________________________________________________________________________________
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 03:00:54 11/02/2007
+ Scan result:
C:\Program Files\HJT\backups\backup-20070211-013659-470.dll -> Adware.Delfin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Adware.Delfin : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-828683821-3936211242-4230619298-1006\Dc5.#xe -> Adware.DelphinMediaViewer : Cleaned with backup (quarantined).
HKU\S-1-5-21-828683821-3936211242-4230619298-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E1412445-4FF8-410E-8D24-F2CF86B171A4} -> Adware.Generic : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-828683821-3936211242-4230619298-1006\Dc4\VSAdd-in.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).
::Report end
___________________________________________________________________________________
Next is the WinDelf log...
WIN32DELFKIL LOGFILE - by Marckie
version 3.124
11/02/2007 1:51:00.82
running from: "C:\Documents and Settings\Bradley\Desktop"
--- File(s) found in Windows directory ---
gc404.cnf
gsc404.cnf
--- File(s) found in system32 folder ---
--- Services ---
--- Export SharedTaskScheduler key ---
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{A4F94C0C-54A7-4DB1-9AF3-B22E63D00404}"="z"
--- sharedtaskkey (1): A4F94C0C-54A7-4DB1-9AF3-B22E63D00404 ---
no keys found
--- Notify key ---
--- rebooting the computer ---
--- File(s) found in Windows directory ---
--- File(s) found in system32 folder ---
--- Services ---
--- Export SharedTaskSchedulerkey ---
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
--- Notify key ---
Finished!
____________________________________________________________________
Now, when choosing the processes to fix in HJT, I did not choose lfs.exe, as I know that is a safe program. It is a racing simulator that I have installed on my computer.
Also, when you asked me to delete the 8 files or folders, I could not find:
C:\WINDOWS\system32\nfom.dll
C:\WINDOWS\system32\nfo.ocx
In addition to this, when I opened the Host program you asked me to download, it came up with an error message, and when i tried to restore the original .hosts file, it also came up with an error, both are attached to this post.
_____________________________________________________________________________
Panda Log
Incident Status Location
Adware:adware/delfinmedia Not disinfected c:\windows\system32\vidmon
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\aafolpbm.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\bbllnrqq.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\bpchwhnf.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\brnlnkhh.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\ejurwvuw.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\gcqxlanb.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\hpcmibca.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\hswklsdy.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\iigthkrs.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\kqbyciqe.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\lujatfha.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\mbjpeeud.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\mnbknmau.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\mwddgqvf.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\neacpcwg.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\prgvogeq.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\qjmgqhju.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\qstuyept.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\riwjqpsd.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\wosswqff.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\wqahyauv.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\!KillBox\xmysmlgy.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\process.exe
____________________________________________________________________
And lastly, the new HJT log
Logfile of HijackThis v1.99.1
Scan saved at 11:53:26, on 11/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\TGVFDMsgservice.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HJT\Fix.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/firefox
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [TGX2_VFD] "C:\WINDOWS\system32\TGVFDMsgservice.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [workflow] E:\installs\workflow.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: services.lnk = ?
O4 - Global Startup: CPRun.lnk = C:\Freeline\CPRun.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop...cpConnCheck.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
__________________________________________________________________
Thanks Kahdah,
Brad
Attached Files
Edited by lyonsb, 11 February 2007 - 05:54 AM.