Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

spyware

Started by jon21 , Mar 12 2007 07:48 PM

Please log in to reply

#1
jon21

Posted 12 March 2007 - 07:48 PM

Member

Member
39 posts

have lots of spyware and need help getting ride of it. here is an HJT log. i also have a virus that i need help getting ride of.
Jon

Logfile of HijackThis v1.99.1
Scan saved at 8:29:13 PM, on 3/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132188123046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132544193984
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IWin service - Unknown owner - C:\WINDOWS\system32\iwinapp.exe (file missing)
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Net message Service - Unknown owner - C:\WINDOWS\system32\netmsg.exe (file missing)
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Win Common module - Unknown owner - C:\WINDOWS\system32\servicemp.exe (file missing)
O23 - Service: Win PPPe - Unknown owner - C:\WINDOWS\system32\winser.exe (file missing)
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)

Edited by jon21, 12 March 2007 - 07:50 PM.

#2
sari

Posted 13 March 2007 - 11:55 AM

GeekU Admin

Community Leader
21,806 posts

jon21,

Hi, and welcome to Geeks to Go. You do have a pretty nasty infection there, and your sytem may have been compromised. I suggest you change any passwords you may used on your PC or for any online transactions.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Thanks,

sari

#3
jon21

Posted 15 March 2007 - 12:01 PM

Member

Topic Starter
Member
39 posts

here is my Report.txt and my HJT lof.
Jon

SDFix: Version 1.72

Run by Administrator - Thu 03/15/2007 / 13:50:45.79

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\sdfix\SDFix

Safe Mode:
Checking Services:

Name:
hide_evr2
IWin service
Net message Service
Win Common module
Win PPPe

Path:
\??\C:\WINDOWS\hide_evr2.sys
C:\WINDOWS\system32\iwinapp.exe
C:\WINDOWS\system32\netmsg.exe
C:\WINDOWS\system32\servicemp.exe
C:\WINDOWS\system32\winser.exe

hide_evr2 Deleted
IWin service Deleted
Net message Service Deleted
Win Common module Deleted
Win PPPe Deleted

Logfile of HijackThis v1.99.1
Scan saved at 2:00:51 PM, on 3/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132188123046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132544193984
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Windows sharing object - Unknown owner - C:\WINDOWS\system32\winvercp.exe (file missing)

#4
sari

Posted 20 March 2007 - 01:20 PM

GeekU Admin

Community Leader
21,806 posts

jon21,

That looks a lot better, but still a little cleanup to do.

Go to Start > Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below services:

Windows sharing object

When you find it, double-click on it. In the next window that opens, under the General tab click the Stop button, then click the drop-down box to change the Startup Type to Disabled. Now hit Apply and then Ok.

Open HiJackThis, click on "None of the above, just start the program". Now, click on the "Config" button (bottom right), then click on "Misc Tools", then click on "Delete an NT Service" a window will pop up. Enter the below item into that field (make sure there are NO spaces before or after the name):

Windows sharing object

Click OK.

It should pull up information about the service, then ask if you want to reboot. Click YES.

Please go HERE to run Panda's ActiveScan - you must use Internet Explorer for this to work.

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
If it wants to install an ActiveX component allow it
Select either Home User or Company
Click the big Scan Now button
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.

Please post the Activescan report and a new hijackthis log.

Thanks,

sari

#5
jon21

Posted 21 March 2007 - 10:18 AM

Member

Topic Starter
Member
39 posts

here is my activescane and my HJT log.
Jon

Incident Status Location

Adware:adware/securityerror Not disinfected Windows Registry
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Weborama Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.weborama.fr/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.atwola.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.targetsaver.com/]
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.webpower.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.revenue.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[server.iad.liveperson.net/hc/35327284]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe

Logfile of HijackThis v1.99.1
Scan saved at 10:27:12 AM, on 3/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132188123046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132544193984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#6
sari

Posted 23 March 2007 - 02:50 PM

GeekU Admin

Community Leader
21,806 posts

jon21,

I noticed you posted last year and were never helped. You had some suspicious files in your Ewido scan that were never cleaned. I'd like to run this again.

First download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.

Please post the AVG AS report and a new hijackthis log.

Thanks,

sari

#7
jon21

Posted 24 March 2007 - 06:26 PM

Member

Topic Starter
Member
39 posts

here is my avg report and my HJT log.
Jon

+ Created at: 8:05:57 PM 3/24/2007

+ Scan result:

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.452:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adengage : Cleaned.
:mozilla.696:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.697:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.904:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.905:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.906:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.907:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.939:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.538:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.417:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.418:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.407:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.408:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.409:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.410:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.294:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.662:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.411:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.412:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.413:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.336:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.374:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.428:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.492:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.372:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.373:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.390:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.587:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.588:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.589:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.706:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.707:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.767:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.768:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.453:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.265:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.266:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.463:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.464:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.506:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.419:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.420:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.421:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.480:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.769:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
:mozilla.694:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.731:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.732:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.296:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.297:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.
:mozilla.484:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lvp9vntn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

::Report end

Logfile of HijackThis v1.99.1
Scan saved at 8:23:38 PM, on 3/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tiwc] C:\WINDOWS\system32\q786q.exe sdcfsi
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134070330\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A

#8
jon21

Posted 24 March 2007 - 06:26 PM

Member

Topic Starter
Member
39 posts

#9
sari

Posted 27 March 2007 - 03:05 PM

GeekU Admin

Community Leader
21,806 posts

jon21,

I see some entries in your log that were not there before. Interestingly enough, you had those same entries back in September when Crustyoldbloke helped to clean you up. I'll help you get rid of them, but you really need to make sure you install some good protection to keep you from getting re-infected again.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.
O4 - HKLM\..\Run: [tiwc] C:\WINDOWS\system32\q786q.exe sdcfsi
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe"
O4 - HKCU\..\Run: [dpwsock] C:\WINDOWS\system32\dpwsock.exe
O4 - HKCU\..\Run: [cryptext] C:\WINDOWS\system32\cryptext.exe
O23 - Service: DirectX common - Unknown owner - C:\WINDOWS\system32\dxwizard.exe (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\q786q.exe
C:\WINDOWS\9129837.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe
C:\WINDOWS\system32\dpwsock.exe
C:\WINDOWS\system32\cryptext.exe

After that, Reboot.

Post a new hijackthis log for me, please.

sari

#10
jon21

Posted 28 March 2007 - 01:43 PM

Member

Topic Starter
Member
39 posts

hi i got the HJT log cleaned with what you told me to delete but i couldnt get ride of the other files could not find them. here is my HJT log.
Jon

Logfile of HijackThis v1.99.1
Scan saved at 3:42:30 PM, on 3/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134070330\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132188123046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132544193984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#11
sari

Posted 29 March 2007 - 02:00 PM

GeekU Admin

Community Leader
21,806 posts

jon21,

Did you use msconfig to disable some startup items? If so, could you re-enable them all until we're finished, and post a new hijackthis log?

Thanks,

sari

#12
jon21

Posted 30 March 2007 - 05:11 AM

Member

Topic Starter
Member
39 posts

i have put everything back here a HJT log.
Jon

Logfile of HijackThis v1.99.1
Scan saved at 7:10:20 AM, on 3/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\ABIT\ABIT uGuru\uGuru_Event_Receiver.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\tunebite\tunebite.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\WinTV\Ir.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\WinTV\Scheduler\TitanTV.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134070330\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [ABIT uGuru] C:\Program Files\ABIT\ABIT uGuru\uGuru.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [tunebite.exe] C:\Program Files\tunebite\tunebite.exe -hidden
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioDeliveryManager.exe /autostart
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: TitanTV Remote Scheduler.lnk = C:\Program Files\WinTV\Scheduler\TitanTV.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1132188123046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132544193984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - LxrSII1s.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

#13
sari

Posted 09 April 2007 - 02:46 PM

GeekU Admin

Community Leader
21,806 posts

jon21,

I'm sorry for the delay - I was not around much last week and was unable to respond.

I'm not seeing any issues in your log anymore. Are you still having problems, or does everything seem to be resolved?

sari

#14
jon21

Posted 10 April 2007 - 08:11 AM

Member

Topic Starter
Member
39 posts

everything seems to be ok the only thing was when u told me to use windows explorer to get ride of the files below i could not do it.

C:\WINDOWS\system32\q786q.exe
C:\WINDOWS\9129837.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00005.exe
C:\WINDOWS\system32\dpwsock.exe
C:\WINDOWS\system32\cryptext.exe
Jon

#15
sari

Posted 16 April 2007 - 02:40 PM

GeekU Admin

Community Leader
21,806 posts

jon21,

You can delete the SDfix program now - we no longer need it. Your PC is clean.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
[ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Thanks for visiting Geeks to Go!

sari