Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trying to Clean Up Computer, Having issues-no specific Virus [CLOSED]


  • This topic is locked This topic is locked

#1
RileyLex

RileyLex

    Member

  • Member
  • PipPip
  • 11 posts
I want to know what from my Hijack This log is safe to remove. I want to get rid of anything that I do not need to hopefully speed up the computer and keep it from crashing. I keep getting a blue screen that says, "dumping physical memory and it is counting."


I have followed the steps you asked us to do before posting this log. My results are as follows.


Active Scan Results

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-12 22:37:13
PROTECTIONS: 1
MALWARE: 44
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
CA Anti-Virus 8.4.0.24 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00018331 adware/gator Adware No 0 Yes No c:\winnt\gatorhdplugin.log-old.log
00048504 spyware/whazit Spyware No 1 Yes No c:\winnt\system32\fiz1
00048504 spyware/whazit Spyware No 1 Yes No c:\winnt\system32\kyf.dat
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.trafficmp.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.casalemedia.com/]
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.casalemedia.com/]
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.doubleclick.net/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.atdmt.com/]
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.atdmt.com/]
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.tradedoubler.com/]
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.247realmedia.com/]
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.bfast.com/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.fastclick.net/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.tribalfusion.com/]
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.tribalfusion.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.mediaplex.com/]
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.mediaplex.com/]
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.revenue.net/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[stats1.clicktracks.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[stats1.clicktracks.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[stats1.clicktracks.com/]
00167665 Cookie/Clicktracks TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[stats1.clicktracks.com/]
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[landing.domainsponsor.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.statcounter.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.statcounter.com/]
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.perf.overture.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[ad.yieldmanager.com/]
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[ad.yieldmanager.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.apmebf.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.burstnet.com/]
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.burstnet.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.bs.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.bs.serving-sys.com/]
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[www.burstbeacon.com/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.as-us.falkag.net/]
00168101 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.as-us.falkag.net/]
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.adtech.de/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[server.iad.liveperson.net/hc/41409448]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[server.iad.liveperson.net/hc/86859256]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[server.iad.liveperson.net/]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[server.iad.liveperson.net/hc/7172376]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[server.iad.liveperson.net/hc/41409448]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[server.iad.liveperson.net/hc/7172376]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[server.iad.liveperson.net/hc/78354878]
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[server.iad.liveperson.net/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.advertising.com/]
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.advertising.com/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[statse.webtrendslive.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.ads.pointroll.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.overture.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.overture.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.realmedia.com/]
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.realmedia.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.questionmarket.com/]
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.questionmarket.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.zedo.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.bluestreak.com/]
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.phg.hitbox.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.adrevolver.com/]
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.adrevolver.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.bravenet.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.go.com/]
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[searchportal.information.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.target.com/]
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.target.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ct.360i.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.atwola.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cookies-1.txt[.ehg-dig.hitbox.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[citi.bridgetrack.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\COOKIES.TXT[citi.bridgetrack.com/]
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location bF"
3s
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description bF"
3s
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================


HIJACK THIS RESULTS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:02 PM, on 5/12/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\WINNT\System32\Ati2evxx.exe
C:\WINNT\SYSTEM32\Brmfrmps.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\QUICKEN\qw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [PPRT] C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC_Logon.exe
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINNT\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {00A7BD45-3D5C-11D4-BDA7-00C0F02C56AB} (DMSrvPushX Control) - http://12.211.40.205...ages/DMWebX.ocx
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=58813
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://go.gwinnett....01/iNotes6W.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish...fishActivia.cab
O16 - DPF: {504ECB49-969A-4F10-B5E8-881191072413} (Image Uploader 3.0 Control) - http://www.heritagem...ageUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1183906357181
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterf...ds/Uploader.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: McAfee Application Installer Cleanup (0319481173839327) (0319481173839327mcinstcleanup) - Unknown owner - C:\DOCUME~1\THECOA~1\LOCALS~1\Temp\031948~1.EXE (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\SYSTEM32\Brmfrmps.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Symbol Technologies, Inc. - C:\WINNT\syst
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

One thing you can do that will help out a lot is removing CA Internet Security. As you can see from your log, a lot of the processes is coming from that security suite. I usually advise against using these security bundles. Try using AVG Free Edition instead. It's free and only have the antivirus and antispyware programs bundled...no other programs that might cause bloat.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: McAfee Application Installer Cleanup (0319481173839327) (0319481173839327mcinstcleanup) - Unknown owner - C:\DOCUME~1\THECOA~1\LOCALS~1\Temp\031948~1.EXE (file missing)


Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

sc stop 0319481173839327) (0319481173839327mcinstcleanup
sc delete 0319481173839327) (0319481173839327mcinstcleanup
del delete.bat


Save the file as "delete.bat". Make sure to save it with the quotes. Double click on it.


Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

c:\winnt\gatorhdplugin.log-old.log
c:\winnt\system32\fiz1
c:\winnt\system32\kyf.dat


1. Download combofix at http://www.techsuppo...Bs/ComboFix.exe or http://download.blee...Bs/ComboFix.exe Save it to your Desktop before you run it.
2. Double-click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not click on combofix's window while it's running. That may cause it to stall.
  • 0

#3
RileyLex

RileyLex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I have done everything on your post but I could not get combofix to run. Everytime I tried to run it, an error said that it was not a valid win32 application. I saved it to my desktop and then tried to open it, I also tried to run it from start, run, etc.

I tried both links, then 2nd link timed out.

I will remove CA while I am waiting for a reply.

Thank You for your time.
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
The second link should work. Clear your cookies and try again. If it doesn't work, try downloading it here.
  • 0

#5
RileyLex

RileyLex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 08-05-15.3 - The Coates' Family 05/18/2008 23:18:25.1 - FAT32x86
Running from: C:\Documents and Settings\The Coates' Family\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINNT\system32\config\SAM.SAV
C:\WINNT\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2008-04-19 to 2008-05-19 )))))))))))))))))))))))))))))))
.

2008-05-18 20:19 . 05/18/08 08:19p 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_3ec.dat
2008-05-17 21:39 . 05/17/08 09:42p 8,192 --a------ C:\Documents and Settings\ADMINI~2
2008-05-17 21:13 . 05/17/08 09:13p <DIR> d-------- C:\WINNT\SYSTEM32\DRIVERS\Avg
2008-05-17 21:13 . 05/17/08 09:13p <DIR> d-------- C:\Program Files\AVG
2008-05-17 21:13 . 05/17/08 09:13p <DIR> d-------- C:\Documents and Settings\The Coates' Family\Application Data\AVGTOOLBAR
2008-05-17 21:13 . 05/17/08 09:13p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-17 21:13 . 05/17/08 09:13p 96,520 --a------ C:\WINNT\SYSTEM32\DRIVERS\avgldx86.sys
2008-05-17 21:13 . 05/17/08 09:14p 10,520 --a------ C:\WINNT\SYSTEM32\avgrsstx.dll
2008-05-17 21:11 . 05/17/08 09:14p 8,192 --a------ C:\Documents and Settings\ADMINI~1
2008-05-17 20:15 . 07/30/07 07:19p 207,736 --a------ C:\WINNT\SYSTEM32\muweb.dll
2008-05-17 17:06 . 05/17/08 05:06p 16,384 --a------ C:\WINNT\SYSTEM32\Perflib_Perfdata_44a38.dat
2008-05-12 22:39 . 05/12/08 10:39p <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 18:43 . 05/11/08 06:43p <DIR> d-------- C:\Program Files\Panda Security
2008-05-11 09:54 . 05/11/08 09:54a <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 09:54 . 05/11/08 09:54a <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 09:54 . 05/11/08 09:54a <DIR> d-------- C:\Documents and Settings\The Coates' Family\Application Data\SUPERAntiSpyware.com
2008-05-11 09:54 . 05/11/08 09:54a <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-10 21:28 . 05/10/08 09:28p <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 21:28 . 05/10/08 09:28p <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-10 21:28 . 05/10/08 09:28p <DIR> d-------- C:\Documents and Settings\The Coates' Family\Application Data\Malwarebytes
2008-05-10 21:28 . 05/10/08 09:28p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 21:28 . 05/05/08 08:46p 27,048 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-10 21:28 . 05/05/08 08:46p 15,864 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbam.sys
2008-05-10 21:26 . 05/11/08 09:52a 312 --a------ C:\WINNT\POWERARC.INI
2008-05-08 15:46 . 05/08/08 03:46p <DIR> d-------- C:\WINNT\SYSTEM32\Adobe
2008-05-02 19:55 . 05/02/08 07:55p <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-05-02 18:52 . 05/02/08 06:52p 16,384 --a------ C:\WINNT\SYSTEM32\Perflib_Perfdata_46c.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 09:26 1,644,080 ----a-w C:\WINNT\SYSTEM32\WIN32K.SYS
2008-03-19 09:26 1,644,080 ------w C:\WINNT\SYSTEM32\DLLCACHE\win32k.sys
2008-03-11 03:29 691,545 ----a-w C:\WINNT\unins000.exe
2008-02-19 17:08 236,304 ----a-w C:\WINNT\SYSTEM32\GDI32.DLL
2008-02-19 17:08 236,304 ----a-w C:\WINNT\SYSTEM32\DLLCACHE\GDI32.DLL
2007-10-24 12:57 0 ----a-w C:\Documents and Settings\The Coates' Family\OFXLOG.DAT
2005-07-11 23:38 560 ------w C:\Documents and Settings\The Coates' Family\Application Data\ViewerApp.dat
2003-08-27 18:19 36,963 ------w C:\Program Files\Common Files\SM1updtr.dll
2003-05-25 05:55 271 ---h--w C:\Program Files\DESKTOP.INI
2003-05-25 05:55 21,952 ---h--w C:\Program Files\FOLDER.HTT
2003-05-21 20:40 1,492 ----a-w C:\Program Files\INSTALL.LOG
2003-04-29 16:02 394,227 ----a-w C:\Program Files\FTP.zip
2002-08-09 20:08 32,528 ----a-w C:\WINNT\INF\wbfirdma.sys
2003-05-27 00:13 14,848 --sha-r C:\WINNT\SYSTEM32\inst.exe
.

------- Sigcheck -------


.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
05/17/08 09:13p 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [05/17/08 09:13p 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [05/17/08 09:13p 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/27/07 11:39a 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/07 01:11a 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [04/27/07 09:41a 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/27/07 08:14p 271672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [08/23/07 11:28p 185632]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/03 10:22a 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/04 02:46p 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/04 03:04p 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/04 09:16a 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/04 09:34a 851968]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/08 10:16p 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [05/17/08 09:13p 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [08/09/02 04:09p 20752 C:\WINNT\SYSTEM32\internat.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [09/27/07 09:17p 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [06/19/03 03:05p 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-04 12:59:27 36864]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-10-10 21:22:51 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/06 12:55p 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 02/27/07 11:39a 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttrak.sys [08/08/02 08:24a]
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys [08/09/02 04:08p]
R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys [08/08/02 08:24a]
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [05/27/00 04:37a]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [05/17/08 09:13p]
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys [04/10/02 05:00p]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [05/17/08 09:13p]
R2 BrSerial;Brother Serial Driver;C:\WINNT\system32\drivers\BrSerial.sys [03/15/02 12:13p]
R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [11/14/03 04:29a]
R2 VProt2k;BroadJump PPPoE Helper Protocol;C:\WINNT\system32\DRIVERS\VProt2k.SYS [05/04/03 05:19p]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINNT\system32\Drivers\BrScnUsb.sys [12/19/03 09:15p]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINNT\system32\Drivers\BrSerIf.sys [06/12/04 05:27a]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINNT\system32\Drivers\BrUsbSer.sys [01/10/04 04:28a]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINNT\system32\CBTNDIS5.SYS [07/16/03 10:28p]
R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINNT\system32\DRIVERS\hpusbfd.sys [05/22/02 09:40a]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINNT\system32\DRIVERS\odysseyIM4.sys [05/18/05 01:52p]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [06/19/03 03:05p]
R3 VWan2k;BroadJump PPPoE Adapter;C:\WINNT\system32\DRIVERS\VWan2k.SYS [05/04/03 05:19p]
S0 epstwnt;epstwnt;C:\WINNT\system32\Drivers\epstwnt.mpd []
S1 sglfb;sglfb;C:\WINNT\system32\drivers\sglfb.sys [08/09/02 04:15p]
S2 0319481173839327mcinstcleanup;McAfee Application Installer Cleanup (0319481173839327);C:\DOCUME~1\THECOA~1\LOCALS~1\Temp\031948~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini []
S2 SHARSHTL;Shuttle Sharer;C:\WINNT\system32\Drivers\sharshtl.sys []
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [10/30/01 05:30a]
S3 NetWlan5;Symbol Wireless LAN Adapter Driver;C:\WINNT\system32\DRIVERS\NetWlan5.sys [03/25/03 01:00p]
S3 We7x7nd5;3Com 3CRWE737A/777A AirConnect Wireless LAN Card Driver;C:\WINNT\system32\DRIVERS\We7x7nd5.sys [12/20/00 07:45a]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 00:32:10 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 23:22:20
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

? [2084]
? [188]
? [9800]
? [11588]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\epstwnt]
"ImagePath"="System32\Drivers\epstwnt.mpd"
.
Completion time: 05/18/2008 23:23:04
ComboFix-quarantined-files.txt 2008-05-19 03:23:00

Pre-Run: 495,550,464 bytes free
Post-Run: 708,706,304 bytes free

157 --- E O F --- 2008-04-13 03:09:53
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go into Firefox->Tools->Clear Private Data and hit OK to delete all your cookie and temp files.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

Driver::
epstwnt
0319481173839327mcinstcleanup
SHARSHTL

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#7
RileyLex

RileyLex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix 08-05-15.3 - The Coates' Family 05/19/2008 22:49:45.2 - FAT32x86
Running from: C:\Documents and Settings\The Coates' Family\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\The Coates' Family\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_0319481173839327MCINSTCLEANUP
-------\Legacy_SHARSHTL
-------\Service_0319481173839327mcinstcleanup
-------\Service_epstwnt
-------\Service_SHARSHTL


((((((((((((((((((((((((( Files Created from 2008-04-20 to 2008-05-20 )))))))))))))))))))))))))))))))
.

2008-05-19 17:06 . 08-05-19 17:06 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-05-19 17:06 . 08-05-19 17:06 1,409 --a------ C:\WINNT\QTFont.for
2008-05-19 14:56 . 08-05-19 14:56 10,520 --a------ C:\WINNT\SYSTEM32\avgrsstx.dll
2008-05-19 14:55 . 08-05-19 14:55 <DIR> d-------- C:\WINNT\SYSTEM32\DRIVERS\Avg
2008-05-19 14:55 . 08-05-19 14:56 96,520 --a------ C:\WINNT\SYSTEM32\DRIVERS\avgldx86.sys
2008-05-19 14:52 . 08-05-19 14:56 8,192 --a------ C:\Documents and Settings\AD59A3~1
2008-05-19 14:44 . 08-05-19 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-05-19 14:44 . 08-05-19 14:44 8,192 --a------ C:\Documents and Settings\ADMINI~4
2008-05-19 14:42 . 08-05-19 14:43 8,192 --a------ C:\Documents and Settings\ADMINI~3
2008-05-17 21:39 . 08-05-17 21:42 8,192 --a------ C:\Documents and Settings\ADMINI~2
2008-05-17 21:13 . 08-05-17 21:13 <DIR> d-------- C:\Program Files\AVG
2008-05-17 21:13 . 08-05-17 21:13 <DIR> d-------- C:\Documents and Settings\The Coates' Family\Application Data\AVGTOOLBAR
2008-05-17 21:11 . 08-05-17 21:14 8,192 --a------ C:\Documents and Settings\ADMINI~1
2008-05-17 20:15 . 07-07-30 19:19 207,736 --a------ C:\WINNT\SYSTEM32\muweb.dll
2008-05-12 22:39 . 08-05-12 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 18:43 . 08-05-11 18:43 <DIR> d-------- C:\Program Files\Panda Security
2008-05-11 09:54 . 08-05-11 09:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-05-11 09:54 . 08-05-11 09:54 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-11 09:54 . 08-05-11 09:54 <DIR> d-------- C:\Documents and Settings\The Coates' Family\Application Data\SUPERAntiSpyware.com
2008-05-11 09:54 . 08-05-11 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-10 21:28 . 08-05-10 21:28 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 21:28 . 08-05-10 21:28 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-10 21:28 . 08-05-10 21:28 <DIR> d-------- C:\Documents and Settings\The Coates' Family\Application Data\Malwarebytes
2008-05-10 21:28 . 08-05-10 21:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-10 21:28 . 08-05-05 20:46 27,048 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbamcatchme.sys
2008-05-10 21:28 . 08-05-05 20:46 15,864 --a------ C:\WINNT\SYSTEM32\DRIVERS\mbam.sys
2008-05-10 21:26 . 08-05-11 09:52 312 --a------ C:\WINNT\POWERARC.INI
2008-05-08 15:46 . 08-05-08 15:46 <DIR> d-------- C:\WINNT\SYSTEM32\Adobe
2008-05-02 19:55 . 08-05-02 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 09:26 1,644,080 ----a-w C:\WINNT\SYSTEM32\WIN32K.SYS
2008-03-19 09:26 1,644,080 ------w C:\WINNT\SYSTEM32\DLLCACHE\win32k.sys
2008-03-11 03:29 691,545 ----a-w C:\WINNT\unins000.exe
2007-10-24 12:57 0 ----a-w C:\Documents and Settings\The Coates' Family\OFXLOG.DAT
2005-07-11 23:38 560 ------w C:\Documents and Settings\The Coates' Family\Application Data\ViewerApp.dat
2003-08-27 18:19 36,963 ------w C:\Program Files\Common Files\SM1updtr.dll
2003-05-25 05:55 271 ---h--w C:\Program Files\DESKTOP.INI
2003-05-25 05:55 21,952 ---h--w C:\Program Files\FOLDER.HTT
2003-05-21 20:40 1,492 ----a-w C:\Program Files\INSTALL.LOG
2003-04-29 16:02 394,227 ----a-w C:\Program Files\FTP.zip
2002-08-09 20:08 32,528 ----a-w C:\WINNT\INF\wbfirdma.sys
2003-05-27 00:13 14,848 --sha-r C:\WINNT\SYSTEM32\inst.exe
.

------- Sigcheck -------


.
((((((((((((((((((((((((((((( [email protected] 05-18-2008_23.22.40.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 00:02:28 163,328 ----a-w C:\WINNT\erdnt\subs\ERDNT.EXE
- 2008-05-18 01:13:52 26,184 ----a-w C:\WINNT\SYSTEM32\DRIVERS\avgmfx86.sys
+ 2008-05-19 18:55:58 26,184 ----a-w C:\WINNT\SYSTEM32\DRIVERS\avgmfx86.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
08-05-19 14:55 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [08-05-19 14:55 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [08-05-19 14:55 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [07-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [07-09-25 01:11 132496]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [07-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07-07-27 20:14 271672]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07-08-23 23:28 185632]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [03-10-14 10:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04-04-14 14:46 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04-04-14 15:04 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [04-05-25 09:16 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [04-07-20 09:34 851968]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [08-01-11 22:16 39792]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [08-05-19 14:55 1177368]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [02-08-09 16:09 20752 C:\WINNT\SYSTEM32\internat.exe]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [07-09-27 21:17 443968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [03-06-19 15:05 186640]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter.lnk - C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe [2007-07-04 12:59:27 36864]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-10-10 21:22:51 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [06-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 07-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= mmdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

R0 fasttrak;fasttrak;C:\WINNT\system32\DRIVERS\fasttrak.sys [02-08-08 08:24 ]
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys [02-08-09 16:08 ]
R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys [02-08-08 08:24 ]
R0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);C:\WINNT\system32\DRIVERS\SONYPVM1.SYS [00-05-27 04:37 ]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [08-05-19 14:56 ]
R1 cdudf;cdudf;C:\WINNT\system32\drivers\cdudf.sys [02-04-10 17:00 ]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [08-05-19 14:55 ]
R2 BrSerial;Brother Serial Driver;C:\WINNT\system32\drivers\BrSerial.sys [02-03-15 12:13 ]
R2 NICSer_WPC54G;NICSer_WPC54G;C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe [03-11-14 04:29 ]
R2 VProt2k;BroadJump PPPoE Helper Protocol;C:\WINNT\system32\DRIVERS\VProt2k.SYS [03-05-04 17:19 ]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINNT\system32\Drivers\BrScnUsb.sys [03-12-19 21:15 ]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINNT\system32\Drivers\BrSerIf.sys [04-06-12 05:27 ]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINNT\system32\Drivers\BrUsbSer.sys [04-01-10 04:28 ]
R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;C:\WINNT\system32\CBTNDIS5.SYS [03-07-16 22:28 ]
R3 hpusbfd;Hewlett-Packard USB Filter Class;C:\WINNT\system32\DRIVERS\hpusbfd.sys [02-05-22 09:40 ]
R3 odysseyIM4;Odyssey Network Agent Miniport;C:\WINNT\system32\DRIVERS\odysseyIM4.sys [05-05-18 13:52 ]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINNT\system32\DRIVERS\usbprint.sys [03-06-19 15:05 ]
R3 VWan2k;BroadJump PPPoE Adapter;C:\WINNT\system32\DRIVERS\VWan2k.SYS [03-05-04 17:19 ]
S1 sglfb;sglfb;C:\WINNT\system32\drivers\sglfb.sys [02-08-09 16:15 ]
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys [01-10-30 05:30 ]
S3 NetWlan5;Symbol Wireless LAN Adapter Driver;C:\WINNT\system32\DRIVERS\NetWlan5.sys [03-03-25 13:00 ]
S3 We7x7nd5;3Com 3CRWE737A/777A AirConnect Wireless LAN Card Driver;C:\WINNT\system32\DRIVERS\We7x7nd5.sys [00-12-20 07:45 ]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-15 00:32:10 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-19 23:12:58
Windows 5.0.2195 Service Pack 4 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-19 23:16:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-20 03:16:30
ComboFix2.txt 2008-05-19 03:23:06

Pre-Run: 767,131,648 bytes free
Post-Run: 679,018,496 bytes free

160 --- E O F --- 2008-04-13 03:09:53





The computer hasn't crashed yet, but still slow to start and shut down. I feel like there is so much unessasary stuff that starts when my computer starts up.

Thank You.
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Run a new HijackThis log and post it here. We can try disabling a bunch of startup programs there to see if it helps.
  • 0

#9
RileyLex

RileyLex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:39 PM, on 5/21/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\S24EvMon.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\SYSTEM32\Brmfrmps.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.insightbb.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\DOCUME~1\THECOA~1\LOCALS~1\Temp\SSUPDATE.EXE Software\SUPERAntiSpyware.com\SUPERAntiSpyware
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Wireless-G Notebook Adapter.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Gcc.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINNT\SYSTEM32\Brmfrmps.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Symbol Technologies, Inc. - C:\WINNT\system32\S24EvMon.exe

--
End of file - 6510 bytes




The computer is running much faster, thank you. Which of the programs that I needed to install do I need to keep?

I had to install

Combofix
Malwarebytes
Super Anti-Spyware


On my AVG antivirus, it won't let me do a live virus scan and doesn't perform the scheduled ones either. Also, it doesn't let me schedule automatic updating. Is this normal for the free version? Shouldn't I e able to preform a virus scan?

Thanks-
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
We can disable the following programs from startup to speed things up a bit more for you :)

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')


You may uninstall Malwarebytes and even SUPERAntispyware if you wish since AVG8 comes with the spyware scanner.

For the AVG issue, download the free edition again and save it to your desktop. Disconnect from the internet and uninstall AVG8. Restart the computer and run the installer you saved on the desktop. Try doing a virus scan to see if it works now.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

Advertisements


#11
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#12
RileyLex

RileyLex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
My topic was closed, sorry, I went out of town. I cleaned everything up and the computer seems to be running well, hasn't crashed yet. I am still having trouble with AVG though. I uninstalled it, shut down and restarted, not connected to the internet. Then I reinstalled it. Shut down and retstarted it and I am having the same issues (cannot run a virus scan, live or scheduled and cannot schedule an automatic update and now when I update it cancels). Is it okay to run on Windows 2000? What else can I do to allow it to work correctly?

Thank You

Here was the last post that you sent me-
We can disable the following programs from startup to speed things up a bit more for you smile.gif

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')

You may uninstall Malwarebytes and even SUPERAntispyware if you wish since AVG8 comes with the spyware scanner.

For the AVG issue, download the free edition again and save it to your desktop. Disconnect from the internet and uninstall AVG8. Restart the computer and run the installer you saved on the desktop. Try doing a virus scan to see if it works now.

Good job. Your log is clean.
  • 0

#13
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
It should run fine on Windows 2000...

Make sure you turn off any antivirus programs you have running while performing the online scan below. Using Internet Explorer, run a virus scan at http://www.kaspersky.com/virusscanner Click on 'Launch Kaspersky Anti-Virus Web Scanner' and install the ActiveX component from Kaspersky. Click Yes and it will begin downloading the latest definition files. Once that's done, click on 'Scan Settings' and make sure the following are selected:

Scan using the following Anti-Virus database:
- Extended

Scan Options:
- Scan Archives
- Scan Mail Bases

Click OK. Now under select a target to scan, select 'My Computer'. It will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the 'Save as Text' button. Save the file to your desktop. Copy and paste that information in your next post.
  • 0

#14
RileyLex

RileyLex

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, May 28, 2008 7:45:14 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/05/2008
Kaspersky Anti-Virus database records: 807478
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 63217
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:24:01

Infected Object Name / Virus Name / Last Action
C:\WINNT\SYSTEM32\CONFIG\security Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\sam Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SYSTEM.ALT Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\system Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\software Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\default Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\SoftwareDistribution\EventCache\{1313A2BB-C3AE-4AE0-830B-B4A7AEA3BCC4}.bin Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR1.DAT Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\QMGR0.DAT Object is locked skipped
C:\Documents and Settings\The Coates' Family\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\The Coates' Family\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Microsoft\Outlook\archive.pst Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\The Coates' Family\Local Settings\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\The Coates' Family\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\The Coates' Family\Application Data\Microsoft\Outlook\Microsoft Outlook Internet Settings.srs Object is locked skipped
C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\history.dat Object is locked skipped
C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\parent.lock Object is locked skipped
C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\cert8.db Object is locked skipped
C:\Documents and Settings\The Coates' Family\Application Data\Mozilla\Firefox\Profiles\tk02k8c6.default\key3.db Object is locked skipped

Scan process completed.
  • 0

#15
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

Go into Firefox->Tools->Clear Private Data and hit OK to delete all your cookie and temp files.

Download AVG8 again on your computer. Disconnect from the internet. Uninstall AVG. Restart the computer and install AVG8 back. Try checking for updates again to see if it works now.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP