Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Something hanging around onthe system but can't track it down


  • Please log in to reply

#1
dizzzy068

dizzzy068

    Member

  • Member
  • PipPip
  • 21 posts
Hi

I have done everything in the read this before you post section except Panda Active scan. I just can't get it to run on my pc - had the same problem a few months back and one of the staff tried to get round it but was unable to. I am getting tons of mail failure and blocked mail messages everyday - I don't know how to stop the system sending the mail. These are my logs;

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:08:50 08/01/2007

+ Scan result:



:mozilla.208:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.270:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.55:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.56:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.57:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.58:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.59:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.126:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.127:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.10:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.11:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.12:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.13:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.14:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.128:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Adviva : No action taken.
:mozilla.39:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.7:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.262:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.85:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.13:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.9:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.125:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Esomniture : No action taken.
:mozilla.184:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.185:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.186:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.187:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.188:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.189:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.156:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.287:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.316:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.317:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.318:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.226:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.227:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.228:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.229:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.86:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.144:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.145:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.157:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.158:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.159:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.160:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.161:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.167:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.29:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.30:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.31:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.32:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.33:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.34:C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\lkk9wjis.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.8:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.63:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.130:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.131:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.132:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.133:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.135:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Webtrendslive : No action taken.
:mozilla.71:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.72:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.73:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.74:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.76:C:\Documents and Settings\Liz\Application Data\Mozilla\Firefox\Profiles\m5k5ih3k.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.


::Report end


Logfile of HijackThis v1.99.1
Scan saved at 09:11:22, on 08/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\eMachines Bay Reader\shwiconem.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1136116863281
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37380.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7DEF99C5-DF8A-4468-9122-06418B26CC8A}: NameServer = 195.92.195.94 195.92.195.95
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


:whistling:
  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#3
dizzzy068

dizzzy068

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hi

I have sucessfully downloaded it but each time I have tried to run it it causes a system shutdown/ restart after a few seconds of running - what do you suggest? :whistling:
  • 0

#4
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Thats strange. try running it from safemode, and see if it will finish

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
Run combofix


Reboot and post the log. If there are any problems let me know.
  • 0

#5
dizzzy068

dizzzy068

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
worked in safe mode, gotta run late for work!

"Liz" - 07-01-09 12:26:25 Service Pack 2
ComboFix 07-01-09W-BetaE2 - Running from: "C:\Documents and Settings\Liz\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-09 to 2007-01-09 ))))))))))))))))))))))))))))))))))


2007-01-04 22:15 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-04 22:15 <DIR> d-------- C:\DOCUME~1\Liz\Application Data\SUPERAntiSpyware.com
2007-01-04 22:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-15 21:07 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-12-15 21:07 286,720 --------- C:\WINDOWS\Setup1.exe
2006-12-15 21:07 <DIR> d-------- C:\Program Files\Toponymy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-09 09:44 -------- d-------- C:\Program Files\mozilla firefox
2007-01-01 18:49 -------- d-------- C:\Program Files\gedcom census
2006-12-15 21:06 -------- d-------- C:\Program Files\family historian
2006-12-09 18:51 -------- d-------- C:\Program Files\winbmd
2006-12-03 11:42 -------- d-------- C:\Program Files\tomtom home
2006-12-03 11:36 -------- d--h----- C:\Program Files\installshield installation information
2006-11-20 10:51 -------- d-------- C:\Program Files\Common Files\adobe
2006-11-08 05:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-19 13:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\winfxdocobj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"CHotkey"="zHotkey.exe"
"SunKistEM"="C:\\Program Files\\eMachines Bay Reader\\shwiconem.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Thomson\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TomTomHOME.exe"="\"C:\\Program Files\\TomTom HOME\\TomTomHOME.exe\" -s"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0




~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\WebReg 20040921204016.job

Completion time: 07-01-09 12:29:28
  • 0

#6
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Not much going on

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new hijackthis log.

  • 0

#7
dizzzy068

dizzzy068

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Thanks so far but one of the main problems is that I can't get Panda Active Scan to run - i have tried using Firefox and IE but neither will let me run it. One of your colleagues tried a work round some months back but that didn;t work either. I can get to the panda website but none of the "Scan PC" links will work at all. I have installed the Active X thingys. - any advice?
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Try this one. Panda can be finicky at times.

Please do an online scan with Kaspersky WebScanner. If you have any quarantined items in your antivirus, please delete those archives before the scan.

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a new HijackThis log.

  • 0

#9
dizzzy068

dizzzy068

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Have tried repeatedly but get the same problems as Panda, can;t get the scanner to run - any suggestions?
  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Lets check your active x.

Go here ActiveX test

Let me know the results please :whistling:
  • 0

#11
dizzzy068

dizzzy068

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
ActiveX is not supported
  • 0

#12
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Are you using internet explorer?
  • 0

#13
dizzzy068

dizzzy068

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
I'm using Firefox - I have tried the scanners with IE and they don't work with that either.

Diz
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP