Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System Lagging


  • Please log in to reply

#1
Jimmyscorn

Jimmyscorn

    New Member

  • Member
  • Pip
  • 5 posts
Just recently my computer began running pretty slow. all my programs and games seem to be working fine, but when i'm on the internet the repsonse time from when i click a link to the time that it actually responds is like 3 or 4 seconds. and this happenes anytime i'm on the internet. Also when closing web pages, after i click the X it doesnt close for at least 5 seconds. Pretty frustrating and it's never dont this before. even though it may be a given, i do have DSL internet.
Any help would be great.
Specs:
AMD 64 2.6GHZ
radeon 9200
160GB HDD
40GB HDD


Logfile of HijackThis v1.99.1
Scan saved at 11:25:17 AM, on 7/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180...ZWDLManager.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148855734968
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,662 posts
Hello Jimmyscorn and welcome to G2G. I don't see any relevant malware in your log, let's run a couple of scans and take a closer look.

SUPERAntiSpyware Home Edition (free version) Download [/b]- Home Page

1. Install it and double-click the icon on your desktop to run it.
2. It will ask if you want to update the program definitions, click Yes.
3. Under Configuration and Preferences, click the Preferences button.
4. Click the Scanning Control tab.
5. Under Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Please leave the others unchecked.
5. Click the Close button to leave the control center screen.
6. On the main screen, under Scan for Harmful Software click Scan your computer.
7. On the left check C:\Fixed Drive.
8. On the right, under Complete Scan, choose Perform Complete Scan.
9. Click Next to start the scan. Please be patient while it scans your computer.
10. After the scan is complete a summary box will appear. Click OK.
11. Make sure everything in the white box has a check next to it, then click Next.
12. It will quarantine what it found and if it asks if you want to reboot, click Yes.
13. To retrieve the removal information for me please do the following:
1. After reboot, double-click the SUPERAntispyware icon on your desktop.
2. Click Preferences. Click the Statistics/Logs tab.
3. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
4. It will open in your default text editor (such as Notepad/Wordpad).
5. Please highlight everything in the notepad, then right-click and choose copy.
14. Click close and close again to exit the program.
15. Save the log information. If needed (still infected) paste this info along with your HijackThis log.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, [b]then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0

#3
Jimmyscorn

Jimmyscorn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Before i begin i just want to say thank you for looking at my post and helping me.
here is the Super Antispyware scan log. and below that will be the panda's activescan log.

SUPERAntiSpyware Scan Log
Generated 07/17/2007 at 01:10 PM

Application Version : 3.6.1000

Core Rules Database Version : 3270
Trace Rules Database Version: 1281

Scan type : Complete Scan
Total Scan Time : 02:44:46

Memory items scanned : 568
Memory threats detected : 0
Registry items scanned : 7179
Registry threats detected : 10
File items scanned : 174493
File threats detected : 302

Trojan.SmitFraud Variant
HKU\S-1-5-21-1482476501-1614895754-725345543-1003\Software\Classes\CLSID\{8dc1f789-e073-4363-b40d-07376bc5ecc5}
HKCR\CLSID\{8DC1F789-E073-4363-B40D-07376BC5ECC5}
HKCR\CLSID\{8DC1F789-E073-4363-B40D-07376BC5ECC5}\InProcServer32
HKCR\CLSID\{8DC1F789-E073-4363-B40D-07376BC5ECC5}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\HZCLQHC.DLL
HKU\S-1-5-21-1482476501-1614895754-725345543-1003\Software\Classes\CLSID\{f85e05f5-667e-41b0-ab8a-147337a99e65}
HKCR\CLSID\{F85E05F5-667E-41B0-AB8A-147337A99E65}
HKCR\CLSID\{F85E05F5-667E-41B0-AB8A-147337A99E65}\InProcServer32
HKCR\CLSID\{F85E05F5-667E-41B0-AB8A-147337A99E65}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\XUEFH.DLL
HKCR\CLSID\{8DC1F789-E073-4363-B40D-07376BC5ECC5}
HKCR\CLSID\{F85E05F5-667E-41B0-AB8A-147337A99E65}

Adware.Tracking Cookie
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected]_6l6d[1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][3].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][1].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\DOCUME~1\Admin\LOCALS~1\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][3].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected]el4[1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected]ashgames[1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][3].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\administr[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt

Trojan.Security Toolbar
C:\Documents and Settings\Admin\Favorites\Antivirus Test Online.url

Unclassified.Unknown Origin
C:\PROGRAM FILES\MYTEAM\MYJAL APOLLO EDITION\KEYGEN.NFO
C:\PROGRAM FILES\WINRAR\KEYGEN.NFO

Adware.ClickSpring/MediaTickets
D:\WINNT\MTUNINST.EXE








PANDA ACTIVE SCAN LOG


Incident Status Location

Adware:adware/cashsaver Not disinfected c:\windows\system32\CSUninstall.exe
Adware:adware/spywarequake Not disinfected c:\windows\system32\1024\ld4CAE.tmp
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.com.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.landing.domainsponsor.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.stat.onestat.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\k7i4g0bv.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][4].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Admin\Cookies\[email protected][2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\admi[email protected][1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Admin\Local Settings\Temp\Cookies\[email protected][1].txt
Virus:Generic Malware Disinfected C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.047
Potentially unwanted tool:Application/DSScan.A Not disinfected D:\bob\Tools\DSScan.exe
Potentially unwanted tool:Application/Leaktest.A Not disinfected D:\bob\Tools\leaktest.exe
Virus:Generic Malware Disinfected D:\bob\Tools\NetSchedScan.exe
Potentially unwanted tool:Application/Psexec.A Not disinfected D:\bob\Tools\psexec.exe
Potentially unwanted tool:Application/Pskill.A Not disinfected D:\bob\Tools\pskill.exe
Hacktool:Hacktool/ScanLine Not disinfected D:\bob\Tools\sl.exe
Spyware:Cookie/did-it Not disinfected D:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/888 Not disinfected D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
Spyware:Cookie/Cd Freaks Not disinfected D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Advnt Not disinfected D:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt
Virus:Generic Trojan Disinfected D:\Program Files\Valve\Steam\hijack_hl2.exe
Adware:Adware/NetPals Not disinfected D:\WINNT\Downloaded Program Files\ATPartners.inf
  • 0

#4
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,662 posts
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    D:\Program Files\Valve\Steam\hijack_hl2.exe
    D:\WINNT\Downloaded Program Files\ATPartners.inf
    D:\bob\Tools\NetSchedScan.exe
    C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll
    C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.047
    c:\windows\system32\CSUninstall.exe
    c:\windows\system32\1024\ld4CAE.tmp

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")


Download and install CleanUp!
NOTE: Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files (if present)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to log-off/reboot at the end, if it does please do so.

Click "Exit" to close OTMoveIt.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
Jimmyscorn

Jimmyscorn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here is the OT MOVE IT log.


File/Folder D:\Program Files\Valve\Steam\hijack_hl2.exe not found.
D:\WINNT\Downloaded Program Files\ATPartners.inf moved successfully.
File/Folder D:\bob\Tools\NetSchedScan.exe not found.
File/Folder C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll not found.
C:\Program Files\Common Files\Totem Shared\Update\WindowsEx.dll.047 moved successfully.
c:\windows\system32\CSUninstall.exe moved successfully.
c:\windows\system32\1024\ld4CAE.tmp moved successfully.

Created on 07/18/2007 11:29:31




And here is the COMBO FIX LOG

"Admin" - 2007-07-18 11:37:53 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\sfsync02.dll


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_SFSYNC02
-------\sfsync02


((((((((((((((((((((((((( Files Created from 2007-06-18 to 2007-07-18 )))))))))))))))))))))))))))))))


2007-07-18 11:37 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-17 15:09 8,576 --a------ C:\WINDOWS\system32\drivers\gepyidlbywge.sys
2007-07-17 15:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-07-17 10:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-07-17 10:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-17 10:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\SUPERAntiSpyware.com
2007-07-17 10:22 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\SUPERAntiSpyware.com
2007-07-12 11:24 488,144 --a------ C:\HJTsetup.exe
2007-07-09 15:06 <DIR> d-------- C:\Program Files\Ubisoft
2007-07-09 14:21 1 --a------ C:\DOCUME~1\Admin\SI.bin
2007-07-09 13:42 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\ATI
2007-07-09 12:40 <DIR> dr-h----- C:\DOCUME~1\Admin\APPLIC~1\SecuROM
2007-07-09 12:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
2007-07-06 00:40 <DIR> d-------- C:\Program Files\FLVPlayer
2007-06-28 11:13 <DIR> d-------- C:\Program Files\MTX Mototrax
2007-06-27 10:59 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-06-27 10:53 <DIR> d-------- C:\DOCUME~1\Admin\APPLIC~1\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 19:46:52 -------- d-----w C:\Program Files\Norton 360
2007-07-17 19:43:32 -------- d-----w C:\Program Files\MagicISO
2007-07-17 19:41:51 -------- d-----w C:\Program Files\iTunes
2007-07-17 19:41:21 -------- d-----w C:\Program Files\Google
2007-07-17 19:39:34 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-17 19:35:05 -------- d-----w C:\Program Files\Ares
2007-07-16 18:57:56 -------- d-----w C:\Program Files\PartyGaming.Net
2007-07-16 18:57:11 -------- d-----w C:\Program Files\PokerStars
2007-07-09 19:06:06 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-09 17:38:17 -------- d-----w C:\Program Files\ATI Technologies
2007-07-09 16:40:06 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 16:11:38 -------- d-----w C:\Program Files\Replay AV 8
2007-06-13 15:59:55 737,280 ----a-w C:\WINDOWS\iun6002.exe
2007-06-13 15:59:55 -------- d-----w C:\Program Files\Replay Converter
2007-06-08 17:34:21 -------- d-----w C:\Program Files\Advanced Sound Recorder
2007-06-06 21:42:27 36,604 ----a-w C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2007-06-06 21:42:27 131,072 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-06-06 21:41:42 -------- d-----w C:\Program Files\BitPim
2007-06-06 21:05:46 -------- d-----w C:\Program Files\Free Audio Pack
2007-06-06 20:59:27 -------- d-----w C:\Program Files\intelliScore Ensemble WAV to MIDI Converter Demo
2007-06-06 20:37:27 200 ----a-w C:\WINDOWS\QCPC60UI.dat
2007-06-01 09:49:07 -------- d-----w C:\DOCUME~1\Admin\APPLIC~1\Symantec
2007-06-01 03:56:43 -------- d-----w C:\Program Files\Symantec
2007-06-01 03:56:42 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-06-01 03:56:42 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-06-01 03:56:42 48,776 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-01 03:56:42 115,000 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-01 03:41:05 76,300,260 ----a-w C:\final reg.reg
2007-05-28 14:23:10 -------- d-----w C:\Program Files\coolpro2
2007-05-20 05:27:03 -------- d-----w C:\Program Files\Easy Gradebook
2007-05-12 04:23:06 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
2007-02-18 15:22 97960 -ra------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2006-10-17 16:04 2120768 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-01-21 21:51]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 17:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39]

C:\DOCUME~1\Admin\STARTM~1\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"=0 (0x0)
"NoLogoff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"="C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 12:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll --a------ 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]
"C:\Program Files\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\mobile PhoneTools\WatchDog.exe

*Newly Created Service* - COMHOST

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-18 11:43:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-18 11:45:55 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-18 11:45

--- E O F ---






And last but not least, the Hijack This Log


Logfile of HijackThis v1.99.1
Scan saved at 11:49:30 AM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180...ZWDLManager.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148855734968
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#6
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,662 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.c.../acclaim_v4.cab

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. And post a fresh HJT report in your next reply.

You have a file that I know absolutely nothing about, let's have it analyzed and see what it comes back with.

Have OTMoveIt remove this file:

C:\WINDOWS\iun6002.exe


Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
    • C:\WINDOWS\system32\drivers\gepyidlbywge.sys
  • Click on the submit button
  • Please post the results in your next reply.
Other then that, everything else looks good. How are things running???
  • 0

#7
Jimmyscorn

Jimmyscorn

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
OK here's the HiJack this log

Logfile of HijackThis v1.99.1
Scan saved at 11:36:14 PM, on 7/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A595EDD-978A-48C7-B730-AF3B9CC64DAB} (DLManager Class) - http://63.251.81.180...ZWDLManager.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com...ageUploader.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1148855734968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




and as for the results of the Jotti file scan. it found nothing.
Things seem to be runnin a little bit smoother. so i guess i owe you a thank you.
  • 0

#8
racenutalways

racenutalways

    Member 1K

  • Retired Staff
  • 1,662 posts
Glad to hear everything is running smoothly. Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free :whistling:

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Tiny Personal Firewall

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox, or opera.

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP