Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Clean my PC

Started by TheBrotherhood313 , Oct 14 2005 04:36 PM

  • Please log in to reply

#1
TheBrotherhood313
Posted 14 October 2005 - 04:36 PM

TheBrotherhood313

    Member

  • Member
  • PipPipPip
  • 127 posts
Well, i dont have any huge problems other than some Sound Card trouble. But i would like for someone experienced to take a look at my log and give me some ideas of what to do that would make it cleaner or run faster.
I know nothing about these, so R1 or something could be a virus for all i know :tazz:
Logfile of HijackThis v1.99.1
Scan saved at 6:31:52 PM, on 10/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\System32\ca2.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Anthony - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
So take a look, tell me what could improve this. Or if there is anything bad on there, how to remove it :)
Thanks

~Anthony
  • 0

Advertisements

#2
TheBrotherhood313
Posted 19 October 2005 - 06:47 PM

TheBrotherhood313

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts 
Logfile of HijackThis v1.99.1
Scan saved at 8:45:54 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\System32\ca2.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: StyleXPService - Anthony - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

Updated log and a bump. I know i shouldnt be bumping it, but i needed to update this anyway. My sound card trouble and a few other things are fixed so i wouldnt be surprised if my log is much different now.
  • 0

#3
Armodeluxe
Posted 20 October 2005 - 11:10 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi TheBrotherhood313

Please post a new log after reenabling all disabled items in msconfig, and choosing normal startup. Disabling items is never a permanent solution, it should only be used for temporary troubleshooting.
  • 0

#4
TheBrotherhood313
Posted 21 October 2005 - 10:08 AM

TheBrotherhood313

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Alright then.
Only reason i diabled some of that is because i didnt want a few things running at the startup, for example Quicktime.
Anyway, here is the new log.

Logfile of HijackThis v1.99.1
Scan saved at 12:05:15 PM, on 10/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\WINDOWS\System32\sysmonnt.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\System32\ca2.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [YNGnH] C:\documents and settings\anthony stubblefield\local settings\temp\YNGnH.exe
O4 - HKLM\..\Run: [XLcQ] C:\documents and settings\anthony stubblefield\local settings\temp\XLcQ.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [NSr] C:\documents and settings\anthony stubblefield\local settings\temp\NSr.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [L3] C:\documents and settings\anthony stubblefield\local settings\temp\L3.exe
O4 - HKLM\..\Run: [IY] C:\documents and settings\anthony stubblefield\local settings\temp\IY.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [h] C:\documents and settings\anthony stubblefield\local settings\temp\h.exe
O4 - HKLM\..\Run: [B] C:\documents and settings\anthony stubblefield\local settings\temp\B.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [zrif] C:\PROGRA~1\COMMON~1\zrif\zrifm.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [POPUPWATCH] C:\Program Files\BulletProofSoft.com\SpywareRemover\popup-watch\PopUpWatch.exe /STARTUP
O4 - HKCU\..\Run: [Piracy] "C:\WINDOWS\SysUtil.exe" /PIRACY
O4 - HKCU\..\Run: [Mcoi] C:\Documents and Settings\Anthony Stubblefield\Application Data\ciph.exe
O4 - HKCU\..\Run: [Ddrcih] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [boo] C:\WINDOWS\boo.exe
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" --defaults-file=mysql\bin\my.cnf mysql (file missing)
O23 - Service: StyleXPService - Anthony - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

  • 0

#5
Armodeluxe
Posted 21 October 2005 - 11:42 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
OK. Let's remove the malware first, then we will deal with the optionals.

Print these instruction for use in safe mode

You don't have an antivirus running. Download, install and update AVG, but don't run a scan yet, we will do it in safe mode.

Please download Ewido Security Suite (do NOT run it yet!)
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed
  • After the updates are installed, exit Ewido
Open HijackThis and click Scan. Put a check next to these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O2 - BHO: Cas - {B5F3970B-745E-46AC-B890-E08F69777D80} - C:\WINDOWS\System32\ca2.dll
O4 - HKLM\..\Run: [YNGnH] C:\documents and settings\anthony stubblefield\local settings\temp\YNGnH.exe
O4 - HKLM\..\Run: [XLcQ] C:\documents and settings\anthony stubblefield\local settings\temp\XLcQ.exe
O4 - HKLM\..\Run: [NSr] C:\documents and settings\anthony stubblefield\local settings\temp\NSr.exe
O4 - HKLM\..\Run: [L3] C:\documents and settings\anthony stubblefield\local settings\temp\L3.exe
O4 - HKLM\..\Run: [IY] C:\documents and settings\anthony stubblefield\local settings\temp\IY.exe
O4 - HKLM\..\Run: [h] C:\documents and settings\anthony stubblefield\local settings\temp\h.exe
O4 - HKLM\..\Run: C:\documents and settings\anthony stubblefield\local settings\temp\B.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [zrif] C:\PROGRA~1\COMMON~1\zrif\zrifm.exe
O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [Mcoi] C:\Documents and Settings\Anthony Stubblefield\Application Data\ciph.exe
O4 - HKCU\..\Run: [Ddrcih] C:\WINDOWS\System32\?ttrib.exe
O4 - HKCU\..\Run: [boo] C:\WINDOWS\boo.exe


Close all other windows except HijackThis and click Fix Checked.

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Once in Safe Mode:

Let's make sure of cleaning your temp files. Go to Start>Run and type: cleanmgr

Run the Disk Cleanup utility after putting a check next to these:

Temporary Files
Temporary Internet Files
Recycle Bin

After that, run your CCleaner to make sure temp files are swiped out.

Reconfigure Windows XP to show hidden files:
Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Now delete these files and folders in bold if found:

C:\WINDOWS\System32\ca2.dll
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\System32\sysmonnt
C:\Documents and Settings\Anthony Stubblefield\Application Data\ciph.exe
C:\WINDOWS\boo.exe
C:\PROGRAM FILES\COMMON FILES\zrif
C:\Program Files\sf
C:\WINDOWS\System32\?ttrib.exe <--you may see a strange or Cyrillic character in place of the question mark


Next, run AVG and make a full system scan. Remove all it finds. Make note if it finds anything but can't delete it.

Open Ewido
  • Click on scanner
  • Click Complete System Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "remove", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
  • Exit Ewido
Reboot back to normal mode. Run these two online scans:

1)Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
2) Go here to make an online scan:

http://www.pandasoft.../activescan.htm

- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Then post a new HijackThis log, Ewido log, Kaspersky log and [b]Panda log.
  • 0

#6
TheBrotherhood313
Posted 21 October 2005 - 03:12 PM

TheBrotherhood313

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
Wow that took a long time for all those scans :tazz:
First off i want to say that i could not download Ewido. The reason is that the connection here is wireless and cuts out a lot. It kept cutting out at around 30% I went ahead and did everything else though.

AVG - Detected and Deleted 19 viruses

Kaspersky - Report Below
-------------------------------------------------------------------------------
 KASPERSKY ON-LINE SCANNER REPORT
 Friday, October 21, 2005 16:19:18
 Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
 Kaspersky On-line Scanner version: 5.0.67.0
 Kaspersky Anti-Virus database last update: 21/10/2005
 Kaspersky Anti-Virus database records: 155475
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	C:\
	D:\
	E:\

Scan Statistics:
	Total number of scanned objects: 58053
	Number of viruses found: 21
	Number of infected objects: 44
	Number of suspicious objects: 0
	Duration of the scan process: 2317 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Anthony Stubblefield\Application Data\vтtа.exe	Infected: not-a-virus:AdWare.Win32.PurityScan.v
C:\Program Files\hijackthis\backups\backup-20051021-140606-159.dll	Infected: not-a-virus:AdWare.Win32.SearchIt.l
C:\Program Files\MSN Messenger\cedpstealer(www.mess.be)\CE.DP.Stealer.1.4.5.exe	Infected: Trojan-Spy.Win32.BJCG.b
C:\Program Files\MSN Messenger\extfix(www-1.mess.be)\extfix.exe	Infected: not-a-virus:RiskTool.Win32.ExtUnlock.a
C:\Program Files\System32\svchost.exe	Infected: not-a-virus:Monitor.Win32.007SpySoft.342
C:\System Volume Information\_restore{78C3F3A4-1035-467F-80D4-1E270FA9478D}\RP378\A0099924.dll	Infected: not-a-virus:AdWare.Win32.RK.a
C:\System Volume Information\_restore{78C3F3A4-1035-467F-80D4-1E270FA9478D}\RP378\A0099925.exe	Infected: not-a-virus:AdWare.Win32.RK.a
C:\System Volume Information\_restore{78C3F3A4-1035-467F-80D4-1E270FA9478D}\RP378\A0099931.dll	Infected: not-a-virus:AdWare.Win32.SearchIt.l
C:\System Volume Information\_restore{78C3F3A4-1035-467F-80D4-1E270FA9478D}\RP378\A0100966.exe	Infected: Trojan.Win32.VB.tq
C:\System Volume Information\_restore{78C3F3A4-1035-467F-80D4-1E270FA9478D}\RP378\A0100971.exe	Infected: not-a-virus:AdWare.Win32.Xupiter.m
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js	Infected: not-a-virus:AdWare.Win32.ISearch.e
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar	Infected: not-a-virus:AdWare.Win32.ISearch.e
C:\WINDOWS\isrvs\isearch.xpi	Infected: not-a-virus:AdWare.Win32.ISearch.e
C:\WINDOWS\NDNuninstall6_38.exe	Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\WINDOWS\system32\Cache\runsearch.exe/data0006	Infected: not-a-virus:AdWare.Win32.BrowserVillage.b
C:\WINDOWS\system32\Cache\runsearch.exe	Infected: not-a-virus:AdWare.Win32.BrowserVillage.b
C:\WINDOWS\system32\Cache\setup.exe/data0001/EXE-file	Infected: Trojan.Win32.VB.tq
C:\WINDOWS\system32\Cache\setup.exe/data0001	Infected: Trojan.Win32.VB.tq
C:\WINDOWS\system32\Cache\setup.exe	Infected: Trojan.Win32.VB.tq
C:\WINDOWS\system32\Cache\VCMnet7 updated 030905.exe/data0002	Infected: Trojan.Win32.Registrator.b
C:\WINDOWS\system32\Cache\VCMnet7 updated 030905.exe/data0003	Infected: Trojan-Downloader.Win32.Small.aly
C:\WINDOWS\system32\Cache\VCMnet7 updated 030905.exe	Infected: Trojan-Downloader.Win32.Small.aly
C:\WINDOWS\system32\clusapi2.exe	Infected: not-a-virus:AdWare.Win32.AdSrve.c
C:\WINDOWS\system32\comdlg32.exe	Infected: not-a-virus:AdWare.Win32.VB.a
C:\WINDOWS\system32\lmf32v.dll	Infected: not-a-virus:AdWare.Win32.Suggestor.g
C:\WINDOWS\system32\mqexdlm.srg	Infected: not-a-virus:AdWare.Win32.BargainBuddy.q
C:\WINDOWS\system32\rk.bin	Infected: not-a-virus:AdWare.Win32.RK.c
C:\WINDOWS\UPGRADE.TXT:kjyysl:$DATA	Infected: Backdoor.Win32.Small.dc
C:\WINDOWS\winnt256.bmp:rrzgm:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(10).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(11).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(2).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(3).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(4).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(5).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(6).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(7).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(8).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq
C:\WINDOWS\_default(9).pif:osltl:$DATA	Infected: Trojan-Downloader.Win32.Agent.bq

Scan process completed.

Edited by TheBrotherhood313, 21 October 2005 - 03:14 PM.

  • 0

#7
TheBrotherhood313
Posted 21 October 2005 - 03:16 PM

TheBrotherhood313

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
This wouldnt fit in 1 post.

Panda - Report Below
[code=auto:0]
Incident Status Location

Adware:adware/exact.bargainbuddyReported C:\WINDOWS\SYSTEM32\exclean.exe
Spyware:spyware/linkreplacer Reported C:\WINDOWS\SYSTEM32\lmf32v.dll
Spyware:spyware/marketscore Reported C:\WINDOWS\SYSTEM32\rk.bin
Adware:adware/ncase Reported C:\WINDOWS\SYSTEM32\saieau.dat
Adware:adware/powersearch Reported C:\WINDOWS\SYSTEM32\stlb2.xml
Adware:adware/sqwire Reported C:\WINDOWS\SYSTEM32\tsuninst.exe
Adware:adware/portalscan Reported C:\WINDOWS\SYSTEM32\winupdt.008
Adware:adware/searchtheweb Reported C:\WINDOWS\SYSTEM32\CACHE\mswinstall.exe
Adware:adware/elitebar Reported C:\WINDOWS\DOWNLOADED PROGRAM FILES\OSDEB.OSD
Adware:adware/tvmedia Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\tvmuknwrd.dll
Spyware:spyware/new.net Reported C:\WINDOWS\NDNuninstall6_38.exe
Adware:adware/sidesearch Reported C:\WINDOWS\sepsd.bin
Adware:adware/e2give Reported C:\PROGRAM FILES\E2G
Adware:adware/beginto Reported C:\WINDOWS\SYSTEM32\b2s_cache
Adware:adware/isearch Reported C:\WINDOWS\isrvs
Adware:adware/searchforit Reported Windows Registry
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/SpyLog Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.spylog.com/]
Spyware:Cookie/BurstBeacon Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Sextracker Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[counter6.sextracker.com/]
Spyware:Cookie/Sextracker Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Zedo Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.zedo.com/]
Spyware:Cookie/64.62.232 Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/Com.com Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7.net Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Statcounter Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/XXXCounter Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Peel Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.peel.com/]
Spyware:Cookie/Ask Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.ask.com/]
Spyware:Cookie/Traffic MarketplaceReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/QuestionMarket Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/QkSrv Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/MammamediasolutionsReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/did-it Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Tradedoubler Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[adserver.livedoor.es/]
Spyware:Cookie/FortuneCity Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Bfast Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Server.iad.LivepersonReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[server.iad.liveperson.net/hc/49303385]
Spyware:Cookie/Server.iad.LivepersonReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/WebtrendsLive Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adviva Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Tribalfusion Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tickle Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Overture Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Findwhat Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/GoClick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Enhance Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/GoClick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/onestat.com Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Toplist Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/CentrPort Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Netster Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[lb1.netster.com/]
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/SpyLog Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.spylog.com/]
Spyware:Cookie/BurstBeacon Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Sextracker Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[counter6.sextracker.com/]
Spyware:Cookie/Sextracker Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.sextracker.com/]
Spyware:Cookie/Zedo Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.zedo.com/]
Spyware:Cookie/64.62.232 Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/Com.com Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.com.com/]
Spyware:Cookie/2o7.net Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Statcounter Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/XXXCounter Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.xxxcounter.com/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/FastClick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Peel Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.peel.com/]
Spyware:Cookie/Ask Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.ask.com/]
Spyware:Cookie/Traffic MarketplaceReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/QuestionMarket Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/bravenetA Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/QkSrv Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/MammamediasolutionsReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/did-it Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Tradedoubler Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[adserver.livedoor.es/]
Spyware:Cookie/FortuneCity Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Bfast Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Server.iad.LivepersonReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[server.iad.liveperson.net/hc/49303385]
Spyware:Cookie/Server.iad.LivepersonReported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/WebtrendsLive Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adviva Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Tribalfusion Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Tickle Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/Overture Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Findwhat Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/GoClick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/Enhance Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/GoClick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[c.goclick.com/]
Spyware:Cookie/onestat.com Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Toplist Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/CentrPort Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Netster Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\Mozilla\Firefox\Profiles\dbxsrcwk.default\cookies.txt[lb1.netster.com/]
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.atdmt.com/]
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.valueclick.com/]
Spyware:Cookie/QuestionMarket Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Paypopup Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.paypopup.com/]
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.valueclick.com/]
Spyware:Cookie/Paypopup Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.paypopup.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Paypopup Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.paypopup.com/]
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic MarketplaceReported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.realmedia.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.dist.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.belnk.com/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.servedby.advertising.com/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.advertising.com/]
Spyware:Cookie/7search Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.7search.com/]
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.fastclick.net/]
Spyware:Cookie/64.62.232 Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[64.62.232.6/]
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Ask Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.ask.com/]
Spyware:Cookie/WUpd Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.revenue.net/]
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profiles\MozillaControl\ajadsutp.slt\cookies.txt[.maxserving.com/]
Spyware:Cookie/Zedo Reported C:\Documents and Settings\Anthony Stubblefield\Application Data\MozillaControl\profi
  • 0

#8
TheBrotherhood313
Posted 21 October 2005 - 03:17 PM

TheBrotherhood313

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
And last post.

HijackThis Log - New report below
Logfile of HijackThis v1.99.1
Scan saved at 5:16:16 PM, on 10/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PcBoost] "C:\Program Files\PcBoost\PcBoost.exe" /start
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" --defaults-file=mysql\bin\my.cnf mysql (file missing)
O23 - Service: StyleXPService - Anthony - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

  • 0

#9
Armodeluxe
Posted 22 October 2005 - 11:57 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Go to Control Panel Add/Remove Programs and uninstall this if there is an entry for it:

E2G

Then delete these folders:

C:\PROGRAM FILES\E2G
C:\WINDOWS\isrvs
C:\WINDOWS\SYSTEM32\b2s_cache

Please first save these directions to the desktop as a text file, because you will need to copy and paste part of them later, once we are in Safe Mode.

1) Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.

2) Then please reboot into Safe Mode by restarting your computer and pressing F8 as your computer is booting up. Then select the Safe Mode option.

Open HijackThis and click Scan. Put a check next to this, close all other windows and click Fix Checked.

O4 - HKLM\..\Run: [OSS] C:\windows\system32\rlvknlg.exe -boot

3) Then please run Killbox.

4) Select "Delete on Reboot".

5) Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\SYSTEM32\exclean.exe
C:\WINDOWS\SYSTEM32\lmf32v.dll
C:\WINDOWS\SYSTEM32\rk.bin
C:\WINDOWS\SYSTEM32\saieau.dat
C:\WINDOWS\SYSTEM32\stlb2.xml
C:\WINDOWS\SYSTEM32\tsuninst.exe
C:\WINDOWS\SYSTEM32\winupdt.008
C:\WINDOWS\SYSTEM32\CACHE\mswinstall.exe
C:\WINDOWS\DOWNLOADED PROGRAM FILES\OSDEB.OSD
C:\Documents and Settings\Anthony Stubblefield\Application Data\tvmuknwrd.dll
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\sepsd.bin
C:\Documents and Settings\Anthony Stubblefield\Application Data\v*t*.exe
C:\Program Files\MSN Messenger\cedpstealer(www.mess.be)\CE.DP.Stealer.1.4.5.exe
C:\Program Files\MSN Messenger\extfix(www-1.mess.be)\extfix.exe
C:\WINDOWS\system32\Cache\runsearch.exe I
C:\WINDOWS\system32\Cache\setup.exe
C:\WINDOWS\system32\Cache\VCMnet7 updated 030905.exe
C:\WINDOWS\system32\clusapi2.exe
C:\WINDOWS\system32\comdlg32.exe
C:\WINDOWS\system32\lmf32v.dll
C:\WINDOWS\system32\mqexdlm.srg
C:\WINDOWS\system32\rk.bin
C:\windows\system32\rlvknlg.exe
C:\WINDOWS\UPGRADE.TXT
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\_default(10).pif
C:\WINDOWS\_default(11).pif
C:\WINDOWS\_default(2).pif
C:\WINDOWS\_default(3).pif
C:\WINDOWS\_default(4).pif
C:\WINDOWS\_default(5).pif
C:\WINDOWS\_default(6).pif
C:\WINDOWS\_default(7).pif
C:\WINDOWS\_default(8).pif
C:\WINDOWS\_default(9).pif


6) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

7) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the Do you want to reboot now prompt.

Reboot back to normal mode and post a new HijackThis log and then let's adress the optionals. Is it running better now?
  • 0

#10
TheBrotherhood313
Posted 22 October 2005 - 12:27 PM

TheBrotherhood313

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts
It seems to be running a little better now. I didnt notice too much of a difference but i can see that many viruses have been cleaned which is good.
Im getting a 2nd Ram card soon and a 2nd Hard-Drive around Christmas. When i do that im thinking about re-formating. Do you suggest this?

HijackThis Log
Logfile of HijackThis v1.99.1
Scan saved at 2:25:19 PM, on 10/22/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\D-link AirPlus G DWL-G120 Wireless USB\120UTIL.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - Global Startup: D-link AirPlus G DWL-G120 Wireless USB.lnk = ?
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {6E2D6932-3885-4FA2-8DD4-DB63FFE33797} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkCnv.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~2\WINDOW~1\fastload.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: mysql - Unknown owner - C:\Program Files\xampp\mysql\bin\mysqld-nt.exe" --defaults-file=mysql\bin\my.cnf mysql (file missing)
O23 - Service: StyleXPService - Anthony - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

  • 0

#11
Armodeluxe
Posted 22 October 2005 - 02:09 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
I guess you already fixed the items you don't want, I see many entries missing there.

We never as a principle suggest reformatting, but that's your decision and if you want to do that, that's fine.

Now let's reset your restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate

You also should download Service Pack 2, that will also provide you with better protection. You can get it here:

http://www.microsoft...p2/default.mspx

I'll also recommend you to install a monitoring software which will monitor certain areas on your computer and will place alerts when those are being modified. One such software I'll recommend is Prevx, but it's for advanced users as the messages it displays can be hard to decipher. One other similar but more user friendly software is Winpatrol. Both are free programs.

Winpatrol

Prevx

Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#12
TheBrotherhood313
Posted 22 October 2005 - 03:36 PM

TheBrotherhood313

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 127 posts

I guess you already fixed the items you don't want, I see many entries missing there.


I didnt remove anything you didnt tell me to.
I mean i disabled Quicktime to startup through the Registry and i uninstalled a few programs. So maybe thats what you mean.

And about all that you suggested, thanks a lot. I already use FireFox and Opera as my backup. I dont use IE at all.

Not sure if you know about this one as its fairly new. But it does look really good.
Its called SpyDefense
http://www.everestlabs.com/
I personally havent used it yet but from what they say it can do it sounds really nice. :tazz:

And once again, thanks for taking your time to help me out. ^_^

~Anthony

Edited by TheBrotherhood313, 22 October 2005 - 03:36 PM.

  • 0

#13
Armodeluxe
Posted 23 October 2005 - 06:45 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Thanks for the tip on Spydefense..looks like it's still on beta, but will keep an eye out for the official release :tazz:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP