Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Alwayup [RESOLVED]


  • This topic is locked This topic is locked

#16
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Lol! No Hammer!!!


Try this method to booting up in safe mode.

http://service1.syma...c_nam#_Section3


let me know how it works out for you ;)


Thanks,

:tazz:

TOm
  • 0

Advertisements


#17
Uhhlyssa

Uhhlyssa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Sorry Excal--I am taking forever, I have a move to San Diego coming up in a week and I have been VERRRRY busy! ;)

I am going to try to run all that stuff today--I think I will get a chance. :tazz:

Thanks
Lys
  • 0

#18
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
No Rush. I will be here ;)

:tazz:

Excal
  • 0

#19
Uhhlyssa

Uhhlyssa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
;) OOOOOOOOOOk I am done f i n a l l y

Here's the deal. I logged on as administrator to this comp and rebooted in safe mode. Got the logs all saved up and will put them up.
But first---I need to tell you what a dumbass I have been---Thank god I had spysweeper though.

I was on a site earlier today looking for audio html to put on a site and I had never been there before, I allowed activex control. :tazz:

I later get a notification from spysweeper that winad was trying to do stuff. I clicked on more info and that little thing makes [bleep] pop up on your computer iiiick
I think I got rid of it soooo if you see any remnants of that please let me know
the site was www.msealsmusic.com---so be careful if you are there!

Alsooooooooo........

I don't know if this means anything to you but upon rebooting I got this notification window

Generic Host Process for Win32 services encountered a problem and needed to close.

click on more info......
szAppName : svchost.exe
szAppVer : 0.0.0.0.
szModName : Unknown
szModVer : 0.0.0.0.
offset : 00000000


click on more info about this...

The squiggly line after DOCUME was higher up (not in the middle) though
C:\DOCUME~1Alyssa\locals~1Temp\WER0cbc.dir00\svchost.exe.mdmp

C:\DOCUME~1Alyssa\locals~1Temp\WER0cbc.dir00\appcompbat.txt


whew--that was alot to type!!!

Here are the logs --lemme know what the [bleep] is goin on!! ;)


********
4:25 PM: |••• Start of Session, Friday, July 22, 2005 •••|
4:25 PM: Spy Sweeper started
4:25 PM: Sweep initiated using definitions version 505
4:25 PM: Starting Memory Sweep
4:27 PM: Memory Sweep Complete, Elapsed Time: 00:01:39
4:27 PM: Starting Registry Sweep
4:27 PM: Found Adware: winad
4:27 PM: HKCR\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 4408846)
4:27 PM: HKLM\software\classes\clsid\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (6 subtraces) (ID = 4408863)
4:27 PM: HKLM\software\media gateway\ (2 subtraces) (ID = 4408878)
4:27 PM: HKLM\software\microsoft\code store database\distribution units\{15ad6789-cdb4-47e1-a9da-992ee8e6bad6}\ (10 subtraces) (ID = 4408881)
4:27 PM: Registry Sweep Complete, Elapsed Time:00:00:17
4:27 PM: Starting Cookie Sweep
4:27 PM: Found Cookie: 2o7.net cookie
4:27 PM: alyssa@2o7[2].txt (ID = 180372)
4:27 PM: Found Cookie: 64.62.232 cookie
4:27 PM: alyssa@64.62.232[1].txt (ID = 180402)
4:27 PM: alyssa@64.62.232[2].txt (ID = 180402)
4:27 PM: alyssa@64.62.232[3].txt (ID = 180402)
4:27 PM: Found Cookie: yieldmanager cookie
4:27 PM: alyssa@ad.yieldmanager[1].txt (ID = 182189)
4:27 PM: Found Cookie: adknowledge cookie
4:27 PM: alyssa@adknowledge[1].txt (ID = 180487)
4:27 PM: Found Cookie: specificclick.com cookie
4:27 PM: alyssa@adopt.specificclick[2].txt (ID = 181832)
4:27 PM: Found Cookie: adrevolver cookie
4:27 PM: alyssa@adrevolver[2].txt (ID = 180507)
4:27 PM: alyssa@adrevolver[3].txt (ID = 180507)
4:27 PM: Found Cookie: pointroll cookie
4:27 PM: alyssa@ads.pointroll[1].txt (ID = 181578)
4:27 PM: Found Cookie: advertising cookie
4:27 PM: alyssa@advertising[2].txt (ID = 180594)
4:27 PM: Found Cookie: apmebf cookie
4:27 PM: alyssa@apmebf[2].txt (ID = 180648)
4:27 PM: Found Cookie: falkag cookie
4:27 PM: alyssa@as-us.falkag[2].txt (ID = 181076)
4:27 PM: Found Cookie: ask cookie
4:27 PM: alyssa@ask[1].txt (ID = 180664)
4:27 PM: Found Cookie: atlas dmt cookie
4:27 PM: alyssa@atdmt[2].txt (ID = 180674)
4:27 PM: Found Cookie: belnk cookie
4:27 PM: alyssa@ath.belnk[1].txt (ID = 180714)
4:27 PM: Found Cookie: atwola cookie
4:27 PM: alyssa@atwola[1].txt (ID = 180676)
4:27 PM: Found Cookie: banners cookie
4:27 PM: alyssa@banners[2].txt (ID = 180703)
4:27 PM: alyssa@belnk[2].txt (ID = 180713)
4:27 PM: Found Cookie: bfast cookie
4:27 PM: alyssa@bfast[1].txt (ID = 180721)
4:27 PM: Found Cookie: bluestreak cookie
4:27 PM: alyssa@bluestreak[2].txt (ID = 180735)
4:27 PM: Found Cookie: bs.serving-sys cookie
4:27 PM: alyssa@bs.serving-sys[1].txt (ID = 180751)
4:27 PM: Found Cookie: burstnet cookie
4:27 PM: alyssa@burstnet[2].txt (ID = 180757)
4:27 PM: Found Cookie: casalemedia cookie
4:27 PM: alyssa@casalemedia[2].txt (ID = 180775)
4:27 PM: Found Cookie: com.com cookie
4:27 PM: alyssa@com[2].txt (ID = 180866)
4:27 PM: Found Cookie: coremetrics cookie
4:27 PM: alyssa@data.coremetrics[1].txt (ID = 180891)
4:27 PM: alyssa@dist.belnk[2].txt (ID = 180714)
4:27 PM: Found Cookie: doubleclick cookie
4:27 PM: alyssa@doubleclick[1].txt (ID = 180958)
4:27 PM: Found Cookie: hitbox cookie
4:27 PM: alyssa@ehg-classifiedventures.hitbox[1].txt (ID = 181210)
4:27 PM: alyssa@ehg-traderpublishing.hitbox[1].txt (ID = 181210)
4:27 PM: Found Cookie: fastclick cookie
4:27 PM: alyssa@fastclick[2].txt (ID = 181077)
4:27 PM: alyssa@hitbox[2].txt (ID = 181209)
4:27 PM: Found Cookie: maxserving cookie
4:27 PM: alyssa@maxserving[1].txt (ID = 181396)
4:27 PM: Found Cookie: mediaplex cookie
4:27 PM: alyssa@mediaplex[1].txt (ID = 181402)
4:27 PM: Found Cookie: valueclick cookie
4:27 PM: alyssa@mv.valueclick[1].txt (ID = 182065)
4:27 PM: Found Cookie: qksrv cookie
4:27 PM: alyssa@qksrv[2].txt (ID = 181643)
4:27 PM: Found Cookie: questionmarket cookie
4:27 PM: alyssa@questionmarket[1].txt (ID = 181647)
4:27 PM: Found Cookie: realmedia cookie
4:27 PM: alyssa@realmedia[2].txt (ID = 181665)
4:27 PM: Found Cookie: revenue.net cookie
4:27 PM: alyssa@revenue[2].txt (ID = 181689)
4:27 PM: Found Cookie: servedby advertising cookie
4:27 PM: alyssa@servedby.advertising[2].txt (ID = 181767)
4:27 PM: Found Cookie: server.iad.liveperson cookie
4:27 PM: alyssa@server.iad.liveperson[1].txt (ID = 181773)
4:27 PM: Found Cookie: serving-sys cookie
4:27 PM: alyssa@serving-sys[1].txt (ID = 181775)
4:27 PM: Found Cookie: spylog cookie
4:27 PM: alyssa@spylog[2].txt (ID = 181847)
4:27 PM: Found Cookie: tradedoubler cookie
4:27 PM: alyssa@tradedoubler[2].txt (ID = 182009)
4:27 PM: Found Cookie: trafficmp cookie
4:27 PM: alyssa@trafficmp[1].txt (ID = 182017)
4:27 PM: Found Cookie: tribalfusion cookie
4:27 PM: alyssa@tribalfusion[2].txt (ID = 182025)
4:27 PM: alyssa@valueclick[1].txt (ID = 182064)
4:27 PM: alyssa@valueclick[2].txt (ID = 182064)
4:27 PM: Found Cookie: burstbeacon cookie
4:27 PM: alyssa@www.burstbeacon[1].txt (ID = 180756)
4:27 PM: Found Cookie: adserver cookie
4:27 PM: alyssa@z1.adserver[1].txt (ID = 180561)
4:27 PM: Found Cookie: zedo cookie
4:27 PM: alyssa@zedo[1].txt (ID = 182200)
4:27 PM: administrator@doubleclick[1].txt (ID = 180958)
4:27 PM: Cookie Sweep Complete, Elapsed Time: 00:00:05
4:27 PM: Starting File Sweep
4:29 PM: mediagatewayx.dll (ID = 4135413)
4:29 PM: mediagateway[1].exe (ID = 4135334)
4:30 PM: Found Trojan Horse: alwaysupdatednews
4:30 PM: 4f8858bf.exe (ID = 4090372)
4:31 PM: mediagateway.exe (ID = 4135334)
4:31 PM: File Sweep Complete, Elapsed Time: 00:04:11
4:31 PM: Full Sweep has completed. Elapsed time 00:06:19
4:31 PM: Traces Found: 85
4:39 PM: Removal process initiated
4:39 PM: Quarantining All Traces: winad
4:40 PM: Quarantining All Traces: 2o7.net cookie
4:40 PM: Quarantining All Traces: 64.62.232 cookie
4:40 PM: Quarantining All Traces: yieldmanager cookie
4:40 PM: Quarantining All Traces: adknowledge cookie
4:40 PM: Quarantining All Traces: specificclick.com cookie
4:40 PM: Quarantining All Traces: adrevolver cookie
4:40 PM: Quarantining All Traces: pointroll cookie
4:40 PM: Quarantining All Traces: adultfriendfinder cookie
4:40 PM: Quarantining All Traces: advertising cookie
4:41 PM: Quarantining All Traces: apmebf cookie
4:41 PM: Quarantining All Traces: falkag cookie
4:41 PM: Quarantining All Traces: ask cookie
4:41 PM: Quarantining All Traces: atlas dmt cookie
4:41 PM: Quarantining All Traces: belnk cookie
4:41 PM: Quarantining All Traces: atwola cookie
4:41 PM: Quarantining All Traces: banners cookie
4:41 PM: Quarantining All Traces: bfast cookie
4:41 PM: Quarantining All Traces: bluestreak cookie
4:41 PM: Quarantining All Traces: bs.serving-sys cookie
4:42 PM: Quarantining All Traces: burstnet cookie
4:42 PM: Quarantining All Traces: casalemedia cookie
4:42 PM: Quarantining All Traces: com.com cookie
4:42 PM: Quarantining All Traces: coremetrics cookie
4:42 PM: Quarantining All Traces: doubleclick cookie
4:42 PM: Quarantining All Traces: hitbox cookie
4:42 PM: Quarantining All Traces: fastclick cookie
4:42 PM: Quarantining All Traces: maxserving cookie
4:42 PM: Quarantining All Traces: mediaplex cookie
4:42 PM: Quarantining All Traces: valueclick cookie
4:43 PM: Quarantining All Traces: qksrv cookie
4:43 PM: Quarantining All Traces: questionmarket cookie
4:43 PM: Quarantining All Traces: realmedia cookie
4:43 PM: Quarantining All Traces: revenue.net cookie
4:43 PM: Quarantining All Traces: servedby advertising cookie
4:43 PM: Quarantining All Traces: server.iad.liveperson cookie
4:43 PM: Quarantining All Traces: serving-sys cookie
4:43 PM: Quarantining All Traces: spylog cookie
4:43 PM: Quarantining All Traces: tradedoubler cookie
4:43 PM: Quarantining All Traces: trafficmp cookie
4:44 PM: Quarantining All Traces: tribalfusion cookie
4:44 PM: Quarantining All Traces: burstbeacon cookie
4:44 PM: Quarantining All Traces: adserver cookie
4:44 PM: Quarantining All Traces: zedo cookie
4:44 PM: Quarantining All Traces: alwaysupdatednews
4:44 PM: Removal process completed. Elapsed time 00:04:51
********
4:25 PM: |••• Start of Session, Friday, July 22, 2005 •••|
4:25 PM: Spy Sweeper started
4:25 PM: Program Version 4.0.3 (Build 405) Using Spyware Definitions 505
4:25 PM: |••• End of Session, Friday, July 22, 2005 •••|









WINPFIND LOG>>>>>>>>>>>>>>>>

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "not responding" you can ignore it. Windows is throwing this message up even though the program is still running. As long as the hard disk is working then the program is running.

»»»»»»»»»»»»»»»»»»»»»»»» Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 7/5/2005 2:38:14 PM 15304163 C:\WINDOWS\lpt$vpn.717
qoologic 7/5/2005 2:38:14 PM 15304163 C:\WINDOWS\lpt$vpn.717
SAHAgent 7/5/2005 2:38:14 PM 15304163 C:\WINDOWS\lpt$vpn.717
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 3/30/2005 4:16:34 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 7/5/2005 2:38:14 PM 15304163 C:\WINDOWS\VPTNFILE.717
qoologic 7/5/2005 2:38:14 PM 15304163 C:\WINDOWS\VPTNFILE.717
SAHAgent 7/5/2005 2:38:14 PM 15304163 C:\WINDOWS\VPTNFILE.717
UPX! 3/30/2005 4:16:34 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 3/30/2005 4:16:34 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
PEC2 12/31/2002 8:00:00 AM 41397 C:\WINDOWS\system32\dfrg.msc
PECompact2 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\system32\MRT.exe
aspack 7/6/2005 10:21:30 PM 1366872 C:\WINDOWS\system32\MRT.exe
aspack 12/31/2002 8:00:00 AM 708096 C:\WINDOWS\system32\ntdll.dll
Umonitor 12/31/2002 8:00:00 AM 657920 C:\WINDOWS\system32\rasdlg.dll
winsync 12/31/2002 8:00:00 AM 1309184 C:\WINDOWS\system32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX! 5/30/2005 8:08:32 AM 667744 C:\WINDOWS\system32\drivers\avg7core.sys
FSG! 5/30/2005 8:08:32 AM 667744 C:\WINDOWS\system32\drivers\avg7core.sys
aspack 5/30/2005 8:08:32 AM 667744 C:\WINDOWS\system32\drivers\avg7core.sys

Checking the Windows folder for system and hidden files within the last 60 days...
6/27/2005 8:52:50 AM 0 oem1.inf
7/22/2005 4:27:22 PM 12288 default.LOG
7/22/2005 4:24:20 PM 1024 SAM.LOG
7/22/2005 4:24:00 PM 16384 SECURITY.LOG
7/22/2005 4:49:16 PM 176128 software.LOG
7/22/2005 4:24:04 PM 827392 system.LOG
7/13/2005 8:36:22 AM 1024 ntuser.dat.LOG
7/22/2005 3:48:02 PM 6 SA.DAT
7/22/2005 4:25:26 PM 0 CS0B0568EB-4E0D-4890-8DEB-460A7AEC0609.tmp
7/22/2005 4:25:24 PM 0 CS0DB6BD17-3731-4B1B-A937-22FD0F852874.tmp
7/22/2005 4:25:26 PM 0 CS0EBAB894-6CDC-47CB-8793-B8BCC86C2939.tmp
7/22/2005 4:25:24 PM 0 CS10651B83-16C5-4BC8-842E-65FB06674C7D.tmp
7/22/2005 4:25:26 PM 0 CS11C3ADD4-861F-4667-BC79-79CBD2B1D216.tmp
7/22/2005 4:25:26 PM 0 CS190D5C2C-B2A4-4D05-AA12-63D851F818DB.tmp
7/22/2005 4:25:26 PM 0 CS1940075B-8B8E-4513-93DA-6992F9D1F6F0.tmp
7/22/2005 4:25:26 PM 0 CS22492194-DB86-449A-9601-EEF1451F0621.tmp
7/22/2005 4:25:26 PM 0 CS226ECFB4-907C-405D-A91E-39CF70C8EC98.tmp
7/22/2005 4:25:26 PM 0 CS2461ECA8-56A0-472D-B393-8D20FFBC4B9E.tmp
7/22/2005 4:25:26 PM 0 CS2AD8E376-BB6F-4E04-91E3-F0F2D141A65D.tmp
7/22/2005 4:25:26 PM 0 CS2C209696-8BCF-4339-A572-630DD3A6D46E.tmp
7/22/2005 4:25:26 PM 0 CS2CC5D92E-E7F4-4976-8290-324ACE61FBC6.tmp
7/22/2005 4:25:26 PM 0 CS3155C9BC-9656-4EC1-AAD6-351BA7CF3069.tmp
7/22/2005 4:25:26 PM 0 CS3414FBA5-7966-4C51-8ED5-A7C44F910BE6.tmp
7/22/2005 4:25:26 PM 0 CS3C256BB9-886D-4580-B4C9-4E1416D79CDF.tmp
7/22/2005 4:25:26 PM 0 CS3D2D02DC-C3DC-463B-8144-878FF585B116.tmp
7/22/2005 4:25:26 PM 0 CS3F77FFC9-CBFE-49EB-B377-C0393B3A4786.tmp
7/22/2005 4:25:26 PM 0 CS4146FAC8-F0D8-4C7C-82F5-F5795CA3E377.tmp
7/22/2005 4:25:26 PM 0 CS422E4F14-46EC-485E-BE75-09C97768991A.tmp
7/22/2005 4:25:26 PM 0 CS4F402721-D1FF-424B-B4C0-095DC35D78EB.tmp
7/22/2005 4:25:26 PM 0 CS527BD87B-DD09-4663-B3B1-33BCF12DAA3D.tmp
7/22/2005 4:25:26 PM 0 CS56BD3CE1-6E10-44FC-BDD3-2EA2DAA3AC0C.tmp
7/22/2005 4:25:26 PM 0 CS5ABFE914-58CC-4420-B089-A7A42883D8BC.tmp
7/22/2005 4:25:26 PM 0 CS5B8B2EE7-B9C2-4F52-859D-0C704089776A.tmp
7/22/2005 4:25:26 PM 0 CS5C95AEAD-C1BD-430C-8671-DF815B923B3A.tmp
7/22/2005 4:25:26 PM 0 CS5F73A3F0-18A0-44B9-9B58-923AC9B4A24F.tmp
7/22/2005 4:25:26 PM 0 CS60BC5ABD-AD91-4302-9E1C-C5FA86C01CB9.tmp
7/22/2005 4:25:26 PM 0 CS62246D8D-5696-4AE2-A3CD-3FB9E7A55154.tmp
7/22/2005 4:25:26 PM 0 CS667A1926-0C5A-4C1B-9630-C357609F61D1.tmp
7/22/2005 4:25:26 PM 0 CS67D4E73F-2721-41B7-8E10-CAC49647273A.tmp
7/22/2005 4:25:26 PM 0 CS6873941A-93DD-4F3F-9C58-F92A380AD997.tmp
7/22/2005 4:25:26 PM 0 CS6CB3B250-33BB-4836-8DBB-03AB6890DD13.tmp
7/22/2005 4:25:26 PM 0 CS6E0CDA49-B797-445E-BFFE-2577C3E0F4E0.tmp
7/22/2005 4:25:26 PM 0 CS73F94EC8-1107-42DA-87DA-FFE961B9845A.tmp
7/22/2005 4:25:24 PM 0 CS74F44214-BF6B-4E98-919C-FF9FEDB6D943.tmp
7/22/2005 4:25:26 PM 0 CS77DD4DBE-7325-4F8D-9B31-132025F009D3.tmp
7/22/2005 4:25:26 PM 0 CS7A732A45-4098-4079-B36A-B5EBBCC50D8D.tmp
7/22/2005 4:25:26 PM 0 CS7ABBF726-90DD-4CEE-A1C4-7BE8D73805D9.tmp
7/22/2005 4:25:26 PM 0 CS7BB3D2F6-9E80-400F-9552-2BEFAF808B03.tmp
7/22/2005 4:25:26 PM 0 CS7D6E691D-45CD-47CE-845C-6600FB16889E.tmp
7/22/2005 4:25:26 PM 0 CS84A99F5C-61E8-41A8-A0A3-3B9992A45F99.tmp
7/22/2005 4:25:26 PM 0 CS86DA0FDD-3CD1-4D6C-B028-024BBDDB5417.tmp
7/22/2005 4:25:26 PM 0 CS89BD958D-7BFF-4ACB-8751-5D09C4EC1731.tmp
7/22/2005 4:25:26 PM 0 CS89D6F63E-3B2E-4669-999F-A21FDD63A556.tmp
7/22/2005 4:25:26 PM 0 CS89E5F76E-7A0F-4533-8E0A-2266B658A648.tmp
7/22/2005 4:25:26 PM 0 CS97ECE820-7A24-4534-A15B-FBE60A465F54.tmp
7/22/2005 4:25:26 PM 0 CSA53E8E90-4883-42B2-873A-140549913009.tmp
7/22/2005 4:25:26 PM 0 CSAA0710A2-AE71-430C-9961-AD7432C23E16.tmp
7/22/2005 4:25:26 PM 0 CSAAE98312-B305-47F4-9008-F5E307FADE9E.tmp
7/22/2005 4:25:26 PM 0 CSADCFDF1A-6A2D-42CB-93FC-A637353782DC.tmp
7/22/2005 4:25:26 PM 0 CSB6DB0AFF-58CC-4004-A987-5DF48834181F.tmp
7/22/2005 4:25:26 PM 0 CSBB985C56-4E35-4309-AE60-B793A9E1AF25.tmp
7/22/2005 4:25:26 PM 0 CSBBE39500-76CA-49A5-A644-3D9F7C29A86A.tmp
7/22/2005 4:25:26 PM 0 CSBCECA192-C68B-4673-98A3-63A4E1610AF1.tmp
7/22/2005 4:25:26 PM 0 CSC445E00E-024B-415F-82E1-C800A8F08B85.tmp
7/22/2005 4:25:26 PM 0 CSC79CE338-3EB3-44E7-BBB0-E902A9B5AC1F.tmp
7/22/2005 4:25:26 PM 0 CSCE983A16-F223-46ED-A8D2-FC523DA19F91.tmp
7/22/2005 4:25:26 PM 0 CSD0A8BE0A-0C2F-4EB3-B372-F1CA41231FAD.tmp
7/22/2005 4:25:26 PM 0 CSD83CB368-84F7-4E6D-86FA-1B11158E173E.tmp
7/22/2005 4:25:26 PM 0 CSE4BC523B-CA1F-4519-AFFA-9D138A15E1BF.tmp
7/22/2005 4:25:26 PM 0 CSE72C08B6-8C8A-43B6-8F11-239D87687C85.tmp
7/22/2005 4:25:26 PM 0 CSED961E22-0B6B-4564-9CA5-ADAC2FEB5D7B.tmp
7/22/2005 4:25:26 PM 0 CSEEA0A726-206E-48A4-A97D-981EF3792634.tmp
7/22/2005 4:25:26 PM 0 CSEF2168E4-36CE-4C8B-892C-4F75CB46B0CF.tmp
7/22/2005 4:25:26 PM 0 CSF2FB8567-3DF0-4D59-AE8A-6C2360D881B9.tmp
7/22/2005 4:25:26 PM 0 CSFB86B896-5937-4EFB-9976-BF5B57FFB4DD.tmp
7/22/2005 4:25:26 PM 0 CSFD9C83A4-2866-4502-B847-1141714C54C0.tmp
7/22/2005 4:25:26 PM 0 CSFF376A93-7B5A-4D98-9D26-7D908044A06F.tmp
7/20/2005 3:24:48 PM 113 desktop.ini
7/20/2005 3:24:48 PM 67 desktop.ini
7/20/2005 3:24:48 PM 67 desktop.ini
7/20/2005 3:24:48 PM 67 desktop.ini
7/20/2005 3:24:48 PM 67 desktop.ini
7/20/2005 3:24:48 PM 67 desktop.ini

»»»»»»»»»»»»»»»»»»»»»»»» Checking Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»»»»»»»»» Registry Entries Found »»»»»»»»»»»»»»»»»»»»»»»

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\SV1
SV1 =

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Mp3 To All Converter
{19780513-C829-11D1-8233-0020AF3E97C9} = C:\PROGRA~1\MP3TOA~1\CONTEX~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Synchronization Manager %SystemRoot%\system32\mobsync.exe /logon
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
UserFaultCheck %systemroot%\system32\dumprep 0 -u

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
IMAIL
MAPI
MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AVG7_Run C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoWelcomeScreen 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
= C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
UserInit C:\WINDOWS\system32\userinit.exe,
Shell Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
{7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
{fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
{E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
{35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apitrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ASSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cleanup.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divx.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\divxdec.ax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DJSMAR00.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRMINST.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncodeDivXExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EncryptPatchVer.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\front.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fullsoft.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GBROWSER.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmarq.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\htmlmm.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ishscan.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ISSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\javai.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jvm_g.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\main123w.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mngreg32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msci_uno.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorsvr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mso.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVOPTRF.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NeVideoFX.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPMLIC.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NSWSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\photohse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PMSTE.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ppw32hlp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\printhse.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\prwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ps80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psdmt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qfinder.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qpw.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\salwrap.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sevinst.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tcore_ebook.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TFDTCTT8.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\udtapi.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ums.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vb40032.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vbe6.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wpwin8.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xlmlEN.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xwsetup.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\_INSTPGM.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»

Thanks Tom

Alyssa
  • 0

#20
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
I don't see anything in that log except temp folders. Go ahead and run Cleanup! again.


Tell me exactly whats going on with your computer and post me a fresh HiJackThis log to make sure you didn't pick up anything at that site



Thanks,

:tazz:

Excal
  • 0

#21
Uhhlyssa

Uhhlyssa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ooook

I am not getting that notice anymore?! :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 11:15:33 AM, on 7/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://companyweb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://companyweb/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://companyweb
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = searchgroup.local
O17 - HKLM\Software\..\Telephony: DomainName = searchgroup.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = searchgroup.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = searchgroup.local
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#22
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#23
Uhhlyssa

Uhhlyssa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
THANKS SOOOOO MUCH Excal!!!!! :( :( :) :tazz: ;)

I really appreciate you taking time to help me out and plan to donate a bit---I want this kind of thing to be available to anyone who needs it!!!


You are awesome!

Lys
  • 0

#24
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Lys,



Thanks! and our welcome, its been my pleasure ;)

:tazz:


Excal
  • 0

#25
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP