Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please Help Remove Favourlinks Malware

Started by jmb2007 , Jan 10 2007 07:24 PM

  • This topic is locked This topic is locked

#1
jmb2007
Posted 10 January 2007 - 07:24 PM

jmb2007

    New Member

  • Member
  • Pip
  • 1 posts
Every time I open up my internet browser the home page comes up with the URL http://www.favourlinks.com. No matter what program I have run(spydoctor, spyware doctor, Ad-aware), I can't remove this malware from my computer. It is slowing down my computer and making it run poorly. I have run the following logs for your review. Please take a look and tell me what I need to do to remove this malicious bug.

SUPERAntiSpyware Scan Log
Generated 01/10/2007 at 07:19 PM

Application Version : 3.4.1000

Core Rules Database Version : 3162
Trace Rules Database Version: 1174

Scan type : Complete Scan
Total Scan Time : 00:40:55

Memory items scanned : 528
Memory threats detected : 0
Registry items scanned : 5379
Registry threats detected : 0
File items scanned : 60696
File threats detected : 212

Adware.Tracking Cookie
C:\Documents and Settings\John Becker\Cookies\john_becker@doubleclick[1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@partner2profit[2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@adinterax[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@123stat[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@xxxpower[2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@realsexcash[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@bluestreak[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@qnsr[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@grannysexforum[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@clickbank[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@adultbouncer[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@sexover40[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@thebestxxx[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@questionmarket[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@nextag[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@html[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@azjmp[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@sextracker[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@statsgold[2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@advertising[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@olahotsex[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@precisionclick[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@tacoda[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@mb[4].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@xxxcounter[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@t2[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@badger-sex[2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@adrevolver[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@toplist[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@tgp[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@webpower[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@pureghr15[2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@xxxcreatures[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@uk-adultcash[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@netsexchat[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@s[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@xxxfolder[2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][3].txt
C:\Documents and Settings\John Becker\Cookies\john becker@a[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@interclick[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@adultcheck[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@adbrite[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@matureadultmoviematrix[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@serving-sys[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@1071982655[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@ref[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@dcsi583rp10000oevcqz9y4us_6l6d[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@casalemedia[1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@atdmt[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@ba[1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@hitbox[2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@1071642027[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@xxxonice[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@lotzadollars[2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@trafficmp[2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@kanoodle[2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@adultfriendfinder[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@incest[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@adultreviews[2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@roiservice[2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@adultadworld[2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@atwola[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@xxxmatureworld[2].txt
C:\Documents and Settings\John Becker\Cookies\john becker@512media[1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@fastclick[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@clicksor[2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@paycounter[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@tribalfusion[1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@sex-xvideo[2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@sexymaturechicks[2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@sexlist[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@mediaplex[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@extreme-sex-galleries[2].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@mediavantage[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@st[25].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@adultmegacash[1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@atotrade[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@zedo[2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john [email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john_becker@xxxtronic[1].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][2].txt
C:\Documents and Settings\John Becker\Cookies\[email protected][1].txt
C:\Documents and Settings\John Becker\Cookies\john becker@st[28].txt
C:\Documents and Settings\John Becker\Cookies\john becker@mature_women_sex[1].txt

Malware.VirusBurst
C:\DOCUMENTS AND SETTINGS\JOHN BECKER\LOCAL SETTINGS\TEMP\VB4B.EXE

Browser Hijacker.Favorites
C:\RECYCLER\S-1-5-21-836604885-3933767709-3571062225-1005\DC6.URL

Unclassified.Oreans32
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP138\A0018579.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP139\A0018608.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP141\A0018820.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP144\A0018913.SYS

Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP90\A0013934.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{F6751740-EB65-4F51-9F4B-AC268B6E20CE}\RP90\A0013936.ICO


Logfile of HijackThis v1.99.1
Scan saved at 7:31:34 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Becker\Desktop\HiJack This\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lotsofpornmovies.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CreateCD_Reminder] C:\WINDOWS\Sonysys\VAIO Recovery\reminder.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1159396553703
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.auctiva.c...oad/XUpload.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

A scan with Ewido's AVG Anti-Spyware didn't pick up anything to report.
  • 0

Advertisements

#2
coachwife6
Posted 10 January 2007 - 09:51 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi JMB. Welcome to GTG. :blink: I am working on a fix and I will be right back. :whistling:
  • 0

#3
coachwife6
Posted 10 January 2007 - 10:07 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Are you running AVG Anti-Spyware and Ewido Anti Spyware and Spyware Doctor? Or are you just running scans? You really only need one anti-spyware. I also see you are running Sygate as well. Is that the only firewall you are running? Did the ocmputer become slower after you installed Sygate?

Before progressing, please disable Spyware Doctor.

You may wish to print out a copy of these instructions to follow while you complete this procedure.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lotsofpornmovies.com/ to verify your age, REQUIRED! WARNING! Adult pictures are featured in this site. Only adults permitted beyond this point! Are you at least 18 years old

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. :whistling:
  • 0

#4
coachwife6
Posted 20 January 2007 - 08:50 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP