Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Alcan worm


  • Please log in to reply

#1
SSchus87

SSchus87

    New Member

  • Member
  • Pip
  • 8 posts
I have already uninstall Limewire (which was continually rebooting itself), and I have also run the BFU using the Alcan Removal Script. I then ran HiJack This, and this is my log file. Please assist me in getting rid of this worm...

Thanks---Steve

HIJACK THIS LOG FILE:

Logfile of HijackThis v1.99.1
Scan saved at 10:27:20 AM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\America Online 9.0\waol.exe
C:\PROGRA~1\COMMON~1\ofqk\ofqkm.exe
C:\PROGRA~1\COMMON~1\ofqk\ofqka.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jacksonmls.fn...ragon/Login.asp?
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ofqk] C:\PROGRA~1\COMMON~1\ofqk\ofqkm.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk121JOUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi SSchus87

Welcome to GTG! :whistling:

* Download the free version of AVG Anti-Spyware 7.5 here.
  • Click on the "Download Now" button and save the setup file to your desktop.
  • Doubleclick on the avgas-setup file to begin the installation.
  • When the installation is complete, open AVG Anti-Spyware and update the definition files.
  • On the main screen click on the "Update now" link and the update should begin immediately.
    • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
  • If you cannot download the updates, update manuallly according to the directions here.
  • If you do the manual update, look under "Full database" and click the "Download now" button.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run AVG Anti-Spyware:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • It will then begin the scanning process, be patient it may take a while for the scan to complete.
  • When the scan is complete, you must select an action.
  • Select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen
  • Save the report as a text file and save it to your desktop.
  • Close AVG Anti-Spyware.
* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the AVG Anti-Spyware scan.
  • 0

#3
SSchus87

SSchus87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for the advice. I did as requested and these are the results:

HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 2:48:19 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jacksonmls.fn...ragon/Login.asp?
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [ofqk] C:\PROGRA~1\COMMON~1\ofqk\ofqkm.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk121JOUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe


AVG LOG:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:41:58 PM 11/18/2006

+ Scan result:



C:\Program Files\Common Files\{90F544D5-0AF6-1033-0725-050422050001}\Update.exe -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\{90F544D5-0AF6-1033-0725-050422050001}\system.dll -> Adware.Softomate : Cleaned.
C:\Program Files\Common Files\ofqk\ofqkd\ofqkc.dll -> Adware.TargetServer : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP70\A0005332.exe -> Adware.Trymedia : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP80\A0007981.exe -> Backdoor.IRCBot.dd : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP80\A0007982.exe -> Backdoor.IRCBot.dd : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP80\A0007988.exe -> Backdoor.IRCBot.dd : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP80\A0007989.exe -> Backdoor.IRCBot.dd : Cleaned.
C:\Program Files\Common Files\ofqk\ofqkp.exe -> Downloader.TSUpdate.f : Cleaned.
C:\Program Files\Common Files\ofqk\ofqkd\vocabulary -> Downloader.TSUpdate.j : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP80\A0007992.exe -> Downloader.TSUpdate.l : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP80\A0007991.exe -> Downloader.TSUpdate.n : Cleaned.
C:\Program Files\Common Files\ofqk\ofqkl.exe -> Downloader.TSUpdate.r : Cleaned.
C:\WINDOWS\system32\dr.exe -> Downloader.VB.aqb : Cleaned.
:mozilla.134:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.135:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.136:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.137:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.138:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.139:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.140:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.141:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.11:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.12:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.146:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.147:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.25:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.26:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.28:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.29:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.30:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.112:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.113:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.114:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.115:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.116:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.182:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.183:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.78:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.79:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.80:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.81:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.123:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.24:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.148:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.150:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.151:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.152:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.106:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.107:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.108:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.111:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.105:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.129:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.210:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.211:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.212:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.56:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.57:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.58:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.60:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.61:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.62:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.70:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.155:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.156:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.157:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.38:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.100:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.101:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.99:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.149:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.222:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.223:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.224:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.225:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.226:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.227:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.228:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.229:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.145:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.63:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.64:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.65:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.66:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.31:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.32:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.33:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.34:C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\tvztsulc.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Steve\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{012919D7-B204-4F49-8709-0B42F1671B9E}\RP80\A0007990.exe -> Worm.VB.an : Cleaned.


::Report end

Thanks again for your help. Fortunately, at this point, my ALT+CTRL+DEL is working again. I hope all is well...

Thanks---Steve
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe

O4 - HKCU\..\Run: [ofqk] C:\PROGRA~1\COMMON~1\ofqk\ofqkm.exe



* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste the following line:

    C:\Program Files\Common Files\ofqk

  • Click on the button that has the red circle with the X in the middle.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan


* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
  • 0

#5
SSchus87

SSchus87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks again for the advice. The HIJACK THIS and ActiveScan logs follow:

HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 4:29:14 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jacksonmls.fn...ragon/Login.asp?
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk121JOUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

ActiveScan:


Incident Status Location

Adware:adware/sqwire Not disinfected c:\windows\system32\tsuninst.exe
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search\
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Steve\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Steve\Cookies\[email protected][2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Steve\Cookies\[email protected][2].txt
Possible Virus. Not disinfected C:\Documents and Settings\Steve\setup9X.exe
Potentially unwanted tool:Application/PsKill.N Not disinfected C:\WINDOWS\system32\install.exe[\DetectionProcessus.dll]
Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\system32\install.exe[++\{}\Update.exe]
Adware:Adware/ActiveSearch Not disinfected C:\WINDOWS\system32\install.exe[++\{}\system.dll]
Possible Virus. Not disinfected C:\WINDOWS\system32\setup9X.exe
Thanks again---STeve
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Please post this log as I have requested:

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.


  • 0

#7
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\windows\system32\tsuninst.exe

    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

    C:\WINDOWS\system32\install.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


Come back here and post a new Hijack This log and the Uninstall list and let me know how the pc is running.
  • 0

#8
SSchus87

SSchus87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here it is...thanks again!!!

AceFTP 3 Freeware
AceFTP 3 Pro
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Shockwave Player
Air Utility
ANIO Service
ANIWZCS Service
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Software Suite
Atomic Clock Sync
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
Bejeweled Deluxe 1.862
BitTorrent 5.0.1
CuteFTP 8 Professional
CuteHTML Pro 6
Easy Video Joiner 5.21
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.76 Full
Masque MultiPlay Video Poker
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
mkw Audio Compression Toolkit
Mozilla Firefox (1.5.0.8)
MSN Music Assistant
Nero 7 Demo
Panda ActiveScan
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Riva FLV Encoder 2.0
Riva Producer Lite
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Spybot - Search & Destroy 1.4
TargetSaver
Trader's Little Helper 1.1.1
Training Manager for Internet Explorer
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
WebEx
Wiagra Video Joiner 3
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
  • 0

#9
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Im reposting the last reply in case you missed it. Also go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player


* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.

  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\windows\system32\tsuninst.exe

    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

    C:\WINDOWS\system32\install.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]* Restart back into Windows normally now.


Come back here and post a new Hijack This log and the Uninstall list and let me know how the pc is running.


  • 0

#10
SSchus87

SSchus87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Super...thanks again for your time.

HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 5:05:38 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jacksonmls.fn...ragon/Login.asp?
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk121JOUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

UNINSTALL LOG:

AceFTP 3 Freeware
AceFTP 3 Pro
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Shockwave Player
Air Utility
ANIO Service
ANIWZCS Service
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Software Suite
Atomic Clock Sync
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
Bejeweled Deluxe 1.862
BitTorrent 5.0.1
CuteFTP 8 Professional
CuteHTML Pro 6
Easy Video Joiner 5.21
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.76 Full
Masque MultiPlay Video Poker
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
mkw Audio Compression Toolkit
Mozilla Firefox (1.5.0.8)
MSN Music Assistant
Nero 7 Demo
Panda ActiveScan
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Riva FLV Encoder 2.0
Riva Producer Lite
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Spybot - Search & Destroy 1.4
TargetSaver
Trader's Little Helper 1.1.1
Training Manager for Internet Explorer
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
WebEx
Wiagra Video Joiner 3
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver

Thanks again---Steve
  • 0

Advertisements


#11
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Did you do all this?

go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player



* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\windows\system32\tsuninst.exe

    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

    C:\WINDOWS\system32\install.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]* Restart back into Windows normally now.


Come back here and post a new Hijack This log and the Uninstall list and let me know how the pc is running.
[/quote]
  • 0

#12
SSchus87

SSchus87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
[quote name='Flrman1' date='Nov 18 2006, 05:18 PM' post='839476']
Did you do all this?

go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 6
Viewpoint Media Player



* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\windows\system32\tsuninst.exe



    No, I am an idiot...(that is how I got in this mess in the first place). I am doing it all now, and will post again in about 10 minutes...

    Thanks again---Steve

    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

    C:\WINDOWS\system32\install.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]* Restart back into Windows normally now.


Come back here and post a new Hijack This log and the Uninstall list and let me know how the pc is running.
[/quote]
[/quote]
  • 0

#13
SSchus87

SSchus87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Okay, files uninstalled, and Log Files follow...

Thanks again---Steve

HIJACK THIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 5:31:11 PM, on 11/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Steve\Desktop\HijackThis.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jacksonmls.fn...ragon/Login.asp?
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZNxmk121JOUS
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

UNINSTALL LIST:

AceFTP 3 Freeware
AceFTP 3 Pro
Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Shockwave Player
Air Utility
ANIO Service
ANIWZCS Service
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Deskbar
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
ArcSoft Software Suite
Atomic Clock Sync
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
Bejeweled Deluxe 1.862
BitTorrent 5.0.1
CuteFTP 8 Professional
CuteHTML Pro 6
Easy Video Joiner 5.21
HijackThis 1.99.1
J2SE Runtime Environment 5.0 Update 9
K-Lite Codec Pack 2.76 Full
Masque MultiPlay Video Poker
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
mkw Audio Compression Toolkit
Mozilla Firefox (1.5.0.8)
MSN Music Assistant
Nero 7 Demo
Panda ActiveScan
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
Riva FLV Encoder 2.0
Riva Producer Lite
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Spybot - Search & Destroy 1.4
TargetSaver
Trader's Little Helper 1.1.1
Training Manager for Internet Explorer
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
WebEx
Wiagra Video Joiner 3
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
  • 0

#14
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
How is everything now?
  • 0

#15
SSchus87

SSchus87

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything seems to be fine. I do not know how you know what you know, but you are simply amazing. I am gonna PayPal you a few bucks, if that is okay with you. I wish I could do more right now, but being a Realtor in Michigan is not a well paying job at the moment. Any possibility I could also put a link to your site on my sites? I usually have 10-15 sites running at any given moment, and would be happy to link to you. Please let me know if this is okay...

Thanks again for all of your help!!!

Thanks---Steve

OSU 35, Michigan 31
4th Quarter, 14:30 to go....

GO BLUE!!!!!!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP