Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijack this log, having serious problems!

Started by Noobius , Jul 16 2005 12:45 PM

  • Please log in to reply

#1
Noobius
Posted 16 July 2005 - 12:45 PM

Noobius

    New Member

  • Member
  • Pip
  • 8 posts
Hi, I have been havin some serious problems with my computer. I have done evrything in the book to help my computer (clean up, avg, ad aware, spy bot, cwshsredder). Now my computer is running worse than before after doing these programs. So i am going to HJT to try and solve my problems .. (aurora pop us, buffer errors, lots of spyware, and messed up boot ups). I am no professional so i know you guys here are good and it would be great if you guys can help me out! Thanks, here is my log file:

Logfile of HijackThis v1.99.1
Scan saved at 2:25:43 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\l?[bleep].exe
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\COMMON~1\AOL\111981~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Cas\Client\casclient.exe
C:\PROGRA~1\COMMON~1\AOL\111981~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\Linda Fiorito\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfgmgr52.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E3314ED-0E05-BE91-416E-5C757024794A} - C:\WINDOWS\System32\licxollv.dll
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\SYSTEM32\7ytho.dll (file missing)
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9D004B37-83F4-8C55-D539-F94D85A02E98} - C:\WINDOWS\System32\vugen.dll
O2 - BHO: SDWin32 Class - {AD1FB307-32E5-4224-ABD3-4523FC3FBF55} - C:\WINDOWS\System32\ipyvr.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [33tQ3sT] mmcbkup.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119815037\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [I024Rifnl] minpwd.exe
O4 - HKCU\..\Run: [Nwe] C:\WINDOWS\System32\l?[bleep].exe
O4 - HKCU\..\Run: [prutsct] C:\WINDOWS\System32\prutsct.exe
O4 - HKCU\..\Run: [iasetp] C:\WINDOWS\System32\iasetp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121374360406
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\CGFGNT.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Linda Fiorito\Desktop\cwshredder.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\System32\msupd5.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
  • 0

Advertisements

#2
coachwife6
Posted 18 July 2005 - 04:51 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi noobius. :tazz: Welcome to GTG.

Did you get this resolved or did you still need assitance?
  • 0

#3
Noobius
Posted 18 July 2005 - 05:24 PM

Noobius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey! I'm glad you asked, no i didnt get it fully resolved. I took it upon myself to get rid of aurora ... ya bad i dea .. dont know whats going on, i get random icons on my desktop evry hour ex: "xbox 360, starbucks, ice cream .. etc..) though the aurora pop ups stopped, when in boot my computer i get an error message .. ("an exception has occured:file name that im not sure of right now .. i will post it when i boot my computer again) but ya .. i still get a buttload of viruses as well. Is there anything i can do besides re-formatting?? Thanks!
  • 0

#4
coachwife6
Posted 18 July 2005 - 05:50 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Make sure you follow the recomendations here?

Give me a new log from hijack this and also give me a log from the panda active scan.

http://www.pandasoft...n_principal.htm

I like Starbucks. :tazz:
  • 0

#5
Noobius
Posted 18 July 2005 - 06:38 PM

Noobius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey hey, i just used Ewido ... i started my computer in safe mode and did the scan and then saved the report ... should i do the panda active scan??? Oh and i have these messages when windows is frist booted : "An exception occured while trying to run ""C:\WINDOWS\system32\isetmib1.dll,DllGetVersion" and " Error loading C:\WINDOWS\cfgmgr52.dll The specified module could not be found." .. those are probably from getting rid of all that maleware?



Well just in case u want the ewido here it is:


ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:23:14 PM, 7/18/2005
+ Report-Checksum: A5E88919

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF8DA190-3574-11D4-8068-0060082AE372} -> Spyware.BingoFun : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\skin -> Spyware.Delfin :

Cleaned with backup
HKLM\SOFTWARE\SurfSideKick2 -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick2\Internet Explorer -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Linda Fiorito\Local Settings\Temp\temp.fr3D88\NavHelper\v2.0.4d\navapp.exe -> Spyware.NavExcel : Cleaned with backup
C:\Documents and Settings\Linda Fiorito\Local Settings\Temp\temp.fr3D88\NavHelper\v2.0.4d\NHelper.dll -> Spyware.NavExcel : Cleaned with backup
C:\Documents and Settings\Linda Fiorito\Local Settings\Temp\temp.fr3D88\NavHelper\v2.0.4d\NHUninstaller.exe -> Spyware.NavExcel : Cleaned with backup
C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP289\A0016853.dll -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP312\A0018001.sys -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP312\A0018002.sys -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP312\A0018004.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP312\A0018006.exe -> Trojan.Delf.cf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP351\A0020304.exe -> Spyware.Apropos : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP351\A0020305.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP353\A0020405.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP353\A0020410.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP361\A0020713.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP361\A0020727.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP361\A0020738.exe -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP361\A0020739.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP364\A0020779.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP364\A0020801.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP366\A0022920.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP366\A0022921.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP366\A0022929.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0023021.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0023064.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP367\A0023067.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0023123.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0023124.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0023125.exe -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP368\A0023138.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP369\A0023200.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023236.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023244.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023350.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023352.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023360.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023363.exe -> Trojan.SecondThought.bf : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023364.exe -> Trojan.SecondThought.bg : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023367.exe -> Spyware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023368.exe -> Trojan.SecondThought.bd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023369.exe -> Spyware.ClearSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023370.dll -> TrojanSpy.Idly.c : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023372.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023373.exe -> Trojan.SecondThought.av : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023374.exe -> Trojan.SecondThought.bd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023375.exe -> TrojanDownloader.Delf.ep : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023377.exe -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023379.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023380.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023381.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023382.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023383.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023390.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023391.exe -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023392.dll -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP370\A0023393.exe -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP371\A0023509.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP371\A0023550.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023603.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023620.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\bundles\adl_mteststub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\bundles\thin-8-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\ijffwiwa.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\launchurl.exe -> Trojan.Zapchast : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM32\AJICAP32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\antxprxy.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\cxtpls_loader.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\SYSTEM32\CVPBK32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DHMAP.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DODSKRES.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\doloader.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DPACTFRM.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\entmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\FHSRCH.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\FPIFS.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\fpscomex.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\IBETCOMM.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ICMON.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ikfxdo.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\ipyvr.dll -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\ipyvrf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\IRSPOLCY.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\issecsnp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\itagr5.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\KGDSW.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\KJDSG.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\KTDRO.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\lptmb12n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\lsisi12n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\lwfil11n.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\MCRATING.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mdvcp71.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\MGORC32R.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\MVVCP60.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\MYOERT2.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\NSPROVAU.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\OGECNV32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\OOECLI.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\oshlp30e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\prutsctsss.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINDOWS\SYSTEM32\PSFLBMSG.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\PZWRPROF.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\qbv.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\qiap.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\RTGWIZC.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\skdpapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\UORSDPIA.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\UYRCOINA.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\VGSCRIPT.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wcadmoe.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wedmtpdr.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wlvdmoe2.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wodsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wqdsp.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\WSDAP32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wsxsvc\wsx.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\wsxsvc\wsx.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\unstall.exe -> Spyware.MediaMotor : Cleaned with backup


::Report End
  • 0

#6
coachwife6
Posted 18 July 2005 - 06:47 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Bleck. ;) you did have troubles.

Run CleanUp!

http://www.stevengou...ftware/cleanup/

Yes, I would still like the Panda Scan and Hijack This after you run CleanUp! :tazz:
  • 0

#7
Noobius
Posted 18 July 2005 - 07:33 PM

Noobius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok then,

Here is the Hijackthis log (the new one):
(the panda activce scan is after this log)

Logfile of HijackThis v1.99.1
Scan saved at 8:02:04 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\l?[bleep].exe
C:\PROGRA~1\COMMON~1\AOL\111981~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\AIM\aim.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\AOL\111981~1\EE\AOLServiceHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Linda Fiorito\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E3314ED-0E05-BE91-416E-5C757024794A} - C:\WINDOWS\System32\licxollv.dll
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\SYSTEM32\7ytho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9D004B37-83F4-8C55-D539-F94D85A02E98} - C:\WINDOWS\System32\vugen.dll
O2 - BHO: SDWin32 Class - {AD1FB307-32E5-4224-ABD3-4523FC3FBF55} - C:\WINDOWS\System32\ipyvr.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [33tQ3sT] mmcbkup.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119815037\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [I024Rifnl] minpwd.exe
O4 - HKCU\..\Run: [Nwe] C:\WINDOWS\System32\l?[bleep].exe
O4 - HKCU\..\Run: [prutsct] C:\WINDOWS\System32\prutsct.exe
O4 - HKCU\..\Run: [iasetp] C:\WINDOWS\System32\iasetp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121374360406
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\CGFGNT.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\System32\msupd5.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)

The Panda active scan .... well ... its taking a really long time, i figure i will get u the hjt log .. just so you still think that i am alive, but as soon as that scan finishes i will get you the results.Hey, i really appreciate all your help. One day hopefully i can do what you do. Hopefully college helps me achive the knowledge too. Thanks again! :tazz:
  • 0

#8
Noobius
Posted 18 July 2005 - 07:47 PM

Noobius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well here is the Panda Scan results:


Incident Status Location

Virus:Trj/Downloader.VC Disinfected C:\go_1.exe
Adware:Adware/Apropos No disinfected C:\Program Files\Aprps\ProxyStub.dll
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\casclient.exe
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\casmf.dll
Adware:Adware/ConsumerAlertSystemNo disinfected C:\Program Files\Cas\Client\Uninstall.exe
Adware:Adware/PurityScan No disinfected C:\Program Files\rdso\eetu.exe
Adware:Adware/eZula No disinfected C:\WINDOWS\bundles\ezStub_ropwo.exe
Adware:Adware/TopRebates No disinfected C:\WINDOWS\bundles\WebRebates_Auto_InstallSilent.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\bundles\wrapperouter.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\!update-2144[1].0000
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\!update-2174[1].0000
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\DLRPSETU.DLL
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\l?[bleep].exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\pyisdecd.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\qqvd.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\Shex.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\sVgnb.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM32\vugen.dll
Adware:Adware/Adtomi No disinfected C:\WINDOWS\SYSTEM32\vxnbx.dll
  • 0

#9
coachwife6
Posted 19 July 2005 - 08:56 AM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
You said recently that you cleaned yourself of aurora, so I'm just going to repeat the instructions for it and start from square one. :tazz:


Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here: (don't see any signs of it, but they often run in tandem, so let's do it)
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
  • 0

#10
Noobius
Posted 19 July 2005 - 04:27 PM

Noobius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hey, um, well that link you sent me for nailfix didnt work v ery well so i looked for it on the site and i found it .. well at least i think i did (http://www.noidea.us...ex.php?folder=2)<-- .. so i started my computer in safe mode and ran nailfix, then i ran ewido, then i ran hijack this and looked for "F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe" and i couldn't find it on hijack this so i coulndt finish .. any ideas?? Thanks!

Here are the logs:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:12:22 PM, 7/19/2005
+ Report-Checksum: E3520602

+ Scan result:

HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Dvx -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000002230} -> Spyware.ClearSearch : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{017C20C1-F86F-11D8-9B25-000ACD002AE3} -> Spyware.EnhanceMySearch : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AA06644-BC46-4220-A460-47A6EB47C96D} -> Spyware.NavExcel : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A12A061-1396-4A68-8D0D-920618F280DA} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-4072184471-3774905040-3395655936-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D80C4E21-C346-4E21-8E64-20746AA20AEB} -> Spyware.NavExcel : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023634.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023635.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023636.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023637.exe -> Adware.eZula : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023638.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023639.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023640.exe -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023641.exe -> Trojan.Zapchast : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023642.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023643.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023644.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023645.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023646.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023647.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023648.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023649.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023650.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023651.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023652.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023653.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023654.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023655.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023656.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023657.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023658.dll -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023659.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023660.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023661.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023662.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023663.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023664.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023665.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023666.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023667.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023668.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023669.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023670.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023671.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023672.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023673.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023674.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023675.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023676.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023677.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023678.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023679.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023680.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023681.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023682.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023683.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023684.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023685.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023686.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023687.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023688.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023689.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023690.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023691.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023692.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023693.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023694.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023695.ocx -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP372\A0023696.exe -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\SYSTEM32\sVgnb.dll -> Spyware.Look2Me : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 6:18:36 PM, on 7/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Linda Fiorito\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E3314ED-0E05-BE91-416E-5C757024794A} - C:\WINDOWS\System32\licxollv.dll
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\SYSTEM32\7ytho.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {9D004B37-83F4-8C55-D539-F94D85A02E98} - C:\WINDOWS\System32\vugen.dll
O2 - BHO: SDWin32 Class - {AD1FB307-32E5-4224-ABD3-4523FC3FBF55} - C:\WINDOWS\System32\ipyvr.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [33tQ3sT] mmcbkup.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1119815037\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [I024Rifnl] minpwd.exe
O4 - HKCU\..\Run: [Nwe] C:\WINDOWS\System32\l?[bleep].exe
O4 - HKCU\..\Run: [prutsct] C:\WINDOWS\System32\prutsct.exe
O4 - HKCU\..\Run: [iasetp] C:\WINDOWS\System32\iasetp.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121374360406
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\CGFGNT.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Miscrosoft Updates Service 5 (MsUpdate5) - Unknown owner - C:\WINDOWS\System32\msupd5.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
  • 0

#11
coachwife6
Posted 19 July 2005 - 08:52 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download http://www.bleepingc...es/winpfind.php and unzip the contents to its own permanent folder.

Important! Reboot in SAFE MODE !!

Start in Safe Mode Using the F8 method:

* Restart the computer in Safe Mode.
* As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.


Locate the pfind.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\pfind.txt back here and I will review it when it comes in.

Next:

* Download FindQoologic2.zip save it to your Desktop.
* Unzip Find-Qoologic2.zip to its own folder and then use Windows Explorer to navigate to that folder.
* Double-click the Find-Qoologic2.bat file to run it. It will take some time so be patient.
* When Notepad opens with the results in it copy/paste the entire contents of the document back here.


And finally:

* Download l2mfix.exe and save it to your desktop.
* Double click l2mfix.exe to start the installation.
* Click the Install button to extract the files and follow the prompts.
* Open the newly added l2mfix folder on your desktop.
* Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing the Enter key.


This will scan your computer and it may appear nothing is happening, then, after a minute or 2, Notepad will open with a log. Copy/paste the entire content of that log into this thread and I will review the information when it comes in.
  • 0

#12
Noobius
Posted 20 July 2005 - 05:15 PM

Noobius

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, umm, well i downlaod all of those program .. and the first one and i rebooted in safe mode, opened winpfind and ran the scan, it keep freezing up. And im not quite sure what u mean by finding pfind.bat ... i looked everywhere and there are no signs of it on my computer. What should i do?? Sorry that i couldnt figure it out! :tazz:
  • 0

#13
coachwife6
Posted 21 July 2005 - 02:06 PM

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Download http://www.bleepingc...es/winpfind.php and unzip the contents to its own permanent folder (on your desktop, where it can be easier to find).

Important! Reboot in SAFE MODE !!

Start in Safe Mode Using the F8 method:

* Restart the computer in Safe Mode.
* As soon as the BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.


Locate the pfind.bat file (where you downloaded it to) and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\pfind.txt <<what the scan produces.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP