There's no such thing as a stupid question, but they're the easiest to answer.
JoinTour
Login
Search
General Security
Go to first new post Solved: not sure?about site
Go to first new post Computer security, may have been hacked ...
Go to first new post Account Maintenance/Upgrade
Tag Cloud
access acer asus bios bsod computer crash desktop driver drivers error ethernet excel freeze gaming hard drive hardware hdmi internet java laptop malware memory monitor motherboard music network obp printer problem ram registry repair router slow software sound toshiba trojan usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless
Search
Search for:
Tech Support Guy Forums > Security & Malware Removal > General Security >
viruses

Page 1 of 3 1 23
Reply  
Thread Tools
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
23-Feb-2008, 01:22 PM #1
viruses
Norton expired and had been expired for about 6 months so I went and got AVG free but there are still viruses on the computer that AVG tries to heal but are still there. Any thoughts?
Register for free to hide this ad!
blues_harp28's Avatar
Distinguished Member with 10,094 posts.
  
Join Date: Jan 2005
Location: London England
23-Feb-2008, 01:34 PM #2
Hi try online scan.
Trendmicro.
http://housecall.trendmicro.com
Avg..are they put in the virus vault?
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
24-Feb-2008, 05:38 PM #3
Hi,

If you complete the Housecall scan, be sure to save the results and post them here.

You can also do this: We can get a basic idea if there is malware present and help you remove it using Hijackthis, as a start.

go to Click here to download HJTsetup.exe
  • On that page, select one of the servers in the list under the Free Downloads heading
  • Save HJTsetup.exe to your desktop.
  • Double click on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a log file button. It will scan and then save the log and then the log will open in Notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Paste the log in your next reply.
  • Don't use the Analyse This button, its findings are dangerous if misinterpreted.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

_ _ _ _
Please also do this:
  • Open Hijack This and click on the "Open the Misc Tools section" button.
  • Click on the "Open Uninstall Manager" button.
  • Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad.
  • Copy and paste that list here in your reply
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
03-Mar-2008, 04:03 AM #4
ok will try that basicly i thinks its affecting the sound card because the dirvers don't stay loaded and have to be reloaded eveerytime you load the computer
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
13-Jun-2008, 12:20 AM #5
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:05 PM, on 6/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sonic\RecordNow!\RecordNow.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick...ield2=-74.5148
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/NJ...&city=Rockaway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22902162-FAC0-46E8-A8E8-5DECA2512728} - C:\WINDOWS\system32\CTL3DV.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Her - {C4DE5B15-4FFE-4c02-8CB3-CAD24A33562B} - C:\WINDOWS\system32\ramtmb.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broderbund] C:\WINDOWS\TEMP\drtpbtvl.exe
O4 - HKLM\..\Run: [_] c:\windows\system32\drivers\wmq.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Policies\Explorer\Run: [qmjqaxhu.exe] C:\WINDOWS\system\qmjqaxhu.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [autoload] C:\WINDOWS\system32\drivers\smss.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autoload] C:\WINDOWS\system32\drivers\smss.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZNxmk121YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll/CONTEXTMENUSEARCH.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c1993e2bec84444192b6219499c5123e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c1993e2bec84444192b6219499c5123e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: LinkedIn - {DDAF92BF-2008-4d7f-8BB3-915E6027C9AF} - C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll
O9 - Extra 'Tools' menuitem: LinkedIn - {DDAF92BF-2008-4d7f-8BB3-915E6027C9AF} - C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O20 - AppInit_DLLs: ???????????
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O21 - SSODL: QhgbtnUe - {1CA9AC2F-B603-0685-2111-9C8E57EAD8E9} - C:\WINDOWS\system32\kzgwts.dll (file missing)
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - (no file)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CcEvtSvc - Unknown owner - C:\WINDOWS\System32\CcEvtSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Microsoft Internet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10446 bytes
__________________
Even the wisest of man asks questions. It is the truely ignorant that never ask.
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
13-Jun-2008, 11:33 PM #6
Hi,

Please do what was in my other reply....the second part:

I will quote from it:

Quote:
Originally Posted by Byteman
Please also do this:
  • Open Hijack This and click on the "Open the Misc Tools section" button.
  • Click on the "Open Uninstall Manager" button.
  • Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad.
  • Copy and paste that list here in your reply

Next, do this- you do not have to wait for a reply from me.....just follow the directions below.

You will find it better to save these directions to a Notepad, save to your desktop. Or, print out.

SDFix only runs in Safe Mode Give it all the time it wants, you won't be able to really do anything else while it is working, just post the log it makes when done please and the new HJT log.

~* I advise you to log onto your normal user account when going to Safe Mode and run SDFix (provided your account is an Administrator level, not LImited)

SD FIX
Please read all through the info so you know what will be done.
**Note that SDFix runs only in Safe Mode
**Also> any user account that you boot into, in Safe Mode, has to be at Administrator user level...
There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a Hijackthis log made after SDFix is done
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
14-Jun-2008, 01:16 AM #7
SDFix: Version 1.192
Run by Home on Fri 06/13/2008 at 11:23 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Home\Desktop\sdfix\SDFix

Checking Services :

Name :
CcEvtSvc

Path :
%SystemRoot%\System32\CcEvtSvc.exe -k netsvcs

CcEvtSvc - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting

Service NdisWon - Deleted
Service Ufr34 - Deleted

Checking Files :

Trojan Files Found:

C:\10.TMP - Deleted
C:\11.TMP - Deleted
C:\12.TMP - Deleted
C:\13.TMP - Deleted
C:\3.TMP - Deleted
C:\346.TMP - Deleted
C:\36D.TMP - Deleted
C:\377.TMP - Deleted
C:\395.TMP - Deleted
C:\5.TMP - Deleted
C:\6.TMP - Deleted
C:\7.TMP - Deleted
C:\8.TMP - Deleted
C:\D.TMP - Deleted
C:\E.TMP - Deleted
C:\F.TMP - Deleted
C:\4.TMP - Deleted
C:\WINDOWS\PerfInfo\NGVrfvW5Vr.exe.bak - Deleted
C:\Program Files\RichVideoCodec\install.ico - Deleted
C:\WINDOWS\17PHolmes801.exe - Deleted
C:\WINDOWS\system32\RunOnce.t__ - Deleted
C:\WINDOWS\system32\RunOnce.tmp - Deleted
C:\res.txt - Deleted
C:\WINDOWS\system32\alog.txt - Deleted
C:\WINDOWS\system32\boa1.dat - Deleted
C:\WINDOWS\system32\cmds.txt - Deleted
C:\WINDOWS\system32\cs.dat - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\rc.dat - Deleted
C:\WINDOWS\system32\sft.res - Deleted
C:\WINDOWS\system32\drivers\Ufr34.sys - Deleted



Folder C:\Documents and Settings\All Users\Documents\Settings - Removed
Folder C:\Program Files\RichVideoCodec - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\WINDOWS\PerfInfo - Removed


Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-14 00:08:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enable d:@xpsp2res.dll,-22019"

Remaining Files :


File Backups: - C:\DOCUME~1\Home\Desktop\sdfix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 9 Aug 2003 49,237 A..H. --- "C:\Program Files\America Online 9.0\aolphx.exe"
Sat 9 Aug 2003 36,953 A..H. --- "C:\Program Files\America Online 9.0\aoltray.exe"
Sat 9 Aug 2003 40,960 A..H. --- "C:\Program Files\America Online 9.0\RBM.exe"
Sat 9 Aug 2003 233,553 A..H. --- "C:\Program Files\America Online 9.0\waol.exe"
Sat 1 Jan 2005 56 ..SHR --- "C:\WINDOWS\SYSTEM32\FEE33D5AA1.sys"
Sat 1 Jan 2005 6,580 A.SH. --- "C:\WINDOWS\SYSTEM32\KGyGaAvL.sys"
Sat 24 Sep 2005 426,282 A.SH. --- "C:\WINDOWS\SYSTEM32\pstwa.tmp"
Wed 12 Oct 2005 355,709 A.SH. --- "C:\WINDOWS\SYSTEM32\pstwa.bak2"
Fri 9 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 11 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 4 Apr 2008 48,128 ...H. --- "C:\Documents and Settings\Home\My Documents\GSQ-Secretary\~WRL0002.tmp"
Mon 7 Apr 2008 48,640 ...H. --- "C:\Documents and Settings\Home\My Documents\GSQ-Secretary\~WRL3552.tmp"
Wed 19 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\ BIT1.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fd0264849c01086f3c6b505dc02dbd44\ BIT2.tmp"
Mon 10 Dec 2007 70,656 ...H. --- "C:\Documents and Settings\Home\Application Data\Microsoft\Word\~WRL0010.tmp"
Wed 11 Jun 2003 19,456 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\~WRL3761.tmp"
Tue 16 Aug 2005 24,064 ...H. --- "C:\Documents and Settings\Home\My Documents\kevin\acident info\~WRL0547.tmp"
Wed 17 Aug 2005 24,576 ...H. --- "C:\Documents and Settings\Home\My Documents\kevin\acident info\~WRL1679.tmp"
Wed 17 Aug 2005 24,576 ...H. --- "C:\Documents and Settings\Home\My Documents\kevin\acident info\~WRL3030.tmp"
Tue 16 Aug 2005 24,576 ...H. --- "C:\Documents and Settings\Home\My Documents\kevin\acident info\~WRL3637.tmp"
Thu 18 Aug 2005 25,600 ...H. --- "C:\Documents and Settings\Home\My Documents\kevin\acident info\~WRL4065.tmp"
Thu 17 Feb 2005 40,960 ...H. --- "C:\Documents and Settings\Home\My Documents\Mom-General\Quilting\~WRL0218.tmp"
Fri 9 Sep 2005 4,348 ...H. --- "C:\Documents and Settings\Home\My Documents\My Music\License Backup\drmv1key.bak"
Sat 18 Feb 2006 20 A..H. --- "C:\Documents and Settings\Home\My Documents\My Music\License Backup\drmv1lic.bak"
Fri 9 Sep 2005 400 A.SH. --- "C:\Documents and Settings\Home\My Documents\My Music\License Backup\drmv2key.bak"
Sat 9 Aug 2003 111,824 A..H. --- "C:\Program Files\Common Files\aolshare\shell\us\shellext.dll"
Fri 20 Jun 2003 21,504 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Caitie\~WRL0134.tmp"
Fri 20 Jun 2003 22,528 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Caitie\~WRL1985.tmp"
Fri 20 Jun 2003 19,968 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Caitie\~WRL2093.tmp"
Fri 20 Jun 2003 23,552 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Caitie\~WRL3064.tmp"
Fri 20 Jun 2003 24,064 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Caitie\~WRL4004.tmp"
Tue 22 Jun 2004 31,232 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\~WRL3062.tmp"
Thu 11 Jan 2001 19,456 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Sean\~WRL0274.tmp"
Mon 15 Jan 2001 70,144 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Sean\~WRL1109.tmp"
Thu 5 Aug 2004 19,456 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Wayne\~WRL0003.tmp"
Thu 12 Aug 2004 20,480 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Wayne\~WRL1808.tmp"
Wed 2 Oct 2002 26,624 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\Santa Lunch\~WRL3509.tmp"
Wed 2 Oct 2002 19,456 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\Santa Lunch\~WRL3747.tmp"
Wed 2 Oct 2002 27,648 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\Santa Lunch\~WRL4055.tmp"
Tue 3 Aug 2004 32,768 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\Work\~WRL0073.tmp"
Thu 12 Aug 2004 32,768 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\Work\~WRL2146.tmp"
Thu 12 Aug 2004 33,792 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\Work\~WRL2634.tmp"
Tue 10 Aug 2004 33,792 A..H. --- "C:\Documents and Settings\Home\My Documents\backup\My Documents\Rosetta\Work\~WRL3599.tmp"
Thu 4 Nov 2004 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Thu 4 Nov 2004 8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"

Finished!
__________________
Even the wisest of man asks questions. It is the truely ignorant that never ask.
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
14-Jun-2008, 01:17 AM #8
Accounting Concepts and App G L
Acctounting Concpts Apps Solution Checker
Acoustica CD/DVD Label Maker
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
America Online (Choose which version to remove)
American Greetings CreataCard Select 6
AOL Instant Messenger
AVG 7.5
Banctec Service Agreement
Business Contact Manager for Outlook 2003
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon i560
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Chessmaster 5500 1.2.0
Creative MediaSource
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Support 5.0.0 (630)
DivX Pro Trial
EQ5
EQ6 Show
Form Fill (Windows Live Toolbar)
Graph paper printer
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
ichat ROOMS(TM) Client for Internet Explorer
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2_03
Juno
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
LinkedIn JobsInsider
LiveUpdate 3.0 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Web Publishing Wizard 1.52
Modem Event Monitor
Modem Helper
Modem On Hold
Mosby's Medical Encyclopedia
Mozilla Firefox (2.0.0.14)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
Musicmatch for Windows Media Player
Musicmatch® Jukebox
PowerDVD 5.3
QuickTime
Radio@Netscape
RealArcade
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Smart Menus (Windows Live Toolbar)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
Sound Blaster Live! 24-bit
SpanishNow!
Spybot - Search & Destroy 1.4
Star Trek Legacy
Star Wars Jedi Knight Jedi Academy
Symantec KB-DocID:2003093015493306
Tabbed Browsing (Windows Live Toolbar)
Unitype Applications
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
URGE
Viewpoint Media Player
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Outlook Toolbar (Windows Live Toolbar)
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinXMedia AVI/WMV 3GP Converter 2.0
World of Warcraft
Yahoo! Messenger
Yahoo! Photos Easy Upload Tool 1v7
__________________
Even the wisest of man asks questions. It is the truely ignorant that never ask.
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
16-Jun-2008, 02:26 AM #9
Hi,

I'll be getting back to you later today....good job with SDFix etc.

I have several things to take care of and will post the next steps for you as soon as I can.
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
17-Jun-2008, 09:44 PM #10
Hi,

You do have some of the Norton program left, and you are using at least 2 other outdated programs so I will be taking care of those a bit later...

Here is what to do first:

Look at this link below, and click on the Windows Defender one to get directions to temporarily turn off Defender... it might interfere with our fixes so do what it says.

http://wiki.castlecops.com/Malware_R...oring_Programs

Next:

Download SUPERAntiSpyware Free for Home Users
alternate site
  • Double-click SUPERAntiSpyware.exe to install and use the default settings for installation.
    Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
  • Run SUPERAntiSpyware and update the definitions before scanning by selecting "Check for Udates".
  • When done, select "Scan for Harmful Software".
  • There are three scanning options available. Choose "Perform Complete Scan" and click "Next".
  • When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
  • Place a checkmark next to items you wish to remove/quarantine and Click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked to Reboot, please do.
  • After Reboot, double-click on SuperAnti-Spyware icon on your Desktop.
  • Click Preferences, Click the Statistics/Logs Tab.
  • Under Scanner logs, Double-click SuperAnti-Spyware Scan Log.
  • It will open in your default text editor (such as Notepad or WordPad).
  • Please Highlight everything in the Notepad, then right-click and choose copy.
  • Select close to exit the program.
  • In your next reply, please post those results and include a fresh Hijackthis log.
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
18-Jun-2008, 06:14 PM #11
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/18/2008 at 05:09 PM

Application Version : 4.15.1000

Core Rules Database Version : 3484
Trace Rules Database Version: 1475

Scan type : Complete Scan
Total Scan Time : 00:29:06

Memory items scanned : 340
Memory threats detected : 0
Registry items scanned : 6569
Registry threats detected : 9
File items scanned : 22334
File threats detected : 81

Adware.Tracking Cookie
C:\Documents and Settings\Home\Cookies\home@media.adrevolver[2].txt
C:\Documents and Settings\Home\Cookies\home@2o7[2].txt
C:\Documents and Settings\Home\Cookies\home@atdmt[2].txt
C:\Documents and Settings\Home\Cookies\home@adopt.specificclick[1].txt
C:\Documents and Settings\Home\Cookies\home@tacoda[2].txt
C:\Documents and Settings\Home\Cookies\home@bs.serving-sys[2].txt
C:\Documents and Settings\Home\Cookies\home@pagead[3].txt
C:\Documents and Settings\Home\Cookies\home@serving-sys[2].txt
C:\Documents and Settings\Home\Cookies\home@adinterax[1].txt
C:\Documents and Settings\Home\Cookies\home@ad.yieldmanager[1].txt
C:\Documents and Settings\Home\Cookies\home@1062473944[1].txt
C:\Documents and Settings\Home\Cookies\home@tribalfusion[1].txt
C:\Documents and Settings\Home\Cookies\home@fastclick[1].txt
C:\Documents and Settings\Home\Cookies\home@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Home\Cookies\home@advertising[2].txt
C:\Documents and Settings\Home\Cookies\home@partner2profit[1].txt
C:\Documents and Settings\Home\Cookies\home@doubleclick[1].txt
C:\Documents and Settings\Home\Cookies\home@mediaplex[2].txt
C:\Documents and Settings\Home\Cookies\home@specificclick[1].txt
C:\Documents and Settings\Home\Cookies\home@ads.pointroll[1].txt
C:\Documents and Settings\Home\Cookies\home@data.coremetrics[1].txt
C:\Documents and Settings\Home\Cookies\home@adopt.euroclick[2].txt
C:\Documents and Settings\Home\Cookies\home@ads.bridgetrack[1].txt
C:\Documents and Settings\Home\Cookies\home@adserver[1].txt
C:\Documents and Settings\Home\Cookies\home@statcounter[2].txt
C:\Documents and Settings\Home\Cookies\home@pagead[1].txt
C:\Documents and Settings\Home\Cookies\home@adlegend[1].txt
C:\Documents and Settings\Home\Cookies\home@apmebf[2].txt
C:\Documents and Settings\Home\Cookies\home@zedo[1].txt
C:\Documents and Settings\Home\Cookies\home@questionmarket[2].txt
C:\Documents and Settings\Home\Cookies\home@knitting1212764400[1].txt
C:\Documents and Settings\Home\Cookies\home@omaha.adbureau[2].txt
C:\Documents and Settings\Home\Cookies\home@collective-media[2].txt
C:\Documents and Settings\Home\Cookies\home@cgi-bin[2].txt
C:\Documents and Settings\Home\Cookies\home@realmedia[1].txt
C:\Documents and Settings\Home\Cookies\home@insightexpressai[1].txt
C:\Documents and Settings\Home\Cookies\home@knitting1213628400[1].txt
C:\Documents and Settings\Home\Cookies\home@richmedia.yahoo[1].txt
C:\Documents and Settings\Home\Cookies\home@knitting1213369200[1].txt
C:\Documents and Settings\Home\Cookies\home@gadget[2].txt
C:\Documents and Settings\Home\Cookies\home@taconycorporation.122.2o7[1].txt
C:\Documents and Settings\Home\Cookies\home@trafficmp[1].txt
C:\Documents and Settings\Home\Cookies\home@hypertracker[1].txt
C:\Documents and Settings\Home\Cookies\home@oasc08.247realmedia[1].txt
C:\Documents and Settings\Home\Cookies\home@knitting1211554800[1].txt
C:\Documents and Settings\Home\Cookies\home@anad.tacoda[2].txt
C:\Documents and Settings\Home\Cookies\home@revsci[1].txt
C:\Documents and Settings\Home\Cookies\home@anat.tacoda[1].txt
C:\Documents and Settings\Home\Cookies\home@americansafetycouncil.112.2o7[1].txt
C:\Documents and Settings\Home\Cookies\home@adrevolver[2].txt
C:\Documents and Settings\Home\Cookies\home@1071848849[1].txt
C:\Documents and Settings\Home\Cookies\home@citi.bridgetrack[1].txt
C:\Documents and Settings\Home\Cookies\home@publishers.clickbooth[2].txt
C:\Documents and Settings\Home\Cookies\home@ads.addynamix[1].txt
C:\Documents and Settings\Home\Cookies\home@msnportal.112.2o7[1].txt
C:\Documents and Settings\Home\Cookies\home@pagead[2].txt
C:\Documents and Settings\Home\Cookies\home@pagead[4].txt
C:\Documents and Settings\Home\Cookies\home@bluestreak[1].txt
C:\Documents and Settings\Home\Cookies\home@ads.monster[2].txt
C:\Documents and Settings\Home\Cookies\home@statse.webtrendslive[1].txt
C:\Documents and Settings\Home\Cookies\home@atwola[1].txt
C:\Documents and Settings\Home\Cookies\home@adrevolver[3].txt
.atdmt.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.doubleclick.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.questionmarket.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.advertising.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.dynamic.media.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
media.adrevolver.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.ads.pointroll.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.serving-sys.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.bs.serving-sys.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
core.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
statse.webtrendslive.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.tacoda.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.revsci.net [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\lhncf93h.default\cookies.txt ]
C:\Documents and Settings\Home\Cookies\home@mywebsearch[4].txt
C:\Documents and Settings\Home\Cookies\home@mywebsearch[3].txt
C:\Documents and Settings\Home\Cookies\home@mywebsearch[2].txt
C:\Documents and Settings\Home\Cookies\home@mywebsearch[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adnetserver[1].txt

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.BookedSpace
C:\WINDOWS\zAbstract\ASI5AFF.bsx
C:\WINDOWS\zAbstract\ASI_SPEC.bsx
C:\WINDOWS\zAbstract\EECH.bsx
C:\WINDOWS\zAbstract\MYGEEK3.bsx
C:\WINDOWS\zAbstract\SPZ5.bsx
C:\WINDOWS\zAbstract

Trojan.DollarRevenue
C:\WINDOWS\keyboard1.dat

Trojan.SVCHostSYS
C:\Program Files\Common Files\svchostsys

Adware.Affiliate
C:\DOCUMENTS AND SETTINGS\HOME\DESKTOP\PARTYPOKER $100 FREE.URL

Trojan.Unclassified/MMHRen
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0041998.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP205\A0041999.EXE

Trojan.Dropper/Packed
C:\WINDOWS\SYSTEM\PATCH_9810.EXE

Trojan.Download-Gen/N_BHO
C:\WINDOWS\SYSTEM32\CTL3DV.DLL

Trojan.Downloader-Gen/Upd-NoEM
C:\WINDOWS\SYSTEM32\UPDATE236.EXE
__________________
Even the wisest of man asks questions. It is the truely ignorant that never ask.
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
18-Jun-2008, 06:15 PM #12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:14:59 PM, on 6/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick...ield2=-74.5148
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/NJ...&city=Rockaway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22902162-FAC0-46E8-A8E8-5DECA2512728} - C:\WINDOWS\system32\CTL3DV.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Broderbund] C:\WINDOWS\TEMP\drtpbtvl.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [autorun] C:\Documents and Settings\LocalService\smss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autorun] C:\Documents and Settings\LocalService\smss.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZNxmk121YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll/CONTEXTMENUSEARCH.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c1993e2bec84444192b6219499c5123e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c1993e2bec84444192b6219499c5123e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: LinkedIn - {DDAF92BF-2008-4d7f-8BB3-915E6027C9AF} - C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll
O9 - Extra 'Tools' menuitem: LinkedIn - {DDAF92BF-2008-4d7f-8BB3-915E6027C9AF} - C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O20 - AppInit_DLLs: ???????????
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O21 - SSODL: QhgbtnUe - {1CA9AC2F-B603-0685-2111-9C8E57EAD8E9} - C:\WINDOWS\system32\kzgwts.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Microsoft Internet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10633 bytes
__________________
Even the wisest of man asks questions. It is the truely ignorant that never ask.
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
19-Jun-2008, 12:07 AM #13
Hi-- Here are the next steps to do:

COMBO FIX:
Please read all through the info so you know what will be done.
Directions and tips for using ComboFix:
http://www.bleepingcomputer.com/comb...o-use-combofix

There is a Printable Version button up under the Thread Tools drop down menu that will let you print a nice text version of these instructions.
Alternate way to save directions:Open Notepad> Copy and Paste any text you wish into Notepad, and Save the file as something you will recognize like TSGhelp.txt and save it onto your desktop.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    -----------------------------------------------------------

  3. Double click on combofix.exe & follow the prompts.
  4. When finished, it will produce a report for you.
  5. Please post the "C:\ComboFix.txt" in your next reply..And, after you are done posting the log from ComboFix....run Hijackthis again, Scan and Save a Log....post the brand new log
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
__________________
Mung (computer term), the act of making several incremental changes to an item that combine to destroy it
Donate directly to help the site TSG Library
TSG's Welcome Guide- Tips, Rules, How to use TSG and more!
sir_comp's Avatar
Member with 122 posts.
  
Join Date: Mar 2004
19-Jun-2008, 02:18 AM #14
the combo fix file is way to big to post
here is the hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:11 AM, on 6/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forecast.weather.gov/MapClick...ield2=-74.5148
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.crh.noaa.gov/forecasts/NJ...&city=Rockaway
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {22902162-FAC0-46E8-A8E8-5DECA2512728} - C:\WINDOWS\system32\CTL3DV.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [autorun] C:\Documents and Settings\LocalService\smss.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [autorun] C:\Documents and Settings\LocalService\smss.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Search - ?p=ZSzed029YYUS_ZNxmk121YYUS
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Linked&In Search - res://C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll/CONTEXTMENUSEARCH.HTM
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c1993e2bec84444192b6219499c5123e
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c1993e2bec84444192b6219499c5123e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: LinkedIn - {DDAF92BF-2008-4d7f-8BB3-915E6027C9AF} - C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll
O9 - Extra 'Tools' menuitem: LinkedIn - {DDAF92BF-2008-4d7f-8BB3-915E6027C9AF} - C:\Program Files\LinkedIn\JobsInsider\2.5.0.1032\LinkedinIEToolbar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/Activ...veLauncher.cab
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedIn...derControl.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-365764235644} (AtlAtomadersCtlAttrib Class) - http://kraisoft.com/files/realone/atomaders.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtsp - C:\WINDOWS\system32\awtsp.dll (file missing)
O21 - SSODL: QhgbtnUe - {1CA9AC2F-B603-0685-2111-9C8E57EAD8E9} - C:\WINDOWS\system32\kzgwts.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Microsoft Internet Services - Unknown owner - C:\WINDOWS\system32\_svchost.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10192 bytes
__________________
Even the wisest of man asks questions. It is the truely ignorant that never ask.
Byteman's Avatar
Moderator & Malware Removal Specialist with 17,387 posts.
  
Join Date: Jan 2002
Location: NY
Experience: Junkware Jouster
21-Jun-2008, 12:15 AM #15
Hi, I need to see the ComboFix log....please try Attaching the log to your next Reply

Quote:
Originally Posted by TechGuy
What are Attachments?

The attachment feature of this forum gives you the ability to attach files of certain types to your posts. This could be an image, a text document, etc. There will be a limit to the file size of any attachments you make, as the forums should not be used as an extension of your hard disk!

To attach a file to a new post, simply click the [Browse] button at the bottom of the post composition page, and locate the file that you want to attach from your local hard drive.

After posting, the attachment will show up in the body of your message. To view the contents of the attachment (if it is not already displayed) simply click the filename link that appears next to the attachment icon.
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 3 1 23

THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | General Security | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
WELCOME TO TECH SUPPORT GUY! Are you looking for the solution to your computer problem? Join our site today to ask your question -- for free! Our site is run completely by volunteers who want to help you solve your computer problems. See our Welcome Guide to get started.
Thread Tools



Facebook Facebook Twitter Twitter TechGuy.tv TechGuy.tv Mobile TSG Mobile
Contact Us - HelpOnThe.Net - Archive - Terms of Service - Top
You Are Using:
Server ID
Advertisements do not imply our endorsement of that product or service.
All times are GMT -4. The time now is 04:07 AM.
Copyright © 1996 - 2011 TechGuy, Inc. All rights reserved.

 Powered by Cermak Technologies, Inc.