1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

generic downloader.bt -- win xp

Discussion in 'Virus & Other Malware Removal' started by dippsydo, Feb 10, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. dippsydo

    dippsydo Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    3
    Caught this with mcafee scan but will not delete or quarintine. In file C:\WINDDOWS\SYSTEM32\xlibgfl254.dll -- any suggestLogfile of HijackThis v1.99.1
    Scan saved at 4:53:09 PM, on 2/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\system32\hphmon04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\AOLSoftware.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\SSCEvtHdlr.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\aolsoftware.exe
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148015392\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1148015392\ee\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
    O4 - Startup: DLHelperEXE.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D3CD18D-6CF5-46A2-8D8C-F0693A924251}: NameServer = 205.188.146.145
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0D3CD18D-6CF5-46A2-8D8C-F0693A924251}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    Logfile of HijackThis v1.99.1
    Scan saved at 4:53:09 PM, on 2/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\system32\hphmon04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\AOLSoftware.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\SSCEvtHdlr.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\aolsoftware.exe
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148015392\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1148015392\ee\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
    O4 - Startup: DLHelperEXE.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D3CD18D-6CF5-46A2-8D8C-F0693A924251}: NameServer = 205.188.146.145
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0D3CD18D-6CF5-46A2-8D8C-F0693A924251}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    ions? Is this harmfull? p.s. this may help
     
  2. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
    and save to the desktop.

    1. Double click on combo.exe & follow the prompts.
    2. When finished, it will produce a logfile located at C:\ComboFix.txt.
    3. Post the contents of that log in your next reply with a new hijackthis log.

    Note:
    Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
     
  3. dippsydo

    dippsydo Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    3
    "CURTIS MILEY" - 07-02-10 17:37:34 Service Pack 2
    ComboFix 07-02-11 - Running from: "C:\Program Files\America Online 9.0b\download"

    ((((((((((((((((((((((((((((((( Files Created from 2007-01-10 to 2007-02-10 ))))))))))))))))))))))))))))))))))


    2007-02-10 16:51 <DIR> d-------- C:\Program Files\Hijackthis
    2007-01-17 12:56 <DIR> d-------- C:\Program Files\DeductionPro 2006
    2007-01-17 12:52 51,716 --a------ C:\WINDOWS\SYSTEM32\pdf995mon.dll
    2007-01-17 12:52 118,784 --a------ C:\WINDOWS\SYSTEM32\pdfmona.dll
    2007-01-17 12:52 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\pdf995
    2007-01-17 12:50 <DIR> d-------- C:\Program Files\TaxCut06
    2007-01-17 12:41 <DIR> d--hs---- C:\WINDOWS\ftpcache
    2007-01-12 03:00 <DIR> d-------- C:\WINDOWS\ie7updates
    2007-01-10 13:02 18,432 --------- C:\WINDOWS\SYSTEM32\xlibgfl254.dll
    2007-01-10 13:02 <DIR> d-------- C:\WINDOWS\SYSTEM32\ultra


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-02-02 18:47 -------- d-------- C:\Program Files\sportsbook poker
    2006-12-26 22:33 -------- d-------- C:\Program Files\royalvegasmpp
    2006-12-25 20:17 -------- d-------- C:\DOCUME~1\CURTIS~1\Application Data\microgaming
    2006-12-19 05:05 -------- d-------- C:\Program Files\america online 9.0b
    2006-12-15 19:36 -------- d-------- C:\DOCUME~1\CURTIS~1\Application Data\adobeum
    2006-12-06 23:40 2362184 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
    2006-11-16 09:44 103984 --a------ C:\WINDOWS\SYSTEM32\aoldial.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "DellSupport"="\"C:\\Program Files\\Dell Support\\DSAgnt.exe\" /startup"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "AOL Fast Start"="\"C:\\Program Files\\America Online 9.0b\\AOL.EXE\" -b"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\Core\\smax4pnp.exe"
    "SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
    "IAAnotif"="C:\\Program Files\\Intel\\Intel Application Accelerator\\iaanotif.exe"
    "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
    "IntelMeM"="C:\\Program Files\\Intel\\Modem Event Monitor\\IntelMEM.exe"
    "DVDLauncher"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
    "UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
    "MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
    "HPDJ Taskbar Utility"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
    "HPHmon04"="C:\\WINDOWS\\system32\\hphmon04.exe"
    "HPHUPD04"="\"C:\\Program Files\\HP Photosmart 11\\hphinstall\\UniPatch\\hphupd04.exe\""
    "Share-to-Web Namespace Daemon"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"
    "MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~3\\mimboot.exe"
    "HostManager"="C:\\Program Files\\Common Files\\AOL\\1148015392\\ee\\AOLSoftware.exe"
    "AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
    "Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
    "AOLSPScheduler"="C:\\Program Files\\Common Files\\AOL\\1148015392\\ee\\services\\safetyCore\\ver2_5_4_1\\AOLSP Scheduler.exe"
    "sscRun"="C:\\Program Files\\Common Files\\AOL\\1148015392\\ee\\SSCRun.exe"
    "OASClnt"="C:\\Program Files\\mcafee.com\\antivirus\\oasclnt.exe"
    "EmailScan"="C:\\Program Files\\mcafee.com\\antivirus\\mcvsescn.exe"
    "MPFExe"="C:\\Program Files\\mcafee.com\\personal firewall\\MPfTray.exe"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoCDBurning"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    Source REG_SZ http://mishappa.image.pbase.com/u8/erichmangl/small/232694.04022501ied.jpg

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, xlibgfl254.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_ENTDRV51


    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
    C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (1) (CURTIS-CURTIS MILEY).job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************Logfile of HijackThis v1.99.1
    Scan saved at 5:41:29 PM, on 2/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    C:\WINDOWS\system32\hphmon04.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\AOLSoftware.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
    C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    C:\Program Files\Dell Support\DSAgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\SSCEvtHdlr.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
    C:\Program Files\Common Files\AOL\1148015392\ee\aolsoftware.exe
    C:\Program Files\America Online 9.0b\waol.exe
    C:\Program Files\America Online 9.0b\shellmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
    O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
    O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148015392\ee\AOLSoftware.exe
    O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
    O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1148015392\ee\SSCRun.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
    O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
    O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
    O4 - Startup: DLHelperEXE.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
    O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - http://www.amiuptodate.com/vsc/bin/1,0,0,8/McUpdatePortal.cab
    O16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) - http://us-download.mcafee.com/products/protected/mvt/mvt.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.microgaming.com/DLhelper/version7/dlhelper.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
    O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D3CD18D-6CF5-46A2-8D8C-F0693A924251}: NameServer = 205.188.146.145
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0D3CD18D-6CF5-46A2-8D8C-F0693A924251}: NameServer = 205.188.146.145
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    O23 - Service: AOL Antivirus Update Service (aolavupd) - AOL LLC - C:\Program Files\Common Files\AOL\1148015392\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



    Completion time: 07-02-10 17:38:48
    C:\ComboFix2.txt ... 07-02-10 17:19
     
  4. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Please download ATF Cleaner by Atribune.

    This program is for XP and Windows 2000 only


    • Save it to your desktop

      Double-click ATF-Cleaner.exe to run the program.

      Under Main choose: Select All

      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All

      Click the Empty Selected button.

      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    For Technical Support, double-click the e-mail address located at the bottom of each menu.



    ===================================

    Download FileASSASSIN.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP only).
    • Create a new folder on C:\ called FileASSASSIN and extract (unzip) it to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
    • Open the folder and double-click on FileASSASSIN.exe.
    • Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
      • C:\WINDOWS\SYSTEM32\xlibgfl254.dll
    • Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
    • Click delete and the removal process will begin.
    • If that did not work then, start the program again and this time check "Use delete on reboot function from windows.".
    Note: If you cannot find the file, you may have to Reconfigure Windows XP to show hidden files, folders. (We are doing this so we can look for and delete hidden files if necessary but don't delete anything other than what I ask you to delete. After your system is clean, follow the same procedure to hide these files and folders again to protect them from accidental deletion).

    ======================================

    Panda Activescan
    http://www.pandasoftware.com/products/activescan.htm
    1. Once you are on the Panda site click the Scan your PC button
    2. A new window will open...click the Check Now button
    3. Enter your Country
    4. Enter your State/Province
    5. Enter your e-mail address and click send
    6. Select either Home User or Company
    7. Click the big Scan Now button
    8. If it wants to install an ActiveX component allow it
    9. It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    10. When download is complete, click on Local Disks to start the scan
    11. When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
     
  5. dippsydo

    dippsydo Thread Starter

    Joined:
    Feb 10, 2007
    Messages:
    3
    It worked, file deleted. This whole file was a virus? It was not anything i needed i hope. Thank you for the help.
     
  6. sjpritch25

    sjpritch25

    Joined:
    Sep 8, 2005
    Messages:
    9,113
    Just to make sure your clean, please run Panda.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - generic downloader
  1. Soko01
    Replies:
    0
    Views:
    474
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/542984

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice