Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

task manager [RESOLVED]


  • This topic is locked This topic is locked

#31
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts. You are running Windows XP so get updated to SP-2

    Please post back if you are still having any problems....

  • 0

Advertisements


#32
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
thanks for all your help :tazz: but one thing, my computers still slow. what else could be the problem??
  • 0

#33
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please download RootKitRevealer from here:
http://www.sysintern...kitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0

#34
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/24/2005 4:02 PM 80 bytes Data mismatch between Windows API and raw hive data.
C:\$VAULT$.AVG\05401667.FIL 10/24/2005 4:25 PM 62.46 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\1[1].gif 10/24/2005 4:14 PM 8.23 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\adivina1[1].htm 10/24/2005 4:09 PM 10.19 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\adivinanti[1].gif 10/24/2005 4:13 PM 7.20 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\Adivinanzas[1].gif 10/24/2005 4:11 PM 2.25 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\adivinanzas[1].htm 10/24/2005 4:11 PM 18.33 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\ads[6].htm 10/24/2005 4:09 PM 2.99 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\b_body[1].gif 10/24/2005 4:11 PM 504 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\b_logic[1].gif 10/24/2005 4:11 PM 1.85 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\b_obj[1].gif 10/24/2005 4:11 PM 620 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\badge_hostedby_purp_2[1].gif 10/24/2005 4:10 PM 779 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\bannerkalimbo[1].gif 10/24/2005 4:11 PM 5.01 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\boton2_f2[1].jpg 10/24/2005 4:15 PM 6.37 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\boton5[1].jpg 10/24/2005 4:15 PM 6.33 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\boton5_f2[1].jpg 10/24/2005 4:15 PM 6.51 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAEJQZI1.htm 10/24/2005 4:15 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAFU25BJ.htm 10/24/2005 4:12 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAG1SP0B.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\CAJIALZB.htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\caminant[1].gif 10/24/2005 4:14 PM 34.01 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fecha[1].js 10/24/2005 4:11 PM 755 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fichas_profe[1].gif 10/24/2005 4:11 PM 4.11 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fondo%20copia[1].jpg 10/24/2005 4:14 PM 17.84 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fondo[1].jpg 10/24/2005 4:15 PM 765 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\fondoadivina[1].jpg 10/24/2005 4:13 PM 4.94 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\geo_tab_right1[1].gif 10/24/2005 4:10 PM 942 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\geovck07[1].js 10/24/2005 4:10 PM 4.28 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\h[1].htm 10/24/2005 4:10 PM 10.36 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\izdafondo[1].gif 10/24/2005 4:11 PM 63 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\mt_dropdown_initialize[1].js 10/24/2005 4:15 PM 98 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\mt_style[1].css 10/24/2005 4:15 PM 1.14 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\ovad01[1].js 10/24/2005 4:10 PM 704 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\p_musica[1].gif 10/24/2005 4:11 PM 2.84 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\pie_[1].gif 10/24/2005 4:11 PM 9.17 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\recomienda[1].gif 10/24/2005 4:11 PM 159 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\rotation[1].htm 10/24/2005 4:16 PM 255 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[13].htm 10/24/2005 4:09 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[14].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[15].htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\search[4] 10/24/2005 4:12 PM 18.47 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\tab04[2].html 10/24/2005 4:10 PM 1.98 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\89ABCVEF\visit[1].gif 10/24/2005 4:10 PM 85 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\adframe06[1].html 10/24/2005 4:10 PM 1.75 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\adivina[1].gif 10/24/2005 4:11 PM 2.76 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\adivinanzas[1].htm 10/24/2005 4:11 PM 18.66 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\ads[6].htm 10/24/2005 4:15 PM 5.06 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\amazon[1].gif 10/24/2005 4:10 PM 1.65 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\ayudaespanol46[1].htm 10/24/2005 4:13 PM 20.35 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\b[1].gif 10/24/2005 4:10 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\b_idiom[1].gif 10/24/2005 4:11 PM 2.12 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\b_mus[1].gif 10/24/2005 4:11 PM 620 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\bolitaazul[1].gif 10/24/2005 4:15 PM 97 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton1_f2[1].jpg 10/24/2005 4:15 PM 5.14 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton2[1].jpg 10/24/2005 4:15 PM 6.22 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton3_f2[1].jpg 10/24/2005 4:15 PM 6.42 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\boton_azul[1].gif 10/24/2005 4:13 PM 682 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAJMGZ7L.htm 10/24/2005 4:09 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CANEC3V5.htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAR247JL.htm 10/24/2005 4:15 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAR629NJ.htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAS9A7CT.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\CAVYS7FX.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\cuentacuen[1].gif 10/24/2005 4:14 PM 19.97 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\div03[1].js 10/24/2005 4:10 PM 5.40 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\div[1].css 10/24/2005 4:10 PM 1.33 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\es[1].gif 10/24/2005 4:14 PM 156 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\estilo[1].css 10/24/2005 4:15 PM 7.94 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\fondo2[1].jpg 10/24/2005 4:15 PM 10.06 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\graciasindex[1].gif 10/24/2005 4:11 PM 215 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\hada1[1].gif 10/24/2005 4:14 PM 28.18 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\home[1].htm 10/24/2005 4:14 PM 11.13 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\logo[1].gif 10/24/2005 4:15 PM 1.84 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\mane_mous[1].gif 10/24/2005 4:11 PM 89 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\mini_premio[1].gif 10/24/2005 4:11 PM 1.34 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\osocaja[1].gif 10/24/2005 4:09 PM 5.29 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\p_all[1].gif 10/24/2005 4:11 PM 5.24 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\pequenet2[1].css 10/24/2005 4:11 PM 4.86 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\porque[1].gif 10/24/2005 4:11 PM 4.58 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\pu5geo[1].js 10/24/2005 4:10 PM 1.91 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[10].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[11].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[12].htm 10/24/2005 4:12 PM 15 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\search[5] 10/24/2005 4:08 PM 16.96 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\seleccionada[1].jpg 10/24/2005 4:14 PM 3.38 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\FG8RSK3M\ws-riddles[1].htm 10/24/2005 4:10 PM 12.27 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\1089543[1].htm 10/24/2005 4:09 PM 1 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\8peq[1].gif 10/24/2005 4:11 PM 1.23 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\a[2] 10/24/2005 4:10 PM 119 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\ace1[1].htm 10/24/2005 4:15 PM 15.44 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_all[1].gif 10/24/2005 4:11 PM 606 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_anim[1].gif 10/24/2005 4:11 PM 549 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_com[1].gif 10/24/2005 4:11 PM 626 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\b_natura[1].gif 10/24/2005 4:11 PM 1.70 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\barra1[1].gif 10/24/2005 4:14 PM 7.99 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\blue[1].gif 10/24/2005 4:11 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\boton1[1].jpg 10/24/2005 4:15 PM 4.93 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\boton4_f2[1].jpg 10/24/2005 4:15 PM 927 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\boton6[1].jpg 10/24/2005 4:15 PM 5.38 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CA9KY11F 10/24/2005 4:15 PM 1.77 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CAFUQTB7.htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CAM7GHA3.htm 10/24/2005 4:10 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\CANE0RVT.htm 10/24/2005 4:12 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\centadivina[1].jpg 10/24/2005 4:13 PM 28.80 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\derecha[1].jpg 10/24/2005 4:15 PM 23.08 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\enlace-2[1].gif 10/24/2005 4:14 PM 2.58 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\ff2[1].htm 10/24/2005 4:15 PM 914 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\fichas2[1].swf 10/24/2005 4:13 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\fondo%20fucsia[1].jpg 10/24/2005 4:09 PM 3.16 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\geov2[1].js 10/24/2005 4:10 PM 635 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\green[1].gif 10/24/2005 4:11 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\hada[1].gif 10/24/2005 4:14 PM 28.24 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\index[2].htm 10/24/2005 4:15 PM 56.26 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\izdafondo_top[1].gif 10/24/2005 4:11 PM 156 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\logos_pie[1].gif 10/24/2005 4:11 PM 2.80 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\mariquita[1].gif 10/24/2005 4:09 PM 597 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\menu_down[1].gif 10/24/2005 4:11 PM 549 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\mini_correos[1].gif 10/24/2005 4:11 PM 1.36 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\preadivina[1].htm 10/24/2005 4:11 PM 17.40 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[11].htm 10/24/2005 4:07 PM 15 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[12].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[13].htm 10/24/2005 4:11 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[14].htm 10/24/2005 4:15 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\search[4] 10/24/2005 4:13 PM 16.95 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\t-spainb[1].gif 10/24/2005 4:10 PM 926 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\GZIDHIDE\ws-riddles[1].htm 10/24/2005 4:10 PM 2.67 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\3_02[1].gif 10/24/2005 4:15 PM 9.78 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\adivina[1].htm 10/24/2005 4:13 PM 12.30 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\b_let[1].gif 10/24/2005 4:11 PM 631 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\b_personas[1].gif 10/24/2005 4:11 PM 1.71 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\b_raton[1].gif 10/24/2005 4:11 PM 277 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\bimag30[1].jpg 10/24/2005 4:13 PM 29.75 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\boton3[1].jpg 10/24/2005 4:15 PM 6.21 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\boton6_f2[1].jpg 10/24/2005 4:15 PM 5.68 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CA76Y9NZ.htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CA7AGZRL.htm 10/24/2005 4:10 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CA9SW39D.htm 10/24/2005 4:08 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\cabecera_[1].gif 10/24/2005 4:11 PM 19.53 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CAGXA3WT.htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CaLib_468_2[1].gif 10/24/2005 4:11 PM 5.75 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\CALW3YFL 10/24/2005 4:09 PM 1.38 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\clouds[1].jpg 10/24/2005 4:10 PM 2.43 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\diainternet[1].gif 10/24/2005 4:11 PM 7.92 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\envia[1].gif 10/24/2005 4:11 PM 1.69 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\fondobarra[1].jpg 10/24/2005 4:15 PM 406 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\fundo[1].jpg 10/24/2005 4:15 PM 1.80 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\geo_mast_small2[1].gif 10/24/2005 4:10 PM 1.26 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\geo_tab_left1[1].gif 10/24/2005 4:10 PM 943 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\geopromos_120x60[1].gif 10/24/2005 4:16 PM 14.25 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\h[1].php 10/24/2005 4:10 PM 3.64 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\izdafondo[1].gif 10/24/2005 4:11 PM 111 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\izquierda[1].jpg 10/24/2005 4:15 PM 29.44 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\letras[1].gif 10/24/2005 4:14 PM 3.31 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\looney[1].mid 10/24/2005 4:09 PM 4.97 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\menu_up[1].gif 10/24/2005 4:11 PM 198 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\MenuPrinc[1].swf 10/24/2005 4:13 PM 76.50 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\miedo[1].gif 10/24/2005 4:11 PM 21.54 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\mt_dropdown_content[1].js 10/24/2005 4:15 PM 9.39 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\mt_dropdownC[1].js 10/24/2005 4:15 PM 16.12 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\pequeizda[1].gif 10/24/2005 4:11 PM 3.42 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\pequenet[1].js 10/24/2005 4:11 PM 3.87 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\pie_menu[1].gif 10/24/2005 4:11 PM 206 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\search[13].htm 10/24/2005 4:13 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\search[14].htm 10/24/2005 4:14 PM 14 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\search[2] 10/24/2005 4:12 PM 7.89 KB Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\transparent[1].gif 10/24/2005 4:14 PM 43 bytes Hidden from Windows API.
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\OG59DQO7\wsi-riddle[1].gif 10/24/2005 4:10 PM 2.13 KB Hidden from Windows API.
C:\System Volume Information\_restore{2C8073A7-4A82-4858-BA3D-DA45F71A3330}\RP1\A0000015.exe 10/10/2005 7:53 PM 62.00 KB Visible in Windows API, but not in MFT or directory index.
  • 0

#35
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Download CCleaner and install it. (Please do not run the CCleaner utility yet.)

Start Ccleaner. click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right).

Then reboot your computer.

---------------------------------------

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
  • 0

#36
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
10/25/05 17:06:32 [Info]: BlackLight Engine 1.0.23 initialized
10/25/05 17:06:32 [Info]: OS: 5.1 build 2600 (Service Pack 1)
10/25/05 17:06:34 [Note]: 4019 4
10/25/05 17:06:34 [Note]: 4005 0
10/25/05 17:06:42 [Note]: 4006 0
10/25/05 17:06:42 [Note]: 4011 1808
10/25/05 17:06:50 [Note]: FSRAW library version 1.7.1011
10/25/05 17:11:42 [Note]: 4007 0
  • 0

#37
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
sorry for double posting but umm..now what am i suppose to do?
  • 0

#38
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I thought there was something hiding on your computer, but ther isn't.

That means that you are clean!
  • 0

#39
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
so what could be causing my computer to be so slow? if it helps theres always something that pops up when im scanning saying i have a virus in the volume restore thing.
  • 0

#40
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

How to Turn On and Turn Off System Restore in Windows XP:
http://support.micro...?...[LN];310405

Reboot again and tell me how your computer is running now.
  • 0

Advertisements


#41
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
its still slow...it got fast like about 3% more
  • 0

#42
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
  • 0

#43
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
oo and i accidentally disabled a cookie and now i cant login to photobucket. how can i enable it?



Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\steph.STEPHANIE\Desktop\aproposfix

************

Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!


Logfile of HijackThis v1.99.1
Scan saved at 3:23:22 PM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#44
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts

oo and i accidentally disabled a cookie and now i cant login to photobucket. how can i enable it?

What do you mean by "disabled"? If you deleted the cookie you have to login at photobucket again!

---------------------------

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot into normal mode.

Then, please run this online virus scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log and the Ewido log in your next reply.
  • 0

#45
demonicangel

demonicangel

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 150 posts
panda said i was clean

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:27:22 PM, 10/31/2005
+ Report-Checksum: 57FADA3A

+ Scan result:

C:\Documents and Settings\liz\Cookies\liz@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\liz\Cookies\liz@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\steph.STEPHANIE\Local Settings\Temporary Internet Files\Content.IE5\MYF8S0BY\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\WINDOWS\system32\MRT.exe -> Heuristic.Win32.AVKiller : Cleaned with backup


::Report End


Logfile of HijackThis v1.99.1
Scan saved at 8:27:32 PM, on 10/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP