Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System slow to boot.


  • Please log in to reply

#1
sraj

sraj

    Member

  • Member
  • PipPip
  • 14 posts
Hi,
My system is slow to boot. Looks like it had Winantipro.
Would greatly appreciate your help.
HijackLogs and other logs are pasted.

HijackThis Log.
Logfile of HijackThis v1.99.1
Scan saved at 8:35:10 PM, on 12/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1162602211\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162602211\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Uninstall list
Ad-Aware SE Personal
Adobe Reader 6.0
Adobe® Photoshop® Album Starter Edition 3.0
Agere Systems AC'97 Modem
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Spyware Protection
AOL Toolbar
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Software Update
ATI Display Driver
AVG Anti-Spyware 7.5
AVG Free Edition
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CIF Dual-Mode Camera
CleanUp!
EVEREST Home Edition v2.20
ewido anti-malware
Google Desktop
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
HP Deskjet 3740
HP Software Update
InterVideo WinDVD Creator 2
IrfanView (remove only)
iTunes
Jasc Animation Shop 3
Law & Order Justice is Served
Learn2 Player (Uninstall Only)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
MSN
MSXML 4.0 SP2 (KB927978)
Panda ActiveScan
PhoTags Express
Pure Networks Port Magic
QuickTime
RealPlayer
Rhapsody Player Engine
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Viewpoint Media Player
Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image 05/02/2006 2.0.1.0
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

ComboFix log

Sudarshan K - 06-12-06 20:38:42.34 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\a_files\AMalware_rem"

((((((((((((((((((((((((((((((( Files Created from 2006-11-06 to 2006-12-06 ))))))))))))))))))))))))))))))))))


2006-12-06 20:34 <DIR> d-------- C:\Program Files\Hijackthis
2006-12-04 21:39 <DIR> d-------- C:\WINDOWS\WBEM
2006-12-04 21:37 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-12-04 21:34 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-12-04 20:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-12-03 21:40 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-12-03 21:28 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2006-12-03 21:28 <DIR> d-------- C:\Documents and Settings\Sudarshan K\Application Data\SUPERAntiSpyware.com
2006-12-03 21:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-03 11:12 <DIR> d--hs---- C:\WA6P
2006-12-03 11:11 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-11-30 11:18 <DIR> dr-h----- C:\$VAULT$.AVG
2006-11-25 07:55 <DIR> d--hs---- C:\WINDOWS\ftpcache
2006-11-23 13:03 <DIR> d-------- C:\Program Files\Mars
2006-11-23 12:56 <DIR> d-------- C:\Program Files\PhoTags Express
2006-11-14 22:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-14 22:03 <DIR> d-------- C:\82e58add9150c0a010db3d
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 09:46 <DIR> d-------- C:\Documents and Settings\Sudarshan K\Application Data\Jasc
2006-11-07 09:42 <DIR> d-------- C:\Program Files\Jasc Software Inc
2006-11-07 09:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google
2006-11-07 09:17 <DIR> d-------- C:\Program Files\Google
2006-11-07 09:17 <DIR> d-------- C:\Documents and Settings\Sudarshan K\Application Data\Google
2006-11-07 09:16 <DIR> d-------- C:\Program Files\IrfanView
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-04 21:43 -------- d-------- C:\Program Files\Internet Explorer
2006-12-04 21:18 -------- d-------- C:\Program Files\QuickTime
2006-12-04 21:17 -------- d-------- C:\Program Files\MSN Messenger
2006-12-04 21:16 -------- d-------- C:\Program Files\iTunes
2006-12-04 21:14 -------- d-------- C:\Program Files\ewido anti-malware
2006-12-03 21:40 -------- d-------- C:\Program Files\Grisoft
2006-12-03 21:27 -------- d-a------ C:\Program Files\Common Files
2006-11-16 09:37 -------- d-------- C:\Program Files\Apple Software Update
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 20:22 -------- d-------- C:\Program Files\Kap.SAT
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 19:04 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-03 19:04 -------- d-------- C:\Program Files\AOL
2006-10-29 07:56 -------- d---s---- C:\Documents and Settings\Sudarshan K\Application Data\Microsoft
2006-10-22 10:00 -------- d-------- C:\Documents and Settings\Sudarshan K\Application Data\Leadertech
2006-10-19 18:51 -------- d-------- C:\Program Files\MSN
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-15 09:19 -------- d-------- C:\Program Files\iPod
2006-10-15 09:19 -------- d-------- C:\Documents and Settings\Sudarshan K\Application Data\Apple Computer
2006-10-13 06:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-09-12 23:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"AGRSMMSG"="AGRSMMSG.exe"
"Pure Networks Port Magic"="\"C:\\PROGRA~1\\PURENE~1\\PORTMA~1\\PortAOL.exe\" -Run"
"ATIModeChange"="Ati2mdxx.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1162602211\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"isamini.exe"="C:\\Program Files\\Video ActiveX Object\\isamonitor.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

Completion time: 06-12-06 20:39:31.60
C:\ComboFix.txt ... 06-12-06 20:39

Anti Spyware log

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:53:13 PM 12/4/2006

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned with backup (quarantined).
HKU\S-1-5-21-220523388-343818398-1801674531-1004\Software\Internet Security -> Adware.IntCodec : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DC6_check -> Adware.Systemdoctor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Enum -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
HKLM\SYSTEM\CurrentControlSet\Services\vspf_hk\Security -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{854CAFF8-599E-496E-9905-373EECF75533}\RP90\A0102659.dll -> Downloader.Zlob.bbv : Cleaned with backup (quarantined).


::Report end

Super AntiSpyware scan log
SUPERAntiSpyware Scan Log
Generated 12/04/2006 at 08:12 PM

Application Version : 3.3.1020

Core Rules Database Version : 3141
Trace Rules Database Version: 1157

Scan type : Complete Scan
Total Scan Time : 00:11:14

Memory items scanned : 433
Memory threats detected : 3
Registry items scanned : 4369
Registry threats detected : 102
File items scanned : 3314
File threats detected : 22

Trojan.Media-Codec
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\ISAMONITOR.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\ISAMONITOR.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\PMSNGR.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\PMSNGR.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\ISAMINI.EXE
C:\PROGRAM FILES\VIDEO ACTIVEX OBJECT\ISAMINI.EXE
HKCR\CLSID\{1A1DDC19-5893-43AB-A73F-F41A0F34D115}
HKCR\CLSID\{1A1DDC19-5893-43AB-A73F-F41A0F34D115}\InprocServer32
HKCR\CLSID\{1A1DDC19-5893-43AB-A73F-F41A0F34D115}\InprocServer32#ThreadingModel
HKCR\CLSID\{96EBBE6A-2864-4345-B32B-26EE9BE524B5}
HKCR\CLSID\{96EBBE6A-2864-4345-B32B-26EE9BE524B5}\Implemented Categories
HKCR\CLSID\{96EBBE6A-2864-4345-B32B-26EE9BE524B5}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{96EBBE6A-2864-4345-B32B-26EE9BE524B5}\InprocServer32
HKCR\CLSID\{96EBBE6A-2864-4345-B32B-26EE9BE524B5}\InprocServer32#ThreadingModel
HKU\S-1-5-21-220523388-343818398-1801674531-1004\Software\Internet Security
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#ProductionEnvironment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video ActiveX Object#Publisher
C:\Program Files\VIDEO ACTIVEX OBJECT\iesplugin.dll
C:\Program Files\VIDEO ACTIVEX OBJECT\iesuninst.exe
C:\Program Files\VIDEO ACTIVEX OBJECT\isaddon.dll
C:\Program Files\VIDEO ACTIVEX OBJECT\isauninst.exe
C:\Program Files\VIDEO ACTIVEX OBJECT\ot.ico
C:\Program Files\VIDEO ACTIVEX OBJECT\pmuninst.exe
C:\Program Files\VIDEO ACTIVEX OBJECT\ts.ico
C:\Program Files\VIDEO ACTIVEX OBJECT\uninst.exe
C:\Program Files\VIDEO ACTIVEX OBJECT
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#isamonitor.exe [ C:\Program Files\Video ActiveX Object\isamonitor.exe ]
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad#emptins [ {588599f4-de26-4c28-ba14-f4eb17e33481} ]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{588599f4-de26-4c28-ba14-f4eb17e33481} [ emptins ]
C:\WINDOWS\Prefetch\ISAMONITOR.EXE-1BC8A4C7.pf
C:\WINDOWS\Prefetch\PMSNGR.EXE-1544802C.pf

Adware.Tracking Cookie
C:\Documents and Settings\Sudarshan K\Cookies\sudarshan [email protected][2].txt

Trojan.WinAntiSpyware/WinAntiVirus 2006
HKLM\SYSTEM\CurrentControlSet\Services\FOPN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Type
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Start
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ErrorControl
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Tag
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#ImagePath
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#DisplayName
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Group
HKLM\SYSTEM\CurrentControlSet\Services\FOPN#Overflow
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\blocked#\DEVICE\HARDDISKVOLUME1\WA6P
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\APPLICATION DATA\REAL\RNADMIN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\GOOGLE DESKTOP SEARCH
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0JFZY2IO
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\N67JQOH3
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\WINANTIVIRUS PRO 2006
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\HP\HPCORETECH\SOLN
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\MY DOCUMENTS\MY GOOGLE GADGETS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0L6R0TIZ
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\ACS\1.0
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\AOLDIAG\AOL\ACSD\WIN32\4.1.35.3
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SOFTWAREDISTRIBUTION\DATASTORE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\CONFIG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AVG7\LOG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUME~1\SUDARS~1\LOCALS~1\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\LOCAL SETTINGS\APPLICATION DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\LOCAL SETTINGS\APPLICATION DATA\AOL\USERPROFILES\ALL USERS\CLS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\APPLICATION DATA\WINANTIVIRUS PRO 2006\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\WINANTIVIRUS PRO 2006\DOWNLOAD\HRVCGLMA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\HP\HPCORETECH\DATA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\APPLICATION DATA\AOL\ACS\1.0
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32\WBEM\LOGS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\COOKIES
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\ACS\1.0\SWUPDATE
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\6P43KDOX
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GRISOFT\AVG7DATA\AVG7UPD
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PURE NETWORKS\PORT MAGIC\LOG
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\AOLDIAG\AOL\SERVICEHOST\WIN32\1.4.16.1
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\HP\HPCORETECH
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\TEMP
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL\AOLDIAG\AOL\ACSDIALER\WIN32\4.1.35.3
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\PROGRAM FILES\VIDEO ACTIVEX OBJECT
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\SUDARSHAN K
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS\SYSTEM32
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\POOJA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\DOCUMENTS AND SETTINGS\PADMA
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\log#\DEVICE\HARDDISKVOLUME1\WINDOWS
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Security#Security
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#0
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#Count
HKLM\SYSTEM\CurrentControlSet\Services\FOPN\Enum#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF\0000#Capabilities
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#DeviceDesc
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_VSPF_HK\0000#Capabilities
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#ERS_check [ "C:\Program Files\Common Files\WinAntiVirus Pro 2006\ers_startupmon.exe" ]
C:\WINDOWS\system32\stera.job

Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Security Troubleshooting.url
C:\Documents and Settings\All Users\Desktop\Online Security Guide.url

Malware.VirusBurst
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Alerter 2006#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run#pmsngr.exe [ C:\Program Files\Video ActiveX Object\pmsngr.exe ]

Malware.VirusRescue
C:\A_FILES\VR_SETUP_3_0.EXE

Browser Hijacker.Favorites
C:\DOCUMENTS AND SETTINGS\SUDARSHAN K\FAVORITES\ONLINE SECURITY TEST.URL

PandaSoftware scan log.

Incident Status Location

Potentially unwanted tool:application/winantivirus2006 Not disinfected c:\documents and settings\all users\application data\WinAntiVirus Pro 2006
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sudarshan K\Cookies\sudarshan [email protected][1].txt

Please let me know, if there is anything you need to resolve.
Appreciate your response.
Thanks
Sraj
  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Add remove programs - remove Ewido - the AVG AS 7.5 replaced it

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new hijack log.

The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning: running option #2 on a non infected computer will remove your Desktop background.
  • 0

#3
sraj

sraj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Appreciate your response. Logs are attached. :whistling:
System is not shutting down in normal mode. Screen color has changed. It is slow in booting up.
I have attached the logs as requested.

Thanks for valuable time.

HijackLog
Logfile of HijackThis v1.99.1
Scan saved at 18:51, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1162602211\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1162602211\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



Rapport

SmitFraudFix v2.128

Scan done at 18:40:24.71, Thu 12/07/2006
Run from C:\a_files\AMalware_rem\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#4
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0

#5
sraj

sraj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,
System does not boot up. It is stuck Windows logo. I am forced to power off then boot in safe mode, shut down and then start in normal mode.
Appreciate your help.
Thanks
  • 0

#6
sraj

sraj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi
Also I am not able to change background screens. It freezes.
Thanks
  • 0

#7
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Delete this

c:\documents and settings\all users\application data\WinAntiVirus Pro 2006


Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.c...s...4129&ac=tsg

(It's a 2 week trial.)

* Click the Try Spy Sweeper for FreeDownload the trial link.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.

Also post a new Hijack This log.
  • 0

#8
sraj

sraj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Here are the logs.

6:10 PM: Removal process completed. Elapsed time 00:00:18
6:10 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST99.tmp". Reason: The system cannot find the file specified
6:10 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
6:10 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST99.tmp". Reason: The system cannot find the file specified
6:10 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
6:10 PM: Quarantining All Traces: tacoda cookie
6:10 PM: Quarantining All Traces: adjuggler cookie
6:10 PM: Quarantining All Traces: realmedia cookie
6:10 PM: Quarantining All Traces: maxserving cookie
6:10 PM: Quarantining All Traces: atwola cookie
6:10 PM: Quarantining All Traces: trojan-downloader-zlob
6:10 PM: Removal process initiated
6:10 PM: Traces Found: 9
6:10 PM: Custom Sweep has completed. Elapsed time 00:14:39
6:09 PM: File Sweep Complete, Elapsed Time: 00:11:41
5:58 PM: Starting File Sweep
5:58 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
5:58 PM: c:\documents and settings\sudarshan k\cookies\[email protected][1].txt (ID = 6444)
5:58 PM: Found Spy Cookie: tacoda cookie
5:58 PM: c:\documents and settings\sudarshan k\cookies\[email protected][1].txt (ID = 2071)
5:58 PM: Found Spy Cookie: adjuggler cookie
5:58 PM: c:\documents and settings\sudarshan k\cookies\[email protected][2].txt (ID = 3235)
5:58 PM: Found Spy Cookie: realmedia cookie
5:58 PM: c:\documents and settings\sudarshan k\cookies\[email protected][2].txt (ID = 2966)
5:58 PM: Found Spy Cookie: maxserving cookie
5:58 PM: c:\documents and settings\sudarshan k\cookies\[email protected][1].txt (ID = 2255)
5:58 PM: Found Spy Cookie: atwola cookie
5:58 PM: Starting Cookie Sweep
5:58 PM: Registry Sweep Complete, Elapsed Time:00:00:33
5:58 PM: HKU\S-1-5-21-220523388-343818398-1801674531-1004\software\microsoft\internet explorer\toolbar\webbrowser\ || {96ebbe6a-2864-4345-b32b-26ee9be524b5} (ID = 1858090)
5:58 PM: HKU\S-1-5-21-220523388-343818398-1801674531-1004\software\microsoft\windows\currentversion\ext\stats\{96ebbe6a-2864-4345-b32b-26ee9be524b5}\ (ID = 1858030)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-220523388-343818398-1801674531-1006\software\microsoft\windows\currentversion\ext\stats\{96ebbe6a-2864-4345-b32b-26ee9be524b5}\ (ID = 1858030)
5:58 PM: HKU\WRSS_Profile_S-1-5-21-220523388-343818398-1801674531-1006\software\internet security\ (ID = 1553896)
5:58 PM: Found Trojan Horse: trojan-downloader-zlob
5:57 PM: Starting Registry Sweep
5:57 PM: Memory Sweep Complete, Elapsed Time: 00:02:14
5:55 PM: Starting Memory Sweep
5:55 PM: Start Custom Sweep
5:55 PM: Sweep initiated using definitions version 818
5:55 PM: Spy Sweeper 5.2.3.2132 started
5:55 PM: | Start of Session, Saturday, December 09, 2006 |
********
5:55 PM: | End of Session, Saturday, December 09, 2006 |
5:53 PM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
5:53 PM: Access to Hosts file blocked for C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
5:50 PM: Shield States
5:48 PM: Spyware Definitions: 804
5:48 PM: Warning: Virus definitions files are invalid, please update your virus definitions. 220
5:48 PM: Spy Sweeper 5.2.3.2132 started
5:48 PM: Spy Sweeper 5.2.3.2132 started
5:48 PM: | Start of Session, Saturday, December 09, 2006 |
********

Logfile of HijackThis v1.99.1
Scan saved at 18:14, on 12/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\AOL\1162602211\ee\AOLSoftware.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [AVG7_CC] "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1162602211\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe



Thanks for your help :whistling:
  • 0

#9
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Log is fine, Having AOL can cause a slow boot process after time - I had a system that changed dramatically when I uninstalled all of AOL and then re-installed it
  • 0

#10
sraj

sraj

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi,
I do not use AOL. Maybe I did not uninstall it properly. Not sure how to clean this. Any suggestions.
Appreciate your quick response.
Thanks
  • 0

#11
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Look in add remove programs and remove anything AOL releated

You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" –Run

O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1162602211\ee\AOLSoftware.exe"

O4 - HKLM\..\Run: [AOLDialer] "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"

O4 - HKLM\..\Run: [AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
============================
Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

AOL Connectivity Service

Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility.

Repeat for - AOL Spyware Protection Service
==========================
DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Common Files\AOL
C:\Program Files\AOL Toolbar


Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP