM

Steve Soleimani

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
Well that actually helps. But I did the following on the last post, and deleted that portable firefox, and did a new scan in AVG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:51:34 PM 11/10/2006

+ Scan result:



C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP5\A0002952.ocx -> Downloader.IstBar : Cleaned.


::Report end

This is the second time "Downloader.IstBar" has been removed, so is it like re-placing itself?
  • 0

#14
Steve Soleimani
Posted 10 November 2006 - 09:00 PM

Steve Soleimani

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 272 posts
AHHH im lucky I got here. My computer is buggin, idk whats going on. Sometimes my comp is acting fine, and most of the time its retarded.

Windows Defender reported

BearShare (which I used but got rid of becuase of non virus problems)

WhenU.SaveNow

Both had errors while removing (even though I uninstalled BearShare)

BearShare:

Category:
Software Bundler

Description:
This program has potentially unwanted behavior.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
file:
C:\Documents and Settings\Owner\My Documents\Unzipped\BearShare PRO 5.2.4 FULL with Crack\BSP_v5.2.4.1\setup\BSPROINSTALL.exe->(WiseSfx)->(wise0013)

file:
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP3\A0002848.exe->(WiseSfx)->(wise0013)

View more information about this item online




WhenU.SaveNow:

Category:
Adware

Description:
This program has potentially unwanted behavior.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
file:
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP3\A0002848.exe->(WiseSfx)->(wise0016)

file:
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP3\A0002848.exe->(WiseSfx)->(wise0015)

file:
C:\Documents and Settings\Owner\My Documents\Unzipped\BearShare PRO 5.2.4 FULL with Crack\BSP_v5.2.4.1\setup\BSPROINSTALL.exe->(WiseSfx)->(wise0017)

file:
C:\Documents and Settings\Owner\My Documents\Unzipped\BearShare PRO 5.2.4 FULL with Crack\BSP_v5.2.4.1\setup\BSPROINSTALL.exe->(WiseSfx)->(wise0016)

file:
C:\Documents and Settings\Owner\My Documents\Unzipped\BearShare PRO 5.2.4 FULL with Crack\BSP_v5.2.4.1\setup\BSPROINSTALL.exe->(WiseSfx)->(wise0015)

file:
C:\System Volume Information\_restore{EA1801CE-47F1-4E55-BDCE-3E295088053C}\RP3\A0002848.exe->(WiseSfx)->(wise0017)

View more information about this item online

Edited by Steve Soleimani, 10 November 2006 - 09:01 PM.

  • 0

#15
Linkmaster
Posted 11 November 2006 - 09:38 AM

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Delete this file :

C:\Documents and Settings\Owner\My Documents\Unzipped\BearShare PRO 5.2.4 FULL with Crack

The entries are all pointing to that file !

Then :

**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP