Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijack this log

Started by Benlost , Nov 23 2006 12:16 PM

  • This topic is locked This topic is locked

#1
Benlost
Posted 23 November 2006 - 12:16 PM

Benlost

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 19:11, on 06-11-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\winsock32.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O1 - Hosts: 148.49.139.152 securityresponse.symantec.com
O1 - Hosts: 208.42.247.158 symantec.com
O1 - Hosts: 219.149.194.106 www.sophos.com
O1 - Hosts: 119.93.234.16 sophos.com
O1 - Hosts: 81.223.206.187 www.mcafee.com
O1 - Hosts: 108.206.249.186 mcafee.com
O1 - Hosts: 195.76.131.3 liveupdate.symantecliveupdate.com
O1 - Hosts: 9.65.234.34 www.viruslist.com
O1 - Hosts: 42.105.69.76 viruslist.com
O1 - Hosts: 241.234.56.122 viruslist.com
O1 - Hosts: 250.31.132.210 f-secure.com
O1 - Hosts: 206.193.49.71 www.f-secure.com
O1 - Hosts: 206.190.6.38 kaspersky.com
O1 - Hosts: 219.209.110.10 kaspersky-labs.com
O1 - Hosts: 82.36.250.224 www.avp.com
O1 - Hosts: 195.45.12.0 www.kaspersky.com
O1 - Hosts: 17.235.230.112 avp.com
O1 - Hosts: 204.95.61.113 www.networkassociates.com
O1 - Hosts: 4.176.222.102 networkassociates.com
O1 - Hosts: 212.1.173.17 www.ca.com
O1 - Hosts: 248.97.9.231 ca.com
O1 - Hosts: 158.201.177.102 mast.mcafee.com
O1 - Hosts: 197.36.126.27 my-etrust.com
O1 - Hosts: 110.192.70.210 www.my-etrust.com
O1 - Hosts: 79.70.107.179 download.mcafee.com
O1 - Hosts: 115.242.96.153 dispatch.mcafee.com
O1 - Hosts: 217.192.14.134 secure.nai.com
O1 - Hosts: 137.191.14.3 nai.com
O1 - Hosts: 49.199.250.178 www.nai.com
O1 - Hosts: 66.53.104.8 update.symantec.com
O1 - Hosts: 155.241.182.82 updates.symantec.com
O1 - Hosts: 192.245.211.145 us.mcafee.com
O1 - Hosts: 159.231.160.202 liveupdate.symantec.com
O1 - Hosts: 106.182.142.202 customer.symantec.com
O1 - Hosts: 20.39.40.24 rads.mcafee.com
O1 - Hosts: 221.73.19.245 trendmicro.com
O1 - Hosts: 140.82.212.186 www.trendmicro.com
O1 - Hosts: 194.182.72.102 www.grisoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {28E60A1D-C1C4-EC2B-3FC6-04735F834089} - C:\WINDOWS\system32\njrnbq.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [winsock32] winsock32
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe





Thanks
  • 0

Advertisements

#2
Crustyoldbloke
Posted 23 November 2006 - 12:38 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello Benlost and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! (Click the Options drop down near the upper right of the topic. Select Print this topic.)

You have quite a mixture of malware and Trojans. Let’s see what we can do.

You do not appear to have any antivirus programme running on your PC; we must correct that immediately.

Download:
AVG ANTIVIRUS FREE EDITION

Install AVG, update its virus definitions and perform a full system scan before proceeding any further.

Please download: Hoster

Please run Hoster (just double click it to open). Choose the Restore Original Hosts button and press OK.

Please download SDFix and save it to your Desktop.

Double click SDFix.exe and choose Install to extract it to its own folder on the Desktop. Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log

  • 0

#3
Benlost
Posted 23 November 2006 - 01:48 PM

Benlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
SDFix: Version 1.42
-------------------

Scan run on:
06-11-22

Time:
19:00

Microsoft Windows XP [Version 5.1.2600]

Running from: C:\DOCUME~1\INISSANT\Desktop\SDFix\SDFix

Stage One...

Checking Services...

Name:
-----

Path:
----


Repairing Registry...


Restoring Default Hosts File...

Stage One Complete

Rebooting...

Stage Two...

Checking For Malware:
--------------------

C:\WINDOWS\SRVHUN~1.EXE
C:\dbg.txt
C:\WINDOWS\system32\ipv6monl.dll
C:\WINDOWS\tcb.pmw
C:\WINDOWS\Uninst2.htm
C:\WINDOWS\Unist1.htm

Backing Up and Removing any Files Found...

Final Check:

Services:
---------


Files:
------


Backups folder is located here - C:\DOCUME~1\INISSANT\Desktop\SDFix\SDFix\backups\backups.zip

FINISHED







Logfile of HijackThis v1.99.1
Scan saved at 19:11, on 06-11-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\winsock32.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O1 - Hosts: 148.49.139.152 securityresponse.symantec.com
O1 - Hosts: 208.42.247.158 symantec.com
O1 - Hosts: 219.149.194.106 www.sophos.com
O1 - Hosts: 119.93.234.16 sophos.com
O1 - Hosts: 81.223.206.187 www.mcafee.com
O1 - Hosts: 108.206.249.186 mcafee.com
O1 - Hosts: 195.76.131.3 liveupdate.symantecliveupdate.com
O1 - Hosts: 9.65.234.34 www.viruslist.com
O1 - Hosts: 42.105.69.76 viruslist.com
O1 - Hosts: 241.234.56.122 viruslist.com
O1 - Hosts: 250.31.132.210 f-secure.com
O1 - Hosts: 206.193.49.71 www.f-secure.com
O1 - Hosts: 206.190.6.38 kaspersky.com
O1 - Hosts: 219.209.110.10 kaspersky-labs.com
O1 - Hosts: 82.36.250.224 www.avp.com
O1 - Hosts: 195.45.12.0 www.kaspersky.com
O1 - Hosts: 17.235.230.112 avp.com
O1 - Hosts: 204.95.61.113 www.networkassociates.com
O1 - Hosts: 4.176.222.102 networkassociates.com
O1 - Hosts: 212.1.173.17 www.ca.com
O1 - Hosts: 248.97.9.231 ca.com
O1 - Hosts: 158.201.177.102 mast.mcafee.com
O1 - Hosts: 197.36.126.27 my-etrust.com
O1 - Hosts: 110.192.70.210 www.my-etrust.com
O1 - Hosts: 79.70.107.179 download.mcafee.com
O1 - Hosts: 115.242.96.153 dispatch.mcafee.com
O1 - Hosts: 217.192.14.134 secure.nai.com
O1 - Hosts: 137.191.14.3 nai.com
O1 - Hosts: 49.199.250.178 www.nai.com
O1 - Hosts: 66.53.104.8 update.symantec.com
O1 - Hosts: 155.241.182.82 updates.symantec.com
O1 - Hosts: 192.245.211.145 us.mcafee.com
O1 - Hosts: 159.231.160.202 liveupdate.symantec.com
O1 - Hosts: 106.182.142.202 customer.symantec.com
O1 - Hosts: 20.39.40.24 rads.mcafee.com
O1 - Hosts: 221.73.19.245 trendmicro.com
O1 - Hosts: 140.82.212.186 www.trendmicro.com
O1 - Hosts: 194.182.72.102 www.grisoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {28E60A1D-C1C4-EC2B-3FC6-04735F834089} - C:\WINDOWS\system32\njrnbq.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [winsock32] winsock32
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe
  • 0

#4
Crustyoldbloke
Posted 23 November 2006 - 02:26 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

You appear to have posted the original HJT log dated yesterday @ 19:11

Please rescan and post the fresh one.

Thanks
  • 0

#5
Benlost
Posted 23 November 2006 - 05:39 PM

Benlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 17:35, on 06-11-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\winsock32.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\winsock32.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O1 - Hosts: 148.49.139.152 securityresponse.symantec.com
O1 - Hosts: 208.42.247.158 symantec.com
O1 - Hosts: 219.149.194.106 www.sophos.com
O1 - Hosts: 119.93.234.16 sophos.com
O1 - Hosts: 81.223.206.187 www.mcafee.com
O1 - Hosts: 108.206.249.186 mcafee.com
O1 - Hosts: 195.76.131.3 liveupdate.symantecliveupdate.com
O1 - Hosts: 9.65.234.34 www.viruslist.com
O1 - Hosts: 42.105.69.76 viruslist.com
O1 - Hosts: 241.234.56.122 viruslist.com
O1 - Hosts: 250.31.132.210 f-secure.com
O1 - Hosts: 206.193.49.71 www.f-secure.com
O1 - Hosts: 206.190.6.38 kaspersky.com
O1 - Hosts: 219.209.110.10 kaspersky-labs.com
O1 - Hosts: 82.36.250.224 www.avp.com
O1 - Hosts: 195.45.12.0 www.kaspersky.com
O1 - Hosts: 17.235.230.112 avp.com
O1 - Hosts: 204.95.61.113 www.networkassociates.com
O1 - Hosts: 4.176.222.102 networkassociates.com
O1 - Hosts: 212.1.173.17 www.ca.com
O1 - Hosts: 248.97.9.231 ca.com
O1 - Hosts: 158.201.177.102 mast.mcafee.com
O1 - Hosts: 197.36.126.27 my-etrust.com
O1 - Hosts: 110.192.70.210 www.my-etrust.com
O1 - Hosts: 79.70.107.179 download.mcafee.com
O1 - Hosts: 115.242.96.153 dispatch.mcafee.com
O1 - Hosts: 217.192.14.134 secure.nai.com
O1 - Hosts: 137.191.14.3 nai.com
O1 - Hosts: 49.199.250.178 www.nai.com
O1 - Hosts: 66.53.104.8 update.symantec.com
O1 - Hosts: 155.241.182.82 updates.symantec.com
O1 - Hosts: 192.245.211.145 us.mcafee.com
O1 - Hosts: 159.231.160.202 liveupdate.symantec.com
O1 - Hosts: 106.182.142.202 customer.symantec.com
O1 - Hosts: 20.39.40.24 rads.mcafee.com
O1 - Hosts: 221.73.19.245 trendmicro.com
O1 - Hosts: 140.82.212.186 www.trendmicro.com
O1 - Hosts: 194.182.72.102 www.grisoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {28E60A1D-C1C4-EC2B-3FC6-04735F834089} - C:\WINDOWS\system32\njrnbq.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [winsock32] winsock32
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe
  • 0

#6
Crustyoldbloke
Posted 24 November 2006 - 02:25 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Thank you for the log which is weird for two reasons. Your HOST files do not appear to have changed and AVG is not listed as a running process. I can only think of one scenario that fits to cause this which is not rebooting before producing the HJT log.

Please reboot and create a fresh HJT log, from normal mode, as this one may be very inaccurate.
  • 0

#7
Benlost
Posted 24 November 2006 - 10:39 AM

Benlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I avg free installed and i ran a safe mode scan just before i posted the hijack this log... the new hijack this log is from the recent reboot.

Note: The computer that i use to send and receive these messages is not the computer that is being evaluated.


Logfile of HijackThis v1.99.1
Scan saved at 10:35, on 06-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\winsock32.exe
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\winsock32.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\winsock32.exe
C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O1 - Hosts: 148.49.139.152 securityresponse.symantec.com
O1 - Hosts: 208.42.247.158 symantec.com
O1 - Hosts: 219.149.194.106 www.sophos.com
O1 - Hosts: 119.93.234.16 sophos.com
O1 - Hosts: 81.223.206.187 www.mcafee.com
O1 - Hosts: 108.206.249.186 mcafee.com
O1 - Hosts: 195.76.131.3 liveupdate.symantecliveupdate.com
O1 - Hosts: 9.65.234.34 www.viruslist.com
O1 - Hosts: 42.105.69.76 viruslist.com
O1 - Hosts: 241.234.56.122 viruslist.com
O1 - Hosts: 250.31.132.210 f-secure.com
O1 - Hosts: 206.193.49.71 www.f-secure.com
O1 - Hosts: 206.190.6.38 kaspersky.com
O1 - Hosts: 219.209.110.10 kaspersky-labs.com
O1 - Hosts: 82.36.250.224 www.avp.com
O1 - Hosts: 195.45.12.0 www.kaspersky.com
O1 - Hosts: 17.235.230.112 avp.com
O1 - Hosts: 204.95.61.113 www.networkassociates.com
O1 - Hosts: 4.176.222.102 networkassociates.com
O1 - Hosts: 212.1.173.17 www.ca.com
O1 - Hosts: 248.97.9.231 ca.com
O1 - Hosts: 158.201.177.102 mast.mcafee.com
O1 - Hosts: 197.36.126.27 my-etrust.com
O1 - Hosts: 110.192.70.210 www.my-etrust.com
O1 - Hosts: 79.70.107.179 download.mcafee.com
O1 - Hosts: 115.242.96.153 dispatch.mcafee.com
O1 - Hosts: 217.192.14.134 secure.nai.com
O1 - Hosts: 137.191.14.3 nai.com
O1 - Hosts: 49.199.250.178 www.nai.com
O1 - Hosts: 66.53.104.8 update.symantec.com
O1 - Hosts: 155.241.182.82 updates.symantec.com
O1 - Hosts: 192.245.211.145 us.mcafee.com
O1 - Hosts: 159.231.160.202 liveupdate.symantec.com
O1 - Hosts: 106.182.142.202 customer.symantec.com
O1 - Hosts: 20.39.40.24 rads.mcafee.com
O1 - Hosts: 221.73.19.245 trendmicro.com
O1 - Hosts: 140.82.212.186 www.trendmicro.com
O1 - Hosts: 194.182.72.102 www.grisoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {28E60A1D-C1C4-EC2B-3FC6-04735F834089} - C:\WINDOWS\system32\njrnbq.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [winsock32] winsock32
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe




thanks for the help!
  • 0

#8
Crustyoldbloke
Posted 24 November 2006 - 11:26 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

This is very very strange. Please check your account status. Go to the control panel and then User Accounts. Ensure your account has administrator's status.


To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

Killbox by Option^Explicit
CCleaner
AVG AntiSpyware
Hoster
combofix.exe

Go to Start > Run and type or copy & paste this into the Run box:

sc delete winsock32.exe

Hit ENTER

Please run Hoster (just double click it to open). Choose the Restore Original Hosts button and press OK.

Please install, and update AVG Anti Spyware
  • Load AVGas and then click the Update tab at the top. Under Manual Update click Start update.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Please select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
  • Select "Automatically generate report after every scan"
  • Deselect "Only if threats were found"
  • Close AVGas. Do not run it yet.
Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:

Safe Mode

  • In Safe Mode, load AVGas and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be patient.
  • AVGas will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVGas will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (I suggest the Desktop).
  • Please ensure you post that log in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R3 - URLSearchHook: (no name) - _{A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
R3 - URLSearchHook: (no name) - _{A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - (no file)
O2 - BHO: (no name) - {28E60A1D-C1C4-EC2B-3FC6-04735F834089} - C:\WINDOWS\system32\njrnbq.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [winsock32] winsock32
O4 - HKLM\..\RunServices: [winsock32] winsock32
O4 - HKCU\..\Run: [winsock32] winsock32
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O20 - Winlogon Notify: pmnno - C:\WINDOWS\system32\pmnno.dll (file missing)
O20 - Winlogon Notify: winjjq32 - winjjq32.dll (file missing)
O23 - Service: General Network Service - Unknown owner - c:\windows\winsocks32.exe (file missing)
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe

Now close all windows other than HiJackThis, then click Fix Checked. .

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Viewpoint (anything)

Please notify me of any other programmes that you don’t recognise in that list in your next response

Reboot normally

Please install Killbox by Option^Explicit.
  • Please double-click Killbox.exe to run it.
  • Select Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\winsock32.exe
C:\WINDOWS\system32\njrnbq.dll
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, and under the heading of Applications uncheck AVGas Anti-Spyware then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Double click combofix.exe & follow the prompts.

When it has finished, it will produce a log. Please post that log in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post back a fresh HijackThis log (from normal mode) and I will take another look.
  • 0

#9
Benlost
Posted 24 November 2006 - 03:59 PM

Benlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
combofix would not open after it said it would return in 10 seconds... it said it found surf-sidekick though! anywho here are the other reports you requested!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:57 06-11-24

+ Scan result:



C:\Documents and Settings\INISSANT\My Documents\Downloads\Setup.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002987.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Application Data\AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\WINDOWS\aff_0006.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002986.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002982.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002983.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\vkkvroij.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nsh25.dll -> Adware.EZula : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{746455FE-D059-47e7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2385742943-2972815155-1331220644-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{746455FE-D059-47E7-AF0E-140E03F5A447} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-2385742943-2972815155-1331220644-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002929.exe -> Adware.Maxifiles : Cleaned with backup (quarantined).
C:\WINDOWS\elitesix.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\em.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\motorsix.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\Documents and Settings\INISSANT\Desktop\SDFix\SDFix\backups\backups.zip/backups/srvhunwisy.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002989.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP12\A0004107.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\876056.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\MirarSetup_876057.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lvhpsmmm.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{50A5EF4B-0AE9-1033-0826-040305060001}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{50A5EF4B-0AE9-1033-0826-040305060001}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
HKU\S-1-5-21-2385742943-2972815155-1331220644-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA356D79-679B-4B4C-8E49-5AF97014F4C1} -> Adware.Starware : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gtool.dll -> Adware.TopInstalls : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\TIELT001.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001519.exe -> Downloader.Delf.aeu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002973.exe -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002974.dll -> Downloader.Small.dxm : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001521.exe -> Downloader.Zlob : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP7\A0001520.exe -> Downloader.Zlob.apx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP11\A0002934.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\poho.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\MSN\mefezo.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.10:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.346:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.347:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.348:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.401:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.402:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.403:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.33:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.34:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.389:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.390:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.391:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.392:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.338:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.339:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.10:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.11:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.21:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.22:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.23:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.24:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.25:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.
:mozilla.31:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.32:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.33:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.34:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.35:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.36:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.37:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.38:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.39:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.40:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.41:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.89:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.90:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.91:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.92:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.103:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.
:mozilla.49:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned.
:mozilla.25:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.26:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.27:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.137:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.138:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.139:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.447:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.448:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.24:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.25:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.26:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.27:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\r47pmxcv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.410:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.411:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.219:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.226:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.35:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.36:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.37:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.238:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.239:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.240:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.86:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.416:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.417:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.418:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.419:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.87:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.103:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.104:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.105:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.106:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.47:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.48:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\m43skz0o.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.279:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.280:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.281:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.282:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.283:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.28:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.29:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.30:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.31:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.294:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.295:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.296:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.297:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.298:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.372:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.301:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.302:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.303:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.304:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.305:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.306:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.307:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.308:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.309:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.310:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.311:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.312:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.351:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.352:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.353:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.354:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.355:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.356:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.357:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.358:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.340:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.341:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.342:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.343:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.344:C:\Documents and Settings\INISSANT\Application Data\Mozilla\Firefox\Profiles\72hsnad6.Default User\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\srvnzxbffo.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end





Logfile of HijackThis v1.99.1
Scan saved at 15:55, on 06-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 47.98.246.249 securityresponse.symantec.com
O1 - Hosts: 141.38.148.83 symantec.com
O1 - Hosts: 37.46.91.130 www.sophos.com
O1 - Hosts: 61.145.2.40 sophos.com
O1 - Hosts: 188.92.85.213 www.mcafee.com
O1 - Hosts: 104.50.226.68 mcafee.com
O1 - Hosts: 51.33.130.6 liveupdate.symantecliveupdate.com
O1 - Hosts: 60.122.245.142 www.viruslist.com
O1 - Hosts: 209.159.252.176 viruslist.com
O1 - Hosts: 1.23.170.121 viruslist.com
O1 - Hosts: 150.233.95.139 f-secure.com
O1 - Hosts: 18.14.35.104 www.f-secure.com
O1 - Hosts: 113.86.207.53 kaspersky.com
O1 - Hosts: 91.65.73.117 kaspersky-labs.com
O1 - Hosts: 8.153.33.217 www.avp.com
O1 - Hosts: 237.49.249.247 www.kaspersky.com
O1 - Hosts: 24.188.253.169 avp.com
O1 - Hosts: 38.148.182.95 www.networkassociates.com
O1 - Hosts: 93.218.170.154 networkassociates.com
O1 - Hosts: 213.199.242.101 www.ca.com
O1 - Hosts: 142.176.81.254 ca.com
O1 - Hosts: 143.249.96.135 mast.mcafee.com
O1 - Hosts: 227.2.225.106 my-etrust.com
O1 - Hosts: 116.67.223.83 www.my-etrust.com
O1 - Hosts: 53.66.130.227 download.mcafee.com
O1 - Hosts: 22.111.239.3 dispatch.mcafee.com
O1 - Hosts: 165.27.133.108 secure.nai.com
O1 - Hosts: 107.49.57.233 nai.com
O1 - Hosts: 89.190.4.80 www.nai.com
O1 - Hosts: 211.149.160.49 update.symantec.com
O1 - Hosts: 195.0.116.210 updates.symantec.com
O1 - Hosts: 37.78.240.230 us.mcafee.com
O1 - Hosts: 0.201.215.151 liveupdate.symantec.com
O1 - Hosts: 209.71.15.211 customer.symantec.com
O1 - Hosts: 62.94.129.243 rads.mcafee.com
O1 - Hosts: 157.146.193.48 trendmicro.com
O1 - Hosts: 186.101.90.120 www.trendmicro.com
O1 - Hosts: 216.31.7.155 www.grisoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [winsock32] winsock32
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe (file missing)




Thanks again for the help!
  • 0

#10
Crustyoldbloke
Posted 24 November 2006 - 07:59 PM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

I am having real problem attempting to understand why, you can delete a file for some entries but not other when the file is the same. This just doesn't make sense.

Please confirm that you and you alone have Administrator status.

There is a new Trojan downloader around that is replacing legitimate files with malware named exactly the same. This makes a visual inspection rather difficult as all appears to be OK. However the malware has a certain size and moves the legitimate files to a folder called bak. This tool will make a search of your PC for files of that exact size, and for any folders named bak

Please download: FindAWF

Save the tool to the desktop and run it. You will see a DOS screen throughout which will close and a file named awf.txt will open. Please post the awf.txt file in your reply.

Please note:-

If a DOS window does not stay open throughout the search (approx a minute) you need to change how the programme runs. Here’s how:
  • Locate the file
  • Right-click and select Properties
  • Select Compatibility and select Run this programme in compatibility mode for: Windows 98/Windows ME and click OK.
  • The tool should now work.
Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O1 - Hosts: 47.98.246.249 securityresponse.symantec.com
O1 - Hosts: 141.38.148.83 symantec.com
O1 - Hosts: 37.46.91.130 www.sophos.com
O1 - Hosts: 61.145.2.40 sophos.com
O1 - Hosts: 188.92.85.213 www.mcafee.com
O1 - Hosts: 104.50.226.68 mcafee.com
O1 - Hosts: 51.33.130.6 liveupdate.symantecliveupdate.com
O1 - Hosts: 60.122.245.142 www.viruslist.com
O1 - Hosts: 209.159.252.176 viruslist.com
O1 - Hosts: 1.23.170.121 viruslist.com
O1 - Hosts: 150.233.95.139 f-secure.com
O1 - Hosts: 18.14.35.104 www.f-secure.com
O1 - Hosts: 113.86.207.53 kaspersky.com
O1 - Hosts: 91.65.73.117 kaspersky-labs.com
O1 - Hosts: 8.153.33.217 www.avp.com
O1 - Hosts: 237.49.249.247 www.kaspersky.com
O1 - Hosts: 24.188.253.169 avp.com
O1 - Hosts: 38.148.182.95 www.networkassociates.com
O1 - Hosts: 93.218.170.154 networkassociates.com
O1 - Hosts: 213.199.242.101 www.ca.com
O1 - Hosts: 142.176.81.254 ca.com
O1 - Hosts: 143.249.96.135 mast.mcafee.com
O1 - Hosts: 227.2.225.106 my-etrust.com
O1 - Hosts: 116.67.223.83 www.my-etrust.com
O1 - Hosts: 53.66.130.227 download.mcafee.com
O1 - Hosts: 22.111.239.3 dispatch.mcafee.com
O1 - Hosts: 165.27.133.108 secure.nai.com
O1 - Hosts: 107.49.57.233 nai.com
O1 - Hosts: 89.190.4.80 www.nai.com
O1 - Hosts: 211.149.160.49 update.symantec.com
O1 - Hosts: 195.0.116.210 updates.symantec.com
O1 - Hosts: 37.78.240.230 us.mcafee.com
O1 - Hosts: 0.201.215.151 liveupdate.symantec.com
O1 - Hosts: 209.71.15.211 customer.symantec.com
O1 - Hosts: 62.94.129.243 rads.mcafee.com
O1 - Hosts: 157.146.193.48 trendmicro.com
O1 - Hosts: 186.101.90.120 www.trendmicro.com
O1 - Hosts: 216.31.7.155 www.grisoft.com
O4 - HKLM\..\RunServices: [winsock32] winsock32
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe (file missing)

Click on Fix Checked when finished and exit HijackThis

Using Windows Explorer, delete this file:

C:\WINDOWS\winsock32.exe

Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log, from normal mode, and I will take another look.
  • 0

Advertisements

#11
Benlost
Posted 24 November 2006 - 09:36 PM

Benlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hi and thanks again for helping! there was no winsock32.exe in explorer, so i could not perform the deletion. however here is the info you asked for!




Find AWF report by noahdfear ©2006


21504 byte files found
~~~~~~~~~~~~~



21504 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



25600 byte files found
~~~~~~~~~~~~~

25600 "C:\Program Files\Windows Media Player\wmpenc.exe"


25600 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



26450 byte files found
~~~~~~~~~~~~~



26450 byte files sorted with strings
~~~~~~~~~~~~~~~~~~~~~



bak folders found
~~~~~~~~~~~


Directory of C:\DOCUME~1\INISSANT\DESKTOP\INISSA~1\PICS&J~1\CHOPPER\NEWFOL~1\PLATINUM\BAK

03-10-28 15:31 0 makedir
1 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

0 Oct 28 2003 "C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\Pics&Junk\Chopper\New Folder\Platinum\bak\makedir"
0 Oct 28 2003 "C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\Pics&Junk\Chopper\New Folder\Platinum\tdf\makedir.dir"


end of report





Logfile of HijackThis v1.99.1
Scan saved at 21:34, on 06-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\msiexec.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe (file missing)
  • 0

#12
Crustyoldbloke
Posted 25 November 2006 - 04:09 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

I don’t think we are dealing with the dreaded AWF, and your log for some reason has cleaned up quite well, I hope this is reflected in the running of the PC.

Please try the ComboFix again and post the log.

Go to Start > Run and type or copy & paste this into the Run box:

sc delete winsock32.exe

Hit ENTER

Go to Start>Run and type Services.msc then hit OK
Scroll down and find this service:

winsock32 (winsock32.exe)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK.

Run HiJackThis. Click on None of the above, just start the program. Now, click on the Config button (bottom right), then click on Misc Tools, then click on Delete an NT Service a window will pop up. Enter this item into that field (copy and paste):

winsock32.exe

Click OK.

It should pull up information about the service, when it asks if you want to reboot now click YES

Rescan with HijackThis. Close all programmes leaving only HijackThis running. Place a checkmark or tick against the following:

O23 - Service: winsock32 (winsock32.exe) - Unknown owner - C:\WINDOWS\winsock32.exe (file missing)

Click on Fix Checked when finished and exit HijackThis.

Post back a fresh HijackThis log (from normal mode) and I will take another look.

How’s the PC running now?
  • 0

#13
Benlost
Posted 25 November 2006 - 09:08 AM

Benlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
the pc is running alot smoother, there are alot of icons that show the windows default icon logo though they still work. Combofix will not open after the 10 second wait.... so still no log.



Logfile of HijackThis v1.99.1
Scan saved at 09:00, on 06-11-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Documents and Settings\INISSANT\Desktop\INISSANT'S DESKTOP JUNK\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll
O4 - HKLM\..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Happytofind Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O16 - DPF: {D27CDB6E-AE6A-11CF-96B8-444553540000} - http://hometown.aol....age/ProfR1G.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar SG20 (LxrSG20s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSG20s.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  • 0

#14
Crustyoldbloke
Posted 25 November 2006 - 11:00 AM

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Well your HJT log is now clean, I will give you final instructions after this post. It might be an idea for you to either change icon for each affected shortcut on your desktop by right clicking on them and choosing properties>change icon, or simply delete it and make a new one from the Start>Program list by right clicking on the programme and choosing send to desktop (create shortcut).

Click start then run, type prefetch then press enter, click edit then select all, (all files will highlight), right click any file, click delete, confirm

Click start then all programmes, accessories, system tools to run disc clean up

Reboot

Click start then all programmes, accessories, system tools to run defragmenter

Download, install and run Tune Up 2006 Trial It is a 30-day free trial.

Run Tune Up disc clean up

Run Tune Up registry clean up

Disable your anti virus programme then click Optimize and Improve to run Reg Defrag, the screen will lose colour during the process which can take a few minutes and then needs a reboot

Check the anti virus programme is running after the reboot.

Those will have cleared the drive of obsolete software errors

These are suggestions for making the most of the free trial

Click optimize and improve then system optimizer to optimize the computer, select computer with an internet connection from the drop down menu, this also requires a reboot

After the reboot, click optimize then system optimizer to accelerate downloads, select the speed just above your actual connection speed, this requires a reboot.

After the reboot, click optimize then system optimizer to run system advisor

Please confirm that all is well and I will give you the final cleaning instructions.
  • 0

#15
Benlost
Posted 25 November 2006 - 02:39 PM

Benlost

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
all is well, and i thank you very very much! i dont think that my pc ran this good when i unboxed it! much obliged sir!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP