1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

aim freezes

Discussion in 'All Other Software' started by f1rasta, Jul 17, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. f1rasta

    f1rasta Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    11
    though there are many viruses on my computer (can't change destop picture, e2give/iniwin32.dll, etc), the most annoying is that whenever i run aim it freezes after sending or receiving a single im.
    i can log on to my aim screen name on any other computer without problems, and i can use aim express (a non-downloadable program from aim.com). deleting my copy of the aim program doesnt help, no matter how i delete it. changing log in accounts also doesnt help.
    once i hit the send button or enter for an im, all aim windows display Not Responding on the top and i have to use control+alt+delete. hitting the X button in the corner of any aim window also terminates the entire program.
    heres my hijackthis log

    Logfile of HijackThis v1.99.1
    Scan saved at 1:22:09 AM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\system32\Grxp4exe.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\utorrent.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\Program Files\America Online 9.0a\waol.exe
    C:\Program Files\America Online 9.0a\shellmon.exe
    C:\Program Files\Common Files\Aol\aoltpspd.exe
    C:\Documents and Settings\Dan\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/...nitialized&siteId=ae40_prod_aim&seamless=novl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7
    R3 - URLSearchHook: (no name) - {DE3BFB80-47D7-77AD-ECC8-6947CBCBCE9B} - msag.dll (file missing)
    R3 - URLSearchHook: (no name) - {741D4CBE-0B3B-3D48-750C-CCE9D97E05C8} - zxc.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: TChkBHO Class - {F4A94AC9-EC6E-4AB6-95AA-799D43AE483A} - C:\WINDOWS\SYSTEM32\alvji.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [Tgcmd] "C:\@home\tioga\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] Grxp4exe.exe /init
    O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [w0078b75.dll] RUNDLL32.EXE w0078b75.dll,I2 0009d45c00078b75
    O4 - HKLM\..\Run: [w0ac5bc7.dll] RUNDLL32.EXE w0ac5bc7.dll,I2 0009d45c00ac5bc7
    O4 - HKLM\..\Run: [w037bdf5.dll] RUNDLL32.EXE w037bdf5.dll,I2 0009d45c0037bdf5
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [panel_its] MsNetHelper.exe
    O4 - HKCU\..\Run: [Shaitan1678] newbreed.exe
    O4 - HKCU\..\Run: [Kargo] AppMasterCenter.exe
    O4 - HKCU\..\Run: [Uint32] CToolBar.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: @Home - {2094BA1A-FFFC-426D-A555-01F5D3F6E063} - http://www/ (file missing) (HKCU)
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06ded1b935d48d404917/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{56C00F6D-CF5A-4F93-A472-93E93E171BFF}: NameServer = 205.188.146.145
    O20 - AppInit_DLLs: iniwin32.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    thanks, and feel free to point out any other problems that might be in the log (i have no idea how to read it)
     
  2. gfxrelay

    gfxrelay

    Joined:
    Oct 26, 2005
    Messages:
    588
    Hola cant read it eighter but firstly get something like NOD32 and remove the virusses from your pc if you use Win Xp you can insert your Xp cd after the virii is removed and from the command prompt run: sfc /scannow
     
  3. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hi and welcome :)
    You are very infected.

    * Click here to download Webroot SpySweeper.

    (It's a 2 week trial.)

    * Click the Free Trial link under "SpySweeper" to download the program.
    * Install it. Once the program is installed, it will open.
    * It will prompt you to update to the latest definitions, click Yes.
    * Once the definitions are installed, click Options on the left side.
    * Click the Sweep Options tab.
    * Under What to Sweep please put a check next to the following:
    o Sweep Memory
    o Sweep Registry
    o Sweep Cookies
    o Sweep All User Accounts
    o Enable Direct Disk Sweeping
    o Sweep Contents of Compressed Files
    o Sweep for Rootkits

    o Please UNCHECK Do not Sweep System Restore Folder.

    * Click Sweep Now on the left side.
    * Click the Start button.
    * When it's done scanning, click the Next button.
    * Make sure everything has a check next to it, then click the Next button.
    * It will remove all of the items found.
    * Click Session Log in the upper right corner, copy everything in that window.
    * Click the Summary tab and click Finish.
    * Paste the contents of the session log you copied into your next reply.

    Also post a new Hijack This log.
     
  4. wilson44512

    wilson44512

    Joined:
    Mar 25, 2006
    Messages:
    2,450
  5. f1rasta

    f1rasta Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    11
    thanks cheeseball. i followed your instructions, but unfourtunatly i still have the same problem with aim (and i still cant change my destop background). here is the scan log:

    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    10:15 PM: Shield States
    10:15 PM: Spyware Definitions: 720
    10:14 PM: Spy Sweeper 5.0.5.1286 started
    9:46 PM: | End of Session, Monday, July 17, 2006 |
    9:44 PM: Your spyware definitions have been updated.
    Keylogger Shield: On
    BHO Shield: On
    IE Security Shield: On
    Alternate Data Stream (ADS) Execution Shield: On
    Startup Shield: On
    Common Ad Sites Shield: Off
    Hosts File Shield: On
    Spy Communication Shield: On
    ActiveX Shield: On
    Windows Messenger Service Shield: On
    IE Favorites Shield: On
    Spy Installation Shield: On
    Memory Shield: On
    IE Hijack Shield: On
    IE Tracking Cookies Shield: Off
    9:43 PM: Shield States
    9:43 PM: Spyware Definitions: 691
    9:43 PM: Spy Sweeper 5.0.5.1286 started
    9:43 PM: Spy Sweeper 5.0.5.1286 started
    9:43 PM: | Start of Session, Monday, July 17, 2006 |
    ********
    10:13 PM: Removal process completed. Elapsed time 00:02:18
    10:13 PM: Preparing to restart your computer. Please wait...
    10:12 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST22B.tmp". Reason: The system cannot find the file specified
    10:12 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:12 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST22C.tmp". Reason: The system cannot find the file specified
    10:12 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:12 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST22C.tmp". Reason: The system cannot find the file specified
    10:12 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:12 PM: Warning: Failed to delete profile shadow file "C:\WINDOWS\Temp\SST22E.tmp". Reason: The system cannot find the file specified
    10:12 PM: Warning: Failed to delete profile shadow file ".log". Reason: The system cannot find the file specified
    10:11 PM: Warning: Quarantine process could not restart Explorer.
    10:11 PM: Warning: Launched explorer.exe
    10:11 PM: Quarantining All Traces: gain - common components
    10:11 PM: Quarantining All Traces: trb.com cookie
    10:11 PM: Quarantining All Traces: tacoda cookie
    10:11 PM: Quarantining All Traces: offeroptimizer cookie
    10:11 PM: Quarantining All Traces: realmedia cookie
    10:11 PM: Quarantining All Traces: webtrends cookie
    10:11 PM: Quarantining All Traces: clickandtrack cookie
    10:11 PM: Quarantining All Traces: starware.com cookie
    10:11 PM: Quarantining All Traces: exitexchange cookie
    10:11 PM: Quarantining All Traces: directtrack cookie
    10:11 PM: Quarantining All Traces: revenue.net cookie
    10:11 PM: Quarantining All Traces: hotbar cookie
    10:11 PM: Quarantining All Traces: hbmediapro cookie
    10:11 PM: Quarantining All Traces: adlegend cookie
    10:11 PM: Quarantining All Traces: adecn cookie
    10:11 PM: Quarantining All Traces: yieldmanager cookie
    10:11 PM: Quarantining All Traces: websponsors cookie
    10:11 PM: Quarantining All Traces: tribalfusion cookie
    10:11 PM: Quarantining All Traces: statcounter cookie
    10:11 PM: Quarantining All Traces: questionmarket cookie
    10:11 PM: Quarantining All Traces: adrevolver cookie
    10:11 PM: Quarantining All Traces: specificclick.com cookie
    10:11 PM: Quarantining All Traces: zedo cookie
    10:11 PM: Quarantining All Traces: mediaplex cookie
    10:11 PM: Quarantining All Traces: go.com cookie
    10:11 PM: Quarantining All Traces: bluestreak cookie
    10:11 PM: Quarantining All Traces: belnk cookie
    10:11 PM: Quarantining All Traces: atlas dmt cookie
    10:11 PM: Quarantining All Traces: advertising cookie
    10:11 PM: Quarantining All Traces: adknowledge cookie
    10:11 PM: Quarantining All Traces: 2o7.net cookie
    10:11 PM: Quarantining All Traces: atwola cookie
    10:11 PM: Quarantining All Traces: webhancer
    10:11 PM: Quarantining All Traces: bullguard popup ad
    10:11 PM: Quarantining All Traces: commonname
    10:11 PM: Quarantining All Traces: cydoor
    10:11 PM: Quarantining All Traces: msblank hijack
    10:11 PM: Quarantining All Traces: wurldmedia
    10:11 PM: Quarantining All Traces: internetoptimizer
    10:11 PM: Quarantining All Traces: trafficsolution
    10:11 PM: Quarantining All Traces: mit toolbar
    10:11 PM: Quarantining All Traces: elitemediagroup-mediamotor
    10:11 PM: Failed to quarantine C:\WINDOWS\SYSTEM32\iniwin32.dll
    10:11 PM: Failed to quarantine C:\Program Files\E2G\IeBHOs.dll
    10:11 PM: Failed to quarantine C:\WINDOWS\SYSTEM32\iniwin32.dll
    10:11 PM: Failed to quarantine e2g
    10:11 PM: Warning: Stream read error
    10:11 PM: Warning: Stream read error
    10:11 PM: Quarantining All Traces: e2g
    10:11 PM: Quarantining All Traces: clkoptimizer
    10:11 PM: Quarantining All Traces: websearch toolbar
    10:10 PM: Removal process initiated
    10:09 PM: Traces Found: 405
    10:09 PM: Full Sweep has completed. Elapsed time 00:22:55
    10:09 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/safe.tlb\ (ID = 1524765)
    10:09 PM: File Sweep Complete, Elapsed Time: 00:20:23
    10:06 PM: Warning: Stream read error
    10:06 PM: Warning: Failed to access drive D:
    10:06 PM: C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1216\A0188155.ini (ID = 83847)
    10:06 PM: Found Adware: webhancer
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\d887pl8x\collapsed[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wnnvykhh\expanded[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wrv7q0x1\buddy-art-list-generic[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\ohab0tev\computer[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wrv7q0x1\animaniacs_-_brain[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\c5mj456b\buddy-art-list-closed[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\gtu3kta7\bottom_r[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wrv7q0x1\bottom_l[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\ohab0tev\bottom[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\ohab0tev\collapse_thead[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\3r97bd0s\server[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wnnvykhh\collapse_tcat[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\ohab0tev\top_r[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\d887pl8x\top_l[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wnnvykhh\top[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\zztbzdsw\user_online[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\1k8b15wl\user_offline[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\ctuj81ur\navbits_start[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\ohab0tev\talk[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\gtu3kta7\gradient_thead[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\6lno9o3a\gradient_tcat[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\6lno9o3a\gradient_b-right[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\d887pl8x\gradient_b-left[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\zztbzdsw\gradient_navigation2[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\c5mj456b\gradient_navigation1[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\gtu3kta7\container_right[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\3r97bd0s\container_left[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\d887pl8x\gradient_header[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wnnvykhh\menu_open[1].gif". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\noah epstein\local settings\temporary internet files\content.ie5\18o79tod\poetry[1].". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\ohab0tev\s_network_ajax[1].htm". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\3r97bd0s\s_network_ajax[1].htm". The operation completed successfully
    10:05 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\1k8b15wl\optn=1[2]". The operation completed successfully
    10:04 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\wnnvykhh\contentrightline[1].gif". The operation completed successfully
    10:04 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\1k8b15wl\login[1].css". The operation completed successfully
    10:04 PM: Warning: Failed to open file "c:\documents and settings\dan\local settings\temporary internet files\content.ie5\c5mj456b\t[1].png". The operation completed successfully
    10:02 PM: C:\WINDOWS\Temp\BullGuard\bulldownload.exe (ID = 52017)
    9:59 PM: C:\WINDOWS\SYSTEM32\mobn.exe (ID = 121224)
    9:58 PM: C:\WINDOWS\optimize.exe (ID = 288489)
    9:58 PM: Found Adware: internetoptimizer
    9:58 PM: C:\WINDOWS\GatorPdpSetup.log (ID = 61399)
    9:58 PM: c:\windows\downloaded program files\conflict.1\amm06.inf (ID = 288272)
    9:56 PM: C:\Documents and Settings\Dan\Local Settings\Temp\temp.fr02D2\IeBHOs.dll (ID = 214221)
    9:56 PM: C:\WINDOWS\SYSTEM32\safe.tlb (ID = 318895)
    9:55 PM: C:\WINDOWS\chadch.exe (ID = 288265)
    9:55 PM: Found Adware: clkoptimizer
    9:55 PM: C:\Program Files\E2G\IeBHOs.dll (ID = 214221)
    9:54 PM: C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1269\A0197281.dll (ID = 214221)
    9:54 PM: C:\WINDOWS\SYSTEM32\moconfig.exe (ID = 90743)
    9:53 PM: C:\!KillBox\iniwin32.dll (ID = 288919)
    9:52 PM: C:\WINDOWS\SYSTEM32\bitsprx4.dll (ID = 292648)
    9:52 PM: Found Adware: trafficsolution
    9:50 PM: C:\WINDOWS\SYSTEM32\iniwin32.dll (ID = 288919)
    9:49 PM: C:\Program Files\E2G (1 subtraces) (ID = 2147486222)
    9:49 PM: C:\WINDOWS\Temp\BullGuard (1 subtraces) (ID = 2147490887)
    9:49 PM: Found Adware: bullguard popup ad
    9:49 PM: C:\Program Files\Common Files\GMT (297 subtraces) (ID = 2147486351)
    9:49 PM: Found Adware: gain - common components
    9:49 PM: C:\WINDOWS\Temp\Adware (ID = 2147486082)
    9:49 PM: Found Adware: commonname
    9:49 PM: Starting File Sweep
    9:49 PM: Warning: Failed to access drive A:
    9:49 PM: Cookie Sweep Complete, Elapsed Time: 00:00:02
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 3749)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 3587)
    9:49 PM: Found Spy Cookie: trb.com cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 6444)
    9:49 PM: Found Spy Cookie: tacoda cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2729)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 1958)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2729)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 3257)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2528)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2729)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 3087)
    9:49 PM: Found Spy Cookie: offeroptimizer cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 3236)
    9:49 PM: Found Spy Cookie: realmedia cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 1958)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 3669)
    9:49 PM: Found Spy Cookie: webtrends cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2397)
    9:49 PM: Found Spy Cookie: clickandtrack cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 3442)
    9:49 PM: Found Spy Cookie: starware.com cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][3].txt (ID = 2728)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2728)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2728)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2633)
    9:49 PM: Found Spy Cookie: exitexchange cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2729)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2293)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2527)
    9:49 PM: Found Spy Cookie: directtrack cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2292)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2255)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 3258)
    9:49 PM: Found Spy Cookie: revenue.net cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 3400)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 4207)
    9:49 PM: Found Spy Cookie: hotbar cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2768)
    9:49 PM: Found Spy Cookie: hbmediapro cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2074)
    9:49 PM: Found Spy Cookie: adlegend cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2072)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 2063)
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][1].txt (ID = 2064)
    9:49 PM: Found Spy Cookie: adecn cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 3751)
    9:49 PM: Found Spy Cookie: yieldmanager cookie
    9:49 PM: c:\documents and settings\noah epstein\cookies\noah [email protected][2].txt (ID = 3665)
    9:49 PM: Found Spy Cookie: websponsors cookie
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][1].txt (ID = 3589)
    9:49 PM: Found Spy Cookie: tribalfusion cookie
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][1].txt (ID = 3447)
    9:49 PM: Found Spy Cookie: statcounter cookie
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][2].txt (ID = 3217)
    9:49 PM: Found Spy Cookie: questionmarket cookie
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][1].txt (ID = 2255)
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][1].txt (ID = 2253)
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][2].txt (ID = 2175)
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][1].txt (ID = 2088)
    9:49 PM: Found Spy Cookie: adrevolver cookie
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][2].txt (ID = 3400)
    9:49 PM: Found Spy Cookie: specificclick.com cookie
    9:49 PM: c:\documents and settings\dan\cookies\[email protected][1].txt (ID = 1957)
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][2].txt (ID = 3762)
    9:49 PM: Found Spy Cookie: zedo cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][1].txt (ID = 1958)
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][1].txt (ID = 6442)
    9:49 PM: Found Spy Cookie: mediaplex cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][4].txt (ID = 2728)
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][3].txt (ID = 2728)
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][2].txt (ID = 2728)
    9:49 PM: Found Spy Cookie: go.com cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][2].txt (ID = 2293)
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][1].txt (ID = 2314)
    9:49 PM: Found Spy Cookie: bluestreak cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][1].txt (ID = 2292)
    9:49 PM: Found Spy Cookie: belnk cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][2].txt (ID = 2255)
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][2].txt (ID = 2253)
    9:49 PM: Found Spy Cookie: atlas dmt cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][2].txt (ID = 2175)
    9:49 PM: Found Spy Cookie: advertising cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][2].txt (ID = 2072)
    9:49 PM: Found Spy Cookie: adknowledge cookie
    9:49 PM: c:\documents and settings\ruth\cookies\[email protected][1].txt (ID = 1957)
    9:49 PM: Found Spy Cookie: 2o7.net cookie
    9:49 PM: c:\documents and settings\david\cookies\[email protected][1].txt (ID = 2255)
    9:49 PM: Found Spy Cookie: atwola cookie
    9:49 PM: Starting Cookie Sweep
    9:49 PM: Registry Sweep Complete, Elapsed Time:00:00:31
    9:49 PM: HKU\WRSS_Profile_S-1-5-21-104724495-558522827-3833581854-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {686c970f-1d7d-4469-85d1-4b35763b56cc} (ID = 146456)
    9:48 PM: HKU\S-1-5-21-104724495-558522827-3833581854-1009\software\microsoft\internet explorer\extensions\cmdmapping\ || {686c970f-1d7d-4469-85d1-4b35763b56cc} (ID = 146456)
    9:48 PM: HKU\WRSS_Profile_S-1-5-21-104724495-558522827-3833581854-1010\software\cydoor\ (ID = 639126)
    9:48 PM: Found Adware: cydoor
    9:48 PM: HKU\WRSS_Profile_S-1-5-21-104724495-558522827-3833581854-1010\software\microsoft\internet explorer\extensions\cmdmapping\ || {686c970f-1d7d-4469-85d1-4b35763b56cc} (ID = 146456)
    9:48 PM: Found Adware: websearch toolbar
    9:48 PM: HKU\WRSS_Profile_S-1-5-21-104724495-558522827-3833581854-1013\software\microsoft\internet explorer\main\ || start page (ID = 169497)
    9:48 PM: Found Adware: msblank hijack
    9:48 PM: HKLM\software\microsoft\windows nt\currentversion\windows\ || appinit_dlls (ID = 1256598)
    9:48 PM: HKLM\software\crystalys media\ (ID = 1103482)
    9:48 PM: Found Adware: mit toolbar
    9:48 PM: HKCR\appid\{dee5d795-a276-43b5-a04a-511149a354f0}\ (ID = 147536)
    9:48 PM: HKCR\appid\sostatatl.exe\ (ID = 147535)
    9:48 PM: Found Adware: wurldmedia
    9:48 PM: HKLM\software\mm\ (ID = 140211)
    9:48 PM: Found Adware: elitemediagroup-mediamotor
    9:48 PM: HKCR\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (ID = 125529)
    9:48 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{3643abc2-21bf-46b9-b230-f247db0c6fd6}\ (ID = 125492)
    9:48 PM: HKLM\software\e2g\ (ID = 125485)
    9:48 PM: HKLM\software\classes\typelib\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (ID = 125484)
    9:48 PM: HKLM\software\classes\iebhos.control\ (ID = 125483)
    9:48 PM: HKLM\software\classes\iebhos.control.1\ (ID = 125482)
    9:48 PM: HKLM\software\classes\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}\ (ID = 125481)
    9:48 PM: HKLM\software\classes\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (ID = 125447)
    9:48 PM: HKLM\software\classes\appid\iebhos.dll\ (ID = 125446)
    9:48 PM: HKCR\iebhos.control\ (ID = 125445)
    9:48 PM: HKCR\iebhos.control.1\ (ID = 125444)
    9:48 PM: HKCR\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}\ (ID = 125441)
    9:48 PM: HKCR\appid\{3b99f202-145a-4e5a-ac7b-88a36910bf5e}\ (ID = 125407)
    9:48 PM: HKCR\appid\iebhos.dll\ (ID = 125406)
    9:48 PM: Starting Registry Sweep
    9:48 PM: Memory Sweep Complete, Elapsed Time: 00:01:48
    9:47 PM: Detected running threat: C:\WINDOWS\SYSTEM32\iniwin32.dll (ID = 288919)
    9:46 PM: Detected running threat: C:\Program Files\E2G\IeBHOs.dll (ID = 214221)
    9:46 PM: Starting Memory Sweep
    9:46 PM: C:\Program Files\E2G\IeBHOs.dll (ID = 1256597)
    9:46 PM: HKCR\clsid\{3643abc2-21bf-46b9-b230-f247db0c6fd6}\inprocserver32\ (ID = 1256597)
    9:46 PM: Found Adware: e2g
    9:46 PM: Sweep initiated using definitions version 720
    9:46 PM: Spy Sweeper 5.0.5.1286 started
    9:46 PM: | Start of Session, Monday, July 17, 2006 |
    ********

    (continued)
     
  6. f1rasta

    f1rasta Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    11
    heres the hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:18:42 PM, on 7/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\system32\Grxp4exe.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\Documents and Settings\Dan\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://my.screenname.aol.com/_cqr/...nitialized&siteId=ae40_prod_aim&seamless=novl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7
    R3 - URLSearchHook: (no name) - {DE3BFB80-47D7-77AD-ECC8-6947CBCBCE9B} - msag.dll (file missing)
    R3 - URLSearchHook: (no name) - {741D4CBE-0B3B-3D48-750C-CCE9D97E05C8} - zxc.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: TChkBHO Class - {F4A94AC9-EC6E-4AB6-95AA-799D43AE483A} - C:\WINDOWS\SYSTEM32\alvji.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [AHQInit] "C:\Program Files\Creative\SBLive\Program\AHQInit.exe"
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [Tgcmd] "C:\@home\tioga\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] "Grxp4exe.exe" /init
    O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [w0078b75.dll] "RUNDLL32.EXE" w0078b75.dll,I2 0009d45c00078b75
    O4 - HKLM\..\Run: [w0ac5bc7.dll] "RUNDLL32.EXE" w0ac5bc7.dll,I2 0009d45c00ac5bc7
    O4 - HKLM\..\Run: [w037bdf5.dll] "RUNDLL32.EXE" w037bdf5.dll,I2 0009d45c0037bdf5
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [panel_its] MsNetHelper.exe
    O4 - HKCU\..\Run: [Shaitan1678] newbreed.exe
    O4 - HKCU\..\Run: [Kargo] AppMasterCenter.exe
    O4 - HKCU\..\Run: [Uint32] CToolBar.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: @Home - {2094BA1A-FFFC-426D-A555-01F5D3F6E063} - http://www/ (file missing) (HKCU)
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06ded1b935d48d404917/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
    O20 - AppInit_DLLs: iniwin32.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    thanks again, hopefully there is more i can do?
     
  7. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download KillBox.

    Save it to your desktop.
    DO NOT run it yet. We will use it later.

    Run ActiveScan online virus scan:
    http://www.pandasoftware.com/products/activescan.htm

    Once you are on the Panda site click the Scan your PC button.
    A new window will open...click the Check Now button.
    Enter your Country.
    Enter your State/Province.
    Enter your e-mail address and click send.
    Select either Home User or Company.
    Click the big Scan Now button.
    If it wants to install an ActiveX component allow it.
    It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    When download is complete, click on My Computer to start the scan.
    When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report.
     
  8. f1rasta

    f1rasta Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    11
    ok:


    Incident Status Location

    Adware:adware/adrotator Not disinfected c:\windows\system32\adrotate.dll

    Adware:adware/ist.istbar Not disinfected c:\windows\system32\aupdate.conf

    Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys

    Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\MyWaySearchAssistant

    Adware:adware/e2give Not disinfected Windows Registry

    Adware:adware/savenow Not disinfected Windows Registry

    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\default.7v6\cookies.txt[.atwola.com/]

    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\default.7v6\cookies.txt[.doubleclick.net/]

    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\default.7v6\cookies.txt[.advertising.com/]

    Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dan\Application Data\Mozilla\Firefox\Profiles\default.7v6\cookies.txt[.realmedia.com/]

    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt

    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt

    Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt

    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][2].txt

    Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt

    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt

    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt

    Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt

    Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][2].txt

    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][2].txt

    Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Dan\Cookies\[email protected][1].txt
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

    When your system reboots, follow the prompts. Afterwards, Hijack This will launch. Close Hijack This, and click OK to proceed.

    At the end of the fix, you may need to restart your computer again.

    Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new Hijack This log.
     
  10. f1rasta

    f1rasta Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    11
    Fixwareout ver 1.003
    Last edited 07/1/2006
    Post this report in the forums please

    Reg Entries that were deleted
    ...

    Microsoft (R) Windows Script Host Version 5.6
    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Example ipsec6.exe is legitimate

    »»»»» Search by size and names...

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool

    »»»»»
    Search five digit cs, dm and jb files
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    Other suspects
    Directory of C:\WINDOWS\system32



    new hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 2:22:20 AM, on 7/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\system32\Grxp4exe.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Crazy Browser\Crazy Browser.exe
    C:\Documents and Settings\Dan\Desktop\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7
    R3 - URLSearchHook: (no name) - {DE3BFB80-47D7-77AD-ECC8-6947CBCBCE9B} - msag.dll (file missing)
    R3 - URLSearchHook: (no name) - {741D4CBE-0B3B-3D48-750C-CCE9D97E05C8} - zxc.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: TChkBHO Class - {F4A94AC9-EC6E-4AB6-95AA-799D43AE483A} - C:\WINDOWS\SYSTEM32\alvji.dll (file missing)
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [AHQInit] "C:\Program Files\Creative\SBLive\Program\AHQInit.exe"
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [Tgcmd] "C:\@home\tioga\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] "Grxp4exe.exe" /init
    O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [panel_its] MsNetHelper.exe
    O4 - HKCU\..\Run: [Shaitan1678] newbreed.exe
    O4 - HKCU\..\Run: [Kargo] AppMasterCenter.exe
    O4 - HKCU\..\Run: [Uint32] CToolBar.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: @Home - {2094BA1A-FFFC-426D-A555-01F5D3F6E063} - http://www/ (file missing) (HKCU)
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.mmohsix.com
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06ded1b935d48d404917/netzip/RdxIE601.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
    O20 - AppInit_DLLs: iniwin32.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


    aim still has same problem. also my homepage was at some point set to msn.com, but i changed it back without a problem
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Rescan with Hijack This.
    Close all browser windows except Hijack This.
    Put a check mark beside these entries and click "Fix Checked".

    R3 - URLSearchHook: (no name) - {DE3BFB80-47D7-77AD-ECC8-6947CBCBCE9B} - msag.dll (file missing)

    R3 - URLSearchHook: (no name) - {741D4CBE-0B3B-3D48-750C-CCE9D97E05C8} - zxc.dll (file missing)

    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll (file missing)

    O2 - BHO: TChkBHO Class - {F4A94AC9-EC6E-4AB6-95AA-799D43AE483A} - C:\WINDOWS\SYSTEM32\alvji.dll (file missing)

    O4 - HKCU\..\Run: [panel_its] MsNetHelper.exe

    O4 - HKCU\..\Run: [Shaitan1678] newbreed.exe

    O4 - HKCU\..\Run: [Kargo] AppMasterCenter.exe

    O4 - HKCU\..\Run: [Uint32] CToolBar.exe

    O15 - Trusted Zone: *.mmohsix.com

    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06ded1b9...p/RdxIE601.cab

    O20 - AppInit_DLLs: iniwin32.dll


    Close Hijack This.

    Boot into Safe Mode.

    * Double click on Killbox.exe to run it.

    Put a tick by Standard File Kill.
    In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    c:\windows\system32\MsNetHelper.exe
    c:\windows\system32\newbreed.exe
    c:\windows\system32\AppMasterCenter.exe
    c:\windows\system32\CToolBar.exe
    c:\windows\system32\iniwin32.dll
    c:\windows\system32\adrotate.dll
    c:\windows\system32\aupdate.conf
    c:\windows\smdat32a.sys


    Click on the button that has the red circle with the X in the middle after you enter each file.
    It will ask for confirmation to delete the file.
    Click Yes.
    Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
    Killbox may tell you that one or more files do not exist.
    If that happens, just continue on with all the files. Be sure you don't miss any.
    Next in Killbox go to Tools > Delete Temp Files
    In the window that pops up, put a check by ALL the options there except these three:
    XP Prefetch
    Recent
    History

    Now click the Delete Selected Temp Files button.
    Exit the Killbox.

    Finally go to Control Panel > Internet Options.
    On the General tab under "Temporary Internet Files" Click "Delete Files".
    Put a check by "Delete Offline Content" and click OK.
    Click on the Programs tab then click the "Reset Web Settings" button.
    Click Apply then OK.

    Empty the Recycle Bin.

    Reboot, post a new Hijack This log.
     
  12. f1rasta

    f1rasta Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    11
    killbox could only find/delete c:\windows\system32\adrotate.dll and c:\windows\system32\aupdate.conf. iniwin32.dll, however, is not in the hijackthis log, so i guess thats good news. aim still doesnt work; still cant change desktop background

    Logfile of HijackThis v1.99.1
    Scan saved at 2:47:08 PM, on 7/18/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\WINDOWS\DELLMMKB.EXE
    C:\WINDOWS\system32\Grxp4exe.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
    C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Netropa\OSD.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Dan\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home Network Version 1.7
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [AHQInit] "C:\Program Files\Creative\SBLive\Program\AHQInit.exe"
    O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
    O4 - HKLM\..\Run: [Tgcmd] "C:\@home\tioga\bin\tgcmd.exe" /server /nosystray
    O4 - HKLM\..\Run: [Gravis Xperience Driver Support] "Grxp4exe.exe" /init
    O4 - HKLM\..\Run: [IW Controlcenter] C:\PROGRA~1\VOB\INSTAN~1\IWCTRL.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [D-Link AirPlus G] "C:\Program Files\D-Link\AirPlus G\AirGCFG.exe"
    O4 - HKLM\..\Run: [ANIWZCS2Service] "C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [HostManager] "C:\Program Files\Common Files\AOL\1130376614\ee\AOLSoftware.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: @Home - {2094BA1A-FFFC-426D-A555-01F5D3F6E063} - http://www/ (file missing) (HKCU)
    O12 - Plugin for .mts: C:\Program Files\MetaCreations\MetaStream\npmetastream.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {8DD733A8-353A-4E93-AB85-93CA8DC96F6A} (ActivatorControl1 Class) - https://objects.aol.com/activator/en-us/Activator.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4544/mcfscan.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Please download SmitfraudFix (by S!Ri)
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.

    Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
    http://www.beyondlogic.org/consulting/proc...processutil.htm
     
  14. f1rasta

    f1rasta Thread Starter

    Joined:
    Jul 17, 2006
    Messages:
    11
    ok:

    SmitFraudFix v2.73

    Scan done at 15:12:23.51, Tue 07/18/2006
    Run from C:\Documents and Settings\Dan\Desktop\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Dan\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Dan\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End
     
  15. new tech guy

    new tech guy

    Joined:
    Mar 27, 2006
    Messages:
    5,178
    Try this too because this program is built for removing virii from aim:
    www.jayloden.com and click on the aim fix link which will download a program called aimfix. Save the .exe and run that. If it is a virus it should remove the problem. Hope this helps.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483852

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice