Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

big file association problems [CLOSED]


  • This topic is locked This topic is locked

#16
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi Its Over,

Good stuff - we finally made some progress there. Lets try running combofix again. First, delete the previous copy of combofix that you downloaded - we will get a fresh version.

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

Advertisements


#17
ITS OVER 9000!

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
same thing happened with combofix... windows wanted me to open nircmd.com then couldnt find regedit then wanted another nircmd.com...

is there a way i can run combofix in command prompt? or should i attach screenshots of exactly what i do to make sure im doing it right?

Edited by ITS OVER 9000!, 22 April 2008 - 02:06 PM.

  • 0

#18
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Lets see what else might be lurking and contributing to the combofix issue.

Download FindAWF.exe from here or here, and save it to your desktop.
  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 1, then press Enter
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

  • 0

#19
ITS OVER 9000!

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
the find the file and then find what to open it with happens with all my programs, but usually i just have to find the main file... ex- to run hijackthis- i go to task manager click new task- then browse and navigate to desktop and then HJT and then ok and run, the windows asks me what to open the file with... i then repeat the process of finding HJT and running it but then it works fine.

heres the log



Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Tue 04/22/2008
The current time is: 21:18:07.06


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DIGITA~1\BAK

10/18/2004 06:05 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/14/2007 07:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

08/04/2004 11:06 AM 1,667,584 msmsgs.exe
1 File(s) 1,667,584 bytes

Directory of C:\PROGRA~1\NORTON~1\BAK

08/17/2004 07:36 PM 132,248 CfgWiz.exe
1 File(s) 132,248 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

11/17/2004 10:21 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

11/15/2005 11:56 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SMINST\BAK

09/13/2002 04:42 PM 212,992 RECGUARD.EXE
1 File(s) 212,992 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/20/2004 07:51 PM 118,784 hkcmd.exe
08/20/2004 07:55 PM 155,648 igfxtray.exe
07/09/2001 03:50 PM 155,648 NeroCheck.exe
3 File(s) 430,080 bytes

Directory of C:\PROGRA~1\AOL\ACTIVE~1\BAK

11/07/2006 03:11 PM 2,500,096 ASMonitor.exe
10/10/2007 07:11 PM 289,280 AVManagerUnified.DLL
2 File(s) 2,789,376 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

08/13/2004 05:17 PM 58,488 ccApp.exe
1 File(s) 58,488 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

10/31/2003 11:42 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

08/10/2007 10:11 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

12/21/2005 11:57 AM 406,016 avgcc.exe
1 File(s) 406,016 bytes

Directory of C:\PROGRA~1\GRISOFT\AVG7\BAK

06/11/2007 12:20 AM 416,256 avgcc.exe
1 File(s) 416,256 bytes

Directory of C:\PROGRA~1\MCAFEE\MCAFEE~1\BAK

10/19/2004 05:00 AM 114,688 MssCli.exe
1 File(s) 114,688 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/17/2004 10:26 PM 245,760 McAgent.ex_
07/29/2004 06:55 PM 139,264 McRegWiz.exe
10/02/2004 08:34 PM 184,320 McUpdate.ex_
3 File(s) 569,344 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\ANTIVI~1\BAK

07/23/2007 09:01 PM 454,656 mcvsescn.exe
07/23/2007 09:01 PM 110,592 oasclnt.exe
2 File(s) 565,248 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

07/23/2007 09:01 PM 987,136 MPfTray.exe
1 File(s) 987,136 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

06/30/2004 01:49 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\DOCUME~1\OWNER\LOCALS~1\TEMP\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 02:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

03/27/2006 11:57 AM 126,104 IPHSend.exe
1 File(s) 126,104 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

06/07/2003 07:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

08/05/2004 02:23 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK

09/16/2005 07:26 AM 155,896 GoogleToolbarNotifier.exe
1 File(s) 155,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 02:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK\BAK

07/23/2007 09:01 PM 245,760 McAgent.exe
07/23/2007 09:01 PM 184,320 McUpdate.exe
2 File(s) 430,080 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112599~1\EE\BAK

05/09/2006 08:24 PM 50,760 AOLSoftware.exe
07/23/2007 09:01 PM 147,456 SSCRun.exe
2 File(s) 198,216 bytes

Directory of C:\_OTMOV~1\MOVEDF~1\042220~1\PROGRA~1\SSTEM3~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112599~1\EE\SERVICES\SAFETY~2\VER210~2\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

135168 Oct 18 2004 "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
116024 Oct 5 2007 "C:\Program Files\Apple Software Update\Packages\iTunesSetupAdmin.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 27 2007 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
1667584 Aug 4 2004 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1667584 Aug 4 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\SoftwareDistribution\Download\561c9bea035f5195ab841bef0d7c79b4\sp2gdr\msmsgs.exe"
132248 Aug 17 2004 "C:\Program Files\Norton AntiVirus\bak\CfgWiz.exe"
98304 Nov 17 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
100056 Nov 15 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
212992 Sep 13 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
118784 Aug 20 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
2861488 Jul 25 2007 "C:\Documents and Settings\Owner\My Documents\ASMonitorSetup_AOL_2.0.0.18.exe"
2500096 Nov 7 2006 "C:\Program Files\AOL\Active Security Monitor\bak\ASMonitor.exe"
289280 Nov 7 2006 "C:\Program Files\AOL\Active Security Monitor\AVManagerUnified.dll"
289280 Oct 10 2007 "C:\Program Files\AOL\Active Security Monitor\bak\AVManagerUnified.DLL"
289280 Oct 10 2007 "C:\Documents and Settings\Owner\Application Data\Sereniti\Active Security Monitor\AVManagerUnified.DLL"
58488 Aug 13 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
32768 Oct 31 2003 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
52272 Feb 17 2007 "C:\Program Files\Google\googletoolbar3user.exe"
138168 Feb 17 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Aug 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
155896 Sep 16 2005 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe"
406016 Dec 21 2005 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
416256 Jun 11 2007 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe"
406016 Dec 21 2005 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
416256 Jun 11 2007 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe"
114688 Oct 19 2004 "C:\Program Files\McAfee\McAfee AntiSpyware\bak\MssCli.exe"
245760 Aug 17 2004 "C:\Program Files\McAfee.com\Agent\bak\McAgent.ex_"
139264 Jul 29 2004 "C:\Program Files\McAfee.com\Agent\bak\McRegWiz.exe"
184320 Oct 2 2004 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.ex_"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McUpdate.exe"
454656 Jul 23 2007 "C:\Program Files\McAfee.com\antivirus\bak\mcvsescn.exe"
110592 Jul 23 2007 "C:\Program Files\McAfee.com\antivirus\bak\oasclnt.exe"
987136 Jul 23 2007 "C:\Program Files\McAfee.com\personal firewall\bak\MPfTray.exe"
99480 Jun 30 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
126104 Mar 27 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
218240 Aug 5 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
52272 Feb 17 2007 "C:\Program Files\Google\googletoolbar3user.exe"
138168 Feb 17 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 Aug 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
155896 Sep 16 2005 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McUpdate.exe"
48280 Mar 8 2006 "C:\Program Files\Common Files\AOL\1125995842\ee\AOLSoftware.exe1134306688"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1125995842\ee\bak\AOLSoftware.exe"
147456 Jul 23 2007 "C:\Program Files\Common Files\AOL\1125995842\ee\bak\SSCRun.exe"


end of report
  • 0

#20
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts

the find the file and then find what to open it with happens with all my programs, but usually i just have to find the main file... ex- to run hijackthis- i go to task manager click new task-


Is this an old problem, or is it something that happened recently when you became infected? Do you have to run all your programs through the task manager? Trying to get a better idea of whats going on.
  • 0

#21
ITS OVER 9000!

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
it happened when all my desktop icons turned to the.lnk files and the other ones became the generic widows icons instead of the normal icons, so im pretty sure the virus caused it
i do have to run all my programs through task manager, and even that only works for .exe files and things that can be opened in notepad as far as i know

Edited by ITS OVER 9000!, 23 April 2008 - 07:15 PM.

  • 0

#22
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi Its Over 9000,

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups then restore them.

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    "C:\Program Files\Digital Media Reader\BAK\shwiconem.exe"
    "C:\Program Files\ITUNES\BAK\iTunesHelper.exe"
    "C:\Program Files\Messenger\BAK\msmsgs.exe"
    "C:\Program Files\Norton AntiVirus\BAK\CfgWiz.exe"
    "C:\Program Files\QuickTime\BAK\qttask.exe"
    "C:\Program Files\SymNetDrv\BAK\SNDMon.exe"
    "C:\WINDOWS\SMINST\BAK\RECGUARD.EXE"
    "C:\WINDOWS\SYSTEM32\BAK\hkcmd.exe"
    "C:\WINDOWS\SYSTEM32\BAK\igfxtray.exe"
    "C:\WINDOWS\SYSTEM32\BAK\NeroCheck.exe"
    "C:\Program Files\AOL\Active Security Monitor\BAK\ASMonitor.exe"
    "C:\Program Files\AOL\Active Security Monitor\BAK\AVManagerUnified.DLL"
    "C:\Program Files\Common Files\Symantec Shared\BAK\ccApp.exe"
    "C:\Program Files\CyberLink\POWERDVD\BAK\PDVDServ.exe"
    "C:\Program Files\GOOGLE\GoogleToolbarNotifier\BAK\GoogleToolbarNotifier.exe"
    "C:\Program Files\GRISOFT\AVG Free\BAK\avgcc.exe"
    "C:\Program Files\GRISOFT\AVG7\BAK\avgcc.exe"
    "C:\Program Files\MCAFEE\McAfee AntiSpyware\BAK\MssCli.exe"
    "C:\Program Files\MCAFEE.COM\AGENT\BAK\McAgent.ex_"
    "C:\Program Files\MCAFEE.COM\AGENT\BAK\McRegWiz.exe"
    "C:\Program Files\MCAFEE.COM\AGENT\BAK\McUpdate.ex_"
    "C:\Program Files\MCAFEE.COM\antivirus\BAK\mcvsescn.exe"
    "C:\Program Files\MCAFEE.COM\antivirus\BAK\oasclnt.exe"
    "C:\Program Files\MCAFEE.COM\personal firewall\BAK\MPfTray.exe"
    "C:\Program Files\Pure Networks\Port Magic\BAK\PortAOL.exe"
    "C:\Program Files\Common Files\AOL\ACS\BAK\AOLDial.exe"
    "C:\Program Files\Common Files\AOL\IPHSEND\BAK\IPHSend.exe"
    "C:\Program Files\Common Files\Microsoft Shared\Works Shared\BAK\WkUFind.exe"
    "C:\Program Files\Common Files\Symantec Shared\Security Center\BAK\UsrPrmpt.exe"
    "C:\Program Files\GOOGLE\GoogleToolbarNotifier\1.0.720.3640\BAK\GoogleToolbarNotifier.exe"
    "C:\Program Files\JAVA\jre1.5.0_07\BIN\BAK\jusched.exe"
    "C:\Program Files\MCAFEE.COM\AGENT\BAK\BAK\McAgent.exe"
    "C:\Program Files\MCAFEE.COM\AGENT\BAK\BAK\McUpdate.exe"
    "C:\Program Files\Common Files\AOL\1125995842\EE\BAK\AOLSoftware.exe"
    "C:\Program Files\Common Files\AOL\1125995842\EE\BAK\SSCRun.exe"


  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 2, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of files to be restored.
  • Right click below this line and select Paste, to paste the list of files copied to the clipboard earlier. Save and close the document.
  • The program will proceed to move the legit files and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

----------------------------------------------------------------

Please download FixWareout from here: http://downloads.sub.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. If your firewall gives an alert, (because this tool will download an additional file from the internet), please don't let your firewall block it, but allow it instead.
Then you will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
Once the desktop loads please post the text that will open (report.txt) and a new Hijackthis log

----------------------------------------------------------------

Information to include in your next post:
  • FindAWF Log
  • FixWareout Log

  • 0

#23
ITS OVER 9000!

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
heres the awf.txt


Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

The current date is: Thu 04/24/2008
The current time is: 14:17:28.31


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DIGITA~1\BAK

10/18/2004 06:05 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/14/2007 07:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

08/04/2004 11:06 AM 1,667,584 msmsgs.exe
1 File(s) 1,667,584 bytes

Directory of C:\PROGRA~1\NORTON~1\BAK

08/17/2004 07:36 PM 132,248 CfgWiz.exe
1 File(s) 132,248 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

11/17/2004 10:21 AM 98,304 qttask.exe
1 File(s) 98,304 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

11/15/2005 11:56 AM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SMINST\BAK

09/13/2002 04:42 PM 212,992 RECGUARD.EXE
1 File(s) 212,992 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/20/2004 07:51 PM 118,784 hkcmd.exe
08/20/2004 07:55 PM 155,648 igfxtray.exe
07/09/2001 03:50 PM 155,648 NeroCheck.exe
3 File(s) 430,080 bytes

Directory of C:\PROGRA~1\AOL\ACTIVE~1\BAK

11/07/2006 03:11 PM 2,500,096 ASMonitor.exe
10/10/2007 07:11 PM 289,280 AVManagerUnified.DLL
2 File(s) 2,789,376 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

08/13/2004 05:17 PM 58,488 ccApp.exe
1 File(s) 58,488 bytes

Directory of C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

10/31/2003 11:42 PM 32,768 PDVDServ.exe
1 File(s) 32,768 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

08/10/2007 10:11 PM 68,856 GoogleToolbarNotifier.exe
1 File(s) 68,856 bytes

Directory of C:\PROGRA~1\GRISOFT\AVGFRE~1\BAK

12/21/2005 11:57 AM 406,016 avgcc.exe
1 File(s) 406,016 bytes

Directory of C:\PROGRA~1\GRISOFT\AVG7\BAK

06/11/2007 12:20 AM 416,256 avgcc.exe
1 File(s) 416,256 bytes

Directory of C:\PROGRA~1\MCAFEE\MCAFEE~1\BAK

10/19/2004 05:00 AM 114,688 MssCli.exe
1 File(s) 114,688 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

08/17/2004 10:26 PM 245,760 McAgent.ex_
07/23/2007 09:01 PM 245,760 McAgent.exe
07/29/2004 06:55 PM 139,264 McRegWiz.exe
10/02/2004 08:34 PM 184,320 McUpdate.ex_
07/23/2007 09:01 PM 184,320 McUpdate.exe
5 File(s) 999,424 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\ANTIVI~1\BAK

07/23/2007 09:01 PM 454,656 mcvsescn.exe
07/23/2007 09:01 PM 110,592 oasclnt.exe
2 File(s) 565,248 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\PERSON~1\BAK

07/23/2007 09:01 PM 987,136 MPfTray.exe
1 File(s) 987,136 bytes

Directory of C:\PROGRA~1\PURENE~1\PORTMA~1\BAK

06/30/2004 01:49 PM 99,480 PortAOL.exe
1 File(s) 99,480 bytes

Directory of C:\DOCUME~1\OWNER\LOCALS~1\TEMP\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 02:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\IPHSEND\BAK

03/27/2006 11:57 AM 126,104 IPHSend.exe
1 File(s) 126,104 bytes

Directory of C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\BAK

06/07/2003 07:32 AM 50,688 WkUFind.exe
1 File(s) 50,688 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

08/05/2004 02:23 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\GOOGLE\GOOGLE~1\10720~1.364\BAK

09/16/2005 07:26 AM 155,896 GoogleToolbarNotifier.exe
1 File(s) 155,896 bytes

Directory of C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

05/03/2006 02:56 AM 36,975 jusched.exe
1 File(s) 36,975 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK\BAK

07/23/2007 09:01 PM 245,760 McAgent.exe
07/23/2007 09:01 PM 184,320 McUpdate.exe
2 File(s) 430,080 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112599~1\EE\BAK

05/09/2006 08:24 PM 50,760 AOLSoftware.exe
07/23/2007 09:01 PM 147,456 SSCRun.exe
2 File(s) 198,216 bytes

Directory of C:\_OTMOV~1\MOVEDF~1\042220~1\PROGRA~1\SSTEM3~1\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\112599~1\EE\SERVICES\SAFETY~2\VER210~2\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

135168 Oct 18 2004 "C:\Program Files\Digital Media Reader\shwiconem.exe"
135168 Oct 18 2004 "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
116024 Oct 5 2007 "C:\Program Files\Apple Software Update\Packages\iTunesSetupAdmin.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 27 2007 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
1667584 Aug 4 2004 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1667584 Aug 4 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\SoftwareDistribution\Download\561c9bea035f5195ab841bef0d7c79b4\sp2gdr\msmsgs.exe"
132248 Aug 17 2004 "C:\Program Files\Norton AntiVirus\CfgWiz.exe"
132248 Aug 17 2004 "C:\Program Files\Norton AntiVirus\bak\CfgWiz.exe"
98304 Nov 17 2004 "C:\Program Files\QuickTime\qttask.exe"
98304 Nov 17 2004 "C:\Program Files\QuickTime\bak\qttask.exe"
100056 Nov 15 2005 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 Nov 15 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
212992 Sep 13 2002 "C:\WINDOWS\SMINST\RECGUARD.EXE"
212992 Sep 13 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
118784 Aug 20 2004 "C:\WINDOWS\system32\hkcmd.exe"
118784 Aug 20 2004 "C:\WINDOWS\system32\bak\hkcmd.exe"
155648 Aug 20 2004 "C:\WINDOWS\system32\igfxtray.exe"
155648 Aug 20 2004 "C:\WINDOWS\system32\bak\igfxtray.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\NeroCheck.exe"
155648 Jul 9 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
2861488 Jul 25 2007 "C:\Documents and Settings\Owner\My Documents\ASMonitorSetup_AOL_2.0.0.18.exe"
2500096 Nov 7 2006 "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
2500096 Nov 7 2006 "C:\Program Files\AOL\Active Security Monitor\bak\ASMonitor.exe"
289280 Oct 10 2007 "C:\Program Files\AOL\Active Security Monitor\AVManagerUnified.DLL"
289280 Oct 10 2007 "C:\Program Files\AOL\Active Security Monitor\bak\AVManagerUnified.DLL"
289280 Oct 10 2007 "C:\Documents and Settings\Owner\Application Data\Sereniti\Active Security Monitor\AVManagerUnified.DLL"
58488 Aug 13 2004 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
58488 Aug 13 2004 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
32768 Oct 31 2003 "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
32768 Oct 31 2003 "C:\Program Files\CyberLink\PowerDVD\bak\PDVDServ.exe"
52272 Feb 17 2007 "C:\Program Files\Google\googletoolbar3user.exe"
68856 Aug 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Feb 17 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
155896 Sep 16 2005 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
68856 Aug 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
155896 Sep 16 2005 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe"
406016 Dec 21 2005 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
416256 Jun 11 2007 "C:\Program Files\Grisoft\AVG7\avgcc.exe"
406016 Dec 21 2005 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
416256 Jun 11 2007 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe"
406016 Dec 21 2005 "C:\Program Files\Grisoft\AVG Free\avgcc.exe"
416256 Jun 11 2007 "C:\Program Files\Grisoft\AVG7\avgcc.exe"
406016 Dec 21 2005 "C:\Program Files\Grisoft\AVG Free\bak\avgcc.exe"
416256 Jun 11 2007 "C:\Program Files\Grisoft\AVG7\bak\avgcc.exe"
114688 Oct 19 2004 "C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe"
114688 Oct 19 2004 "C:\Program Files\McAfee\McAfee AntiSpyware\bak\MssCli.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\McAgent.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
245760 Aug 17 2004 "C:\Program Files\McAfee.com\Agent\McAgent.ex_"
245760 Aug 17 2004 "C:\Program Files\McAfee.com\Agent\bak\McAgent.ex_"
139264 Jul 29 2004 "C:\Program Files\McAfee.com\Agent\McRegWiz.exe"
139264 Jul 29 2004 "C:\Program Files\McAfee.com\Agent\bak\McRegWiz.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McUpdate.exe"
184320 Oct 2 2004 "C:\Program Files\McAfee.com\Agent\McUpdate.ex_"
184320 Oct 2 2004 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.ex_"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\McAgent.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McUpdate.exe"
454656 Jul 23 2007 "C:\Program Files\McAfee.com\antivirus\mcvsescn.exe"
454656 Jul 23 2007 "C:\Program Files\McAfee.com\antivirus\bak\mcvsescn.exe"
110592 Jul 23 2007 "C:\Program Files\McAfee.com\antivirus\oasclnt.exe"
110592 Jul 23 2007 "C:\Program Files\McAfee.com\antivirus\bak\oasclnt.exe"
987136 Jul 23 2007 "C:\Program Files\McAfee.com\personal firewall\MPfTray.exe"
987136 Jul 23 2007 "C:\Program Files\McAfee.com\personal firewall\bak\MPfTray.exe"
99480 Jun 30 2004 "C:\Program Files\Pure Networks\Port Magic\PortAOL.exe"
99480 Jun 30 2004 "C:\Program Files\Pure Networks\Port Magic\bak\PortAOL.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
126104 Mar 27 2006 "C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe"
126104 Mar 27 2006 "C:\Program Files\Common Files\AOL\IPHSend\bak\IPHSend.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe"
50688 Jun 7 2003 "C:\Program Files\Common Files\Microsoft Shared\Works Shared\bak\WkUFind.exe"
218240 Aug 5 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Aug 5 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
52272 Feb 17 2007 "C:\Program Files\Google\googletoolbar3user.exe"
68856 Aug 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 Feb 17 2007 "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
155896 Sep 16 2005 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe"
68856 Aug 10 2007 "C:\Program Files\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
155896 Sep 16 2005 "C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\bak\GoogleToolbarNotifier.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
36975 May 3 2006 "C:\Program Files\Java\jre1.5.0_07\bin\bak\jusched.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\McAgent.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\McUpdate.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McUpdate.exe"
48280 Mar 8 2006 "C:\Program Files\Common Files\AOL\1125995842\ee\AOLSoftware.exe1134306688"
50760 May 9 2006 "C:\Program Files\Common Files\AOL\1125995842\ee\bak\AOLSoftware.exe"
147456 Jul 23 2007 "C:\Program Files\Common Files\AOL\1125995842\ee\SSCRun.exe"
147456 Jul 23 2007 "C:\Program Files\Common Files\AOL\1125995842\ee\bak\SSCRun.exe"


end of report

i will edit this later when my comp restarts

edit: the installer didnt run fixit automatically, so i used task manager to run it... i recognized spyvampire, since i had that before...
also when rebooting i got a screen that said one of my diskss needs to be checked for consistency, which i skipped because i wasnt sure if it would do anything to the log, which didnt open automatically after reboot, but i think i found it so here it is-

Username "Owner" - 04/24/2008 14:30:37 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="cscrp.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.43 85.255.112.165" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{2FB00B36-F128-4C92-AEFC-70325BA98A00}
"nameserver"="85.255.114.43,85.255.112.165" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{727434ED-766F-4DB8-90B0-888440375C0C}
"nameserver"="85.255.114.43,85.255.112.165" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8669EF29-E7AE-439C-8F73-ED7F45015D0D}
"nameserver"="85.255.114.43,85.255.112.165" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{ED11CF94-1EC9-48E3-B3ED-FC22BF856350}
"nameserver"="85.255.114.43,85.255.112.165" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{727434ED-766F-4DB8-90B0-888440375C0C}
"DhcpNameServer"="85.255.114.43,85.255.112.165" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{8669EF29-E7AE-439C-8F73-ED7F45015D0D}
"DhcpNameServer"="85.255.114.43,85.255.112.165" <Value cleared.

Successfully flushed the DNS Resolver Cache.


and heres the fresh hjt log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:37:52 PM, on 4/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1125995842\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\bak\McAgent.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1125995842\ee\SSCRun.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\bak\McUpdate.exe
O4 - HKLM\..\Run: [ASM] "C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe" HIDEMAIN
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AIMPro] "c:\documents and settings\owner\my documents\aimpro.exe"
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-2881254983-1111466251-1571788450-1003\..\Run: [DDriver] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CDriver] (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DDriver] (User '?')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Oemreset(2).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(3).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(4).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset(5).lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O4 - Global Startup: Oemreset.lnk = C:\WINDOWS\OPTIONS\OemReset.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1192926817140
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1185590329843
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...159/mcfscan.cab
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O21 - SSODL: IEFilter - {95B43733-1D3F-44FE-B1EC-28A828214583} - C:\WINDOWS\system32\IEFilter.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1125995842\ee\services\safetyCore\ver210_5_4_1\aolavupd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe (file missing)
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: McAfee AntiSpyware Real-Time Scanner (McAfeeAntiSpyware) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee AntiSpyware\Msssrv.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Service - Unknown owner - C:\WINDOWS\system32\Service.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

--
End of file - 9733 bytes

making good progress?

Edited by ITS OVER 9000!, 24 April 2008 - 12:38 PM.

  • 0

#24
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts
Hi Its Over 9000,

We are definately making progress. Your machine was very heavily infected, but we have dealt with several of the infections now. Let me know if you start seeing any performance improvements.

Spyvampire is a rogue anti-spyware program. If you still have it on your computer, it should be removed. See this site for more details: http://www.spywarewa...nti-spyware.htm

It also appears that you have three AntiVirus programs installed (AVG, Norton, McAfee). Running two, or more, anti-virus programs in real time can cause conflicts resulting in less, not more, protection - or system problems. Two should be removed immediately. Personally, I would keep AVG and remove Norton and McAfee, but the choice is ultimately yours.

----------------------------------------------------------------

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Documents and Settings\OWNER\LOCAL SETTINGS\TEMP\BAK
    C:\_OTMOVEIT1\MOVED FILES\042220~1\Program Files\SSTEM3~1\BAK
    C:\Program Files\Common Files\AOL\112599~1\EE\SERVICES\SAFETY~2\VER210~2\BAK
    C:\Program Files\Norton AntiVirus\BAK
    C:\Program Files\QuickTime\BAK
    C:\Program Files\SymNetDrv\BAK
    C:\WINDOWS\SMINST\BAK
    C:\WINDOWS\SYSTEM32\BAK
    C:\WINDOWS\SYSTEM32\BAK
    C:\WINDOWS\SYSTEM32\BAK
    C:\Program Files\AOL\Active Security Monitor\BAK
    C:\Program Files\AOL\Active Security Monitor\BAK
    C:\Program Files\Common Files\Symantec Shared\BAK
    C:\Program Files\CyberLink\POWERDVD\BAK
    C:\Program Files\GOOGLE\GoogleToolbarNotifier\BAK
    C:\Program Files\GRISOFT\AVG Free\BAK
    C:\Program Files\GRISOFT\AVG7\BAK
    C:\Program Files\MCAFEE\McAfee AntiSpyware\BAK
    C:\Program Files\MCAFEE.COM\AGENT\BAK
    C:\Program Files\MCAFEE.COM\AGENT\BAK
    C:\Program Files\MCAFEE.COM\AGENT\BAK
    C:\Program Files\MCAFEE.COM\antivirus\BAK
    C:\Program Files\MCAFEE.COM\antivirus\BAK
    C:\Program Files\MCAFEE.COM\personal firewall\BAK
    C:\Program Files\Pure Networks\Port Magic\BAK
    C:\Program Files\Common Files\AOL\ACS\BAK
    C:\Program Files\Common Files\AOL\IPHSEND\BAK
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\BAK
    C:\Program Files\Common Files\Symantec Shared\Security Center\BAK
    C:\Program Files\GOOGLE\GoogleToolbarNotifier\1.0.720.3640\BAK
    C:\Program Files\JAVA\jre1.5.0_07\BIN\BAK
    C:\Program Files\MCAFEE.COM\AGENT\BAK\BAK
    C:\Program Files\MCAFEE.COM\AGENT\BAK\BAK
    C:\Program Files\Common Files\AOL\1125995842\EE\BAK
    C:\Program Files\Common Files\AOL\1125995842\EE\BAK


  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 3, then press Enter.
  • Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the bad folders and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

----------------------------------------------------------------

Information to include in your next post:
  • FindAWF Log
  • Try rerunning DSS again (instructions in Post #2) and if it works post the main.txt and extra.txt

  • 0

#25
ITS OVER 9000!

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
haha i started this topic after bitdefender found 100+ infected files and its good to know that this is working
what if none of them work? (they dont) theres no active protection and i dont think i can open any of them


heres the findawf


Find AWF report by noahdfear ©2006
Version 1.40
Option 3 run successfully

The current date is: Thu 04/24/2008
The current time is: 18:24:54.85


bak folders found
~~~~~~~~~~~


Directory of C:\PROGRA~1\DIGITA~1\BAK

10/18/2004 06:05 PM 135,168 shwiconem.exe
1 File(s) 135,168 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

03/14/2007 07:05 PM 257,088 iTunesHelper.exe
1 File(s) 257,088 bytes

Directory of C:\PROGRA~1\MESSEN~1\BAK

08/04/2004 11:06 AM 1,667,584 msmsgs.exe
1 File(s) 1,667,584 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\AOL\ACS\BAK

04/18/2005 02:38 PM 71,256 AOLDial.exe
1 File(s) 71,256 bytes

Directory of C:\PROGRA~1\MCAFEE.COM\AGENT\BAK\BAK

07/23/2007 09:01 PM 245,760 McAgent.exe
07/23/2007 09:01 PM 184,320 McUpdate.exe
2 File(s) 430,080 bytes

Directory of C:\_OTMOV~1\MOVEDF~1\042220~1\PROGRA~1\SSTEM3~1\BAK

0 File(s) 0 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

135168 Oct 18 2004 "C:\Program Files\Digital Media Reader\shwiconem.exe"
135168 Oct 18 2004 "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
116024 Oct 5 2007 "C:\Program Files\Apple Software Update\Packages\iTunesSetupAdmin.exe"
257088 Mar 14 2007 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
102400 Mar 27 2007 "C:\WINDOWS\Installer\{AB90749C-7422-4580-8A7A-66CC5E9E5F98}\iTunesIco.exe"
116288 Mar 14 2007 "C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.1.1.5\iTunesSetupAdmin.exe"
1667584 Aug 4 2004 "C:\Program Files\Messenger\msmsgs.exe"
1667584 Aug 4 2004 "C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe"
1667584 Aug 4 2004 "C:\Program Files\Messenger\bak\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe"
1694208 Oct 13 2004 "C:\WINDOWS\SoftwareDistribution\Download\561c9bea035f5195ab841bef0d7c79b4\sp2gdr\msmsgs.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McUpdate.exe"
71216 Oct 23 2006 "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"
71256 Apr 18 2005 "C:\Program Files\Common Files\AOL\ACS\bak\AOLDial.exe"
245760 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McAgent.exe"
184320 Jul 23 2007 "C:\Program Files\McAfee.com\Agent\bak\bak\McUpdate.exe"


end of report

i will edit if the dss works
edit: dss has encountered a problem and needs to close- it didnt work

Edited by ITS OVER 9000!, 24 April 2008 - 04:41 PM.

  • 0

Advertisements


#26
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts

haha i started this topic after bitdefender found 100+ infected files and its good to know that this is working
what if none of them work? (they dont) theres no active protection and i dont think i can open any of them


I dont follow what you mean here. Can you explain? Whats not working? Are you saying you cant uninstall the AVs?

Lets give ComboFix a shot and see if that will work. If it doesnt then we will go another route.
  • 0

#27
ITS OVER 9000!

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
well you know how if your AV protection is enabled, theres usually an icon or some indication
i dont have any of that so i assume the AV programs are inactive

im not sure if i can fully uninstall them either because my add or remove programs tool isnt working

combofix still isnt working
  • 0

#28
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts

well you know how if your AV protection is enabled, theres usually an icon or some indication
i dont have any of that so i assume the AV programs are inactive

Thanks for the clarification - I understand now. Judging from the HiJackThis Log there are components of all three running, so we need to get rid of two of them, as this could actually be part of the problem. To get rid of Norton download the removal tool and follow the instructions here. For McAfee, download the tool and follow the instructions here.

Do you have your windows xp disk?

----------------------------------------------------------------

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    "C:\Program Files\Digital Media Reader\bak\shwiconem.exe"
    "C:\Program Files\iTunes\bak\iTunesHelper.exe"
    "C:\Program Files\Messenger\bak\msmsgs.exe"
    "C:\Program Files\McAfee.com\Agent\bak"


  • Double-click on the FindAWF.exe file to run it.
  • It will open a command prompt and ask you to "Press any key to continue".
  • You will be presented with a Menu.

    1. Press 1 then Enter to scan for bak folders
    2. Press 2 then Enter to restore files from bak folders
    3. Press 3 then Enter to remove bak folders
    4. Press 4 then Enter to reset domain zones
    5. Press E then Enter to EXIT

  • Press 3, then press Enter.
    [*Press any key to continue.
  • A Notepad document FindAWF.txt will appear with instructions to click below the line and paste the list of folders to be removed.
  • Right click below this line and select Paste, to paste the list of folders copied to the clipboard earlier. Save and close the document.
  • The program will proceed to remove the bad folders and will perform another scan for .bak folder
  • It may take a few minutes to complete so be patient.
  • When it is complete, it will open a text file in notepad called AWF.txt.
  • Please copy and paste the contents of the AWF.txt file in your next reply.

----------------------------------------------------------------

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

----------------------------------------------------------------

Information to include in your next post:
  • FindAWF Log
  • Kapersky Scan Log

  • 0

#29
ITS OVER 9000!

ITS OVER 9000!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
i will try that in a minute... im not sure what norton antivirus i have though, and the mcafee one needs the use of add/remove programs
by windows xp disk you mean the one used in reformatting? i dont think i have it :)

the findawf finished but there was a brownout in my town and now i cant find the log

and kaspersky is still "initializing"

edit: Failed to load Kaspersky Online Scanner ActiveX control!

You must have administrative rights on this computer;
you also must have the IE security settings to the Medium level.
that error message popped up

Edited by ITS OVER 9000!, 25 April 2008 - 11:10 AM.

  • 0

#30
Stamper19

Stamper19

    Trusted Helper

  • Retired Staff
  • 1,991 posts

by windows xp disk you mean the one used in reformatting? i dont think i have it

Yep - If you dont have it, do you know if you could borrow one?

You must have administrative rights on this computer;

Do you have administrative rights?

Lets try running a different scanner.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP