Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Helping a friend .. Whats wrong with this log..

Started by Dippy , Feb 09 2007 12:02 AM

  • This topic is locked This topic is locked

#1
Dippy
Posted 09 February 2007 - 12:02 AM

Dippy

    Member

  • Member
  • PipPip
  • 35 posts
Hi i am trying to help a friend get his computer back to the way it was...

I tried
1. system restore ... said it couldnt restore
2. AVG
3. Spybot
4. Norton - Helped alittle

Norton got rid of the red shield saying the computer is infected.

But now i wanna make sure everything is okay

Spybot keeps coming up with 1 entries..


Newdotnet

HiJackThis log is posted in the next post. #2
UniinstallLog is posted in #3

Edited by Dippy, 09 February 2007 - 05:09 PM.

  • 0

Advertisements

#2
Dippy
Posted 09 February 2007 - 12:03 AM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Logfile of HijackThis v1.99.1
Scan saved at 12:54:12 AM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1129568424\ee\AOLSoftware.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Documents and Settings\Administrator\Desktop\HJTapp\HijackThis.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129568424\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1146500294609
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#3
Dippy
Posted 09 February 2007 - 12:05 AM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Uninstall Log

1Click DVD Copy 4.2.9.4
1Click DVD Copy Pro 2.4.1.6
Ad-Aware SE Professional
Adobe Acrobat 4.0
Adobe Reader 7.0.5
AIM 6.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Spyware Protection
AOL Toolbar 4.0
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
ArcSoft PhotoBase
ArcSoft PhotoStudio 2000
ATI Control Panel
ATI Display Driver
AudioConverter Studio 4.5
Battle.net
BigFix
Caere Scan Manager 5.1
Canon ScanGear Toolbox CS 2.2
ccCommon
CleanUp!
Collab
CompuServe
Conexant AC-Link Audio
Desktop Weather by The Weather Channel
Diablo
DVD43 v3.8.0
FL Studio 6
FLAC Installer 1.1.2a (remove only)
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB928388)
Internet Worm Protection
iTunes
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment Standard Edition v1.3.1_02
LiveUpdate 3.1 (Symantec Corporation)
Macromedia Flash Player 8
MGI PhotoSuite 4 (Remove Only)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Age of Empires
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
mkw Audio Compression Toolkit
Mozilla Firefox (1.5.0.9)
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
NAVShortcut
Nero BurnRights
Nero OEM
NOD32 antivirus system
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Protection Center
Norton WMI Update
OmniPage Pro 9.0
Plaxo Toolbar for Outlook (with AIM Enhancements)
Power Tab Editor 1.7
PowerDVD
Pure Networks Port Magic
QuickTime
RealPlayer Basic
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SoftV92 Data Fax Modem with SmartCP
Sonic Encoders
Sony ACID Music Studio 5.0a
SPBBC
Spybot - Search & Destroy 1.4
StyleXP (remove only)
Symantec
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
Themexp.org File
Trillian
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
Weather Services
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
Windows Vista Upgrade Advisor
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888239
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
  • 0

#4
Dippy
Posted 09 February 2007 - 11:04 AM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Any suggestions on whats wrong with this log??
  • 0

#5
Flrman1
Posted 09 February 2007 - 11:36 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* The first thing I notice here is that you have two antiviruses running. This is a recipe for disaster. You should never run two AVs at the same time. They will conflict with each other causing all sorts of problems. You need to pick one to use and remove the other.

If I were you, I'd remove Norton and stick with Nod32. It is by far the superior antivirus.


* First Click here to download LspFix

You may not need it, but go ahead and download it just in case.

Now go here and scroll to the bottom of the page to Precedure 4 and download and run the New.Net uninstaller.

If you lose your internet connection after running the New.Net uninstaller, Run LspFix, and click Finish. (Don't do anything else)

That should restore the internet connection.


* Run Hijack This again and put a check by this entry if it is still there. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

Restart the computer.


* Go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment Standard Edition v1.3.1_02
Viewpoint Media Player


* Now go here and install the latest version of Java.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan
  • 0

#6
Dippy
Posted 09 February 2007 - 04:25 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OKay i did what you said...

Here is my ActiveScan Log


Incident Status Location

Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_38.exe
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Owner.YOUR-3734719B82\Application Data\Mozilla\Firefox\Profiles\6ou9j4uz.default\cookies.txt[.hotlog.ru/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner.YOUR-3734719B82\Application Data\Mozilla\Firefox\Profiles\6ou9j4uz.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner.YOUR-3734719B82\Cookies\owner@2o7[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Owner.YOUR-3734719B82\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Biggy740\7em9bugz.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Biggy740\7em9bugz.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Biggy740\7em9bugz.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Biggy740\7em9bugz.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Biggy740\7em9bugz.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.revenue.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.targetnet.com/]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[citi.bridgetrack.com/]
Spyware:Cookie/Overture Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.overture.com/]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.valueclick.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\DaNkNuGgS19\x15sogl2.slt\cookies.txt[statse.webtrendslive.com/S123580]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Guest\ha1jcmhn.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Guest\ha1jcmhn.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Guest\ha1jcmhn.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Guest\ha1jcmhn.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Guest\ha1jcmhn.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\Guest\ha1jcmhn.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\MEBARBIE17\55tgxc9j.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\MEBARBIE17\55tgxc9j.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\MEBARBIE17\55tgxc9j.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\MEBARBIE17\55tgxc9j.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\MEBARBIE17\55tgxc9j.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\MEBARBIE17\55tgxc9j.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atwola Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.2o7.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\CompuServe 7.0\gecko\usr\Profiles\ZEr0cOoLo7\9sdzzjeg.slt\cookies.txt[.mediaplex.com/]
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_48.exe
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20070207-144817.backup

Edited by Dippy, 09 February 2007 - 04:27 PM.

  • 0

#7
Dippy
Posted 09 February 2007 - 04:27 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
HijackLog Second take.

Logfile of HijackThis v1.99.1
Scan saved at 5:25:34 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1129568424\ee\AOLSoftware.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HJTapp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129568424\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1146500294609
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#8
Dippy
Posted 09 February 2007 - 06:34 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

* The first thing I notice here is that you have two antiviruses running. This is a recipe for disaster. You should never run two AVs at the same time. They will conflict with each other causing all sorts of problems. You need to pick one to use and remove the other.

If I were you, I'd remove Norton and stick with Nod32. It is by far the superior antivirus.


* First Click here to download LspFix

You may not need it, but go ahead and download it just in case.

Now go here and scroll to the bottom of the page to Precedure 4 and download and run the New.Net uninstaller.

If you lose your internet connection after running the New.Net uninstaller, Run LspFix, and click Finish. (Don't do anything else)

That should restore the internet connection.


* Run Hijack This again and put a check by this entry if it is still there. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s

Restart the computer.


* Go to Add/Remove programs and uninstall these:

J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment Standard Edition v1.3.1_02
Viewpoint Media Player


* Now go here and install the latest version of Java.


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan


Hows my 2nd log look?
  • 0

#9
Flrman1
Posted 09 February 2007 - 06:34 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* I am attaching a fix.zip file to this post. Download it and save it to your desktop. Unzip it to extract the fix.reg file it contains.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Doubleclick on the fix.reg file to add it to the registry. Answer yes to confirm the merge.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf

    c:\windows\NDNuninstall6_38.exe

    C:\WINDOWS\NDNuninstall7_22.exe

    C:\WINDOWS\NDNuninstall7_48.exe

  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]* Restart back into Windows normally now.


* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..
Also let me know how the pc is behaving after the fixes.

Attached Files

  • Attached File  fix.zip   191bytes   217 downloads

  • 0

#10
Dippy
Posted 09 February 2007 - 06:38 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Okay i will do that and let you know how it goes..

Thanks for the help bro.
  • 0

Advertisements

#11
Flrman1
Posted 09 February 2007 - 07:53 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
:whistling:
  • 0

#12
Dippy
Posted 09 February 2007 - 09:06 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
Its scanning with bitdefender now but i noticted that i am supose to have my quick launch up i have it checked when i right click on the task bar but i dont see it down there.

Is this problem from a virus, malware etc. ?


Oh btw the screen on the laptop thats runnin the scan went black for about a minute...

I am not using it at all either. im just letting the scan run.

Edited by Dippy, 09 February 2007 - 09:08 PM.

  • 0

#13
Dippy
Posted 09 February 2007 - 09:15 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
And while Bitdefender was running

NOD32 poped up with threat detected.


Oh and the black screen was the screen saver just being sloww i guess from the scan.

Edited by Dippy, 09 February 2007 - 10:05 PM.

  • 0

#14
Dippy
Posted 09 February 2007 - 10:14 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts
OK my BITdefender is ATTACHED Below...

and here is the Third HiJackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 11:14:17 PM, on 2/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\AOL\1129568424\ee\AOLSoftware.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Documents and Settings\Administrator\Desktop\HJTapp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1129568424\ee\AOLSoftware.exe"
O4 - HKLM\..\Run: [IPHSend] "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.12.1.1\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: CompuServe 7.0 Tray Icon.lnk = C:\Program Files\CompuServe 7.0\cstray.exe
O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 4.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1146500294609
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Attached Files


  • 0

#15
Dippy
Posted 09 February 2007 - 10:15 PM

Dippy

    Member

  • Topic Starter
  • Member
  • PipPip
  • 35 posts

:whistling:



How is it looking now bud?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP