1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HIJACKTHIS log

Discussion in 'Windows XP' started by Shadwx13, Aug 7, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. Shadwx13

    Shadwx13 Thread Starter

    Joined:
    Feb 23, 2006
    Messages:
    14
    Please read through the log and tell me what to delete

    I appreciate any help

    Logfile of HijackThis v1.99.1
    Scan saved at 8:04:01 PM, on 8/7/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\windows\system32\osdsregn.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\APPATC~1\winspool.exe
    C:\Program Files\EQBranch\EQBranch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    C:\Program Files\PSLister\PSLister.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\WINDOWS\system32\qwintpex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinAce\WinAce.exe
    C:\DOCUME~1\Melissa\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {2BD96E65-2B99-610A-FC0E-F3F7E21F8C2B} - C:\WINDOWS\Wswbaysg.dll
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: SearchHelper - {B6A5B638-6025-4C2C-A899-867B416453D2} - C:\Program Files\SearchHelper\SearchHelper.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [{CA-A7-71-16-ZN}] C:\windows\system32\osdsregn.exe CORN001
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qwintpex.exe CORN001
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Iinl] "C:\WINDOWS\system32\APPATC~1\winspool.exe" -vt ndrv
    O4 - HKCU\..\Run: [Gknqqfs] C:\WINDOWS\system32\WACLT~1.EXE
    O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe
    O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
    O4 - HKCU\..\Run: [omf] C:\WINDOWS\omf.exe
    O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
    O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
    O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
    O4 - HKCU\..\Run: [yqpov] C:\WINDOWS\system32\dcfvuc.exe reg_run
    O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
    O4 - HKCU\..\Run: [AXVenore] "C:\Program Files\AXVenore\AXVenore.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [PSLister] "C:\Program Files\PSLister\PSLister.exe"
    O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwintpex.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O15 - Trusted Zone: *.elitemediagroup.net
    O15 - Trusted Zone: *.media-motor.net
    O15 - Trusted Zone: *.popuppers.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125339565264
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Program Files\Batty\Batty.dll
    O20 - AppInit_DLLs: direct32.dll,inicfg32.dll,runner.dll,runner.dll,ppmkdndj.dll,sdrunner.dll,runner.dll,sdrunner.dll,runner.dll dllhost.dll C:\WINDOWS\system32\dllhost.dll
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\ir68l5ju1.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Hijack This is running from the Temp folder.
    It needs to be in a permanent folder on the hard drive.
    It will not function properly from there and it cannot create and restore backups from there.

    Redownload it here: http://thespykiller.co.uk/files/hijackthis_sfx.exe

    Let it extract to C:\Program Files
    Rerun it from there and post a new log.
     
  3. Shadwx13

    Shadwx13 Thread Starter

    Joined:
    Feb 23, 2006
    Messages:
    14
    ok i finally got to it... sorry it took so long... anyway here is the log

    Logfile of HijackThis v1.99.1
    Scan saved at 3:20:33 PM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    c:\windows\system32\osdsregn.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\WINDOWS\system32\qwintpex.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [{CA-A7-71-16-ZN}] c:\windows\system32\osdsregn.exe CORN001
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\qwintpex.exe CORN001
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
    O4 - HKCU\..\Run: [msefpx] C:\WINDOWS\system32\msefpx.exe
    O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwintpex.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125339565264
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {994D478A-45D0-4DB4-AE27-738B1E346E99} - C:\Program Files\Batty\Batty.dll
    O20 - AppInit_DLLs: direct32.dll,inicfg32.dll,runner.dll,runner.dll,ppmkdndj.dll,sdrunner.dll,runner.dll,sdrunner.dll,runner.dll dllhost.dll C:\WINDOWS\system32\dllhost.dll
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\ir68l5ju1.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


    again, thanks in advance
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You're welcome :)

    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires, it becomes freeware with reduced functions but still worth keeping.


    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-Spyware, DO NOT run a scan yet. We will do that later in Safe Mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Run ActiveScan online virus scan: here

    When the scan is finished, save the results from the scan!


    Come back here and post a new Hijack This log along with the logs from the Ewido and Panda scans.
     
  5. Shadwx13

    Shadwx13 Thread Starter

    Joined:
    Feb 23, 2006
    Messages:
    14
    ok so i finally got to do the stuff you told me sorry i took long...

    here is the hijackthis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 6:17:26 PM, on 9/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINDOWS\cfg32.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebs.com/xheartlessguildx/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\cfg32p.dll (file missing)
    O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
    O2 - BHO: SEARCHESSISTANT Helper - {4E7BD74F-2B8D-46A1-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O2 - BHO: CFG32S - {7564B020-44E8-4c9b-A887-C6EC41AC67DA} - C:\WINDOWS\cfg32r.dll (file missing)
    O2 - BHO: (no name) - {8294A01F-3BA1-3A52-F0AB-661336A93BEE} - C:\WINDOWS\system32\herw.dll (file missing)
    O2 - BHO: Zmtm Class - {8BC199B4-330D-4009-AB9C-D55AC919DE8D} - C:\WINDOWS\system32\OTPDDP~1.DLL (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Scaggy Insert - {C68AE9C0-0909-4DDC-B661-C1AFB9F59898} - C:\WINDOWS\cfg32o.dll (file missing)
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
    O3 - Toolbar: SEARCHESSISTANT Search - {4E7BD74F-2B8D-469F-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O3 - Toolbar: SEARCHESSISTANT Related - {4E7BD74F-2B8D-469E-83B8-BD2AE6D9FA2E} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: Search - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\WINDOWS\cfg32s.dll (file missing)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [Configuration Manager] C:\WINDOWS\cfg32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
    O4 - HKCU\..\Run: [PECarlin] "C:\Program Files\PECarlin\PECarlin.exe"
    O4 - HKCU\..\Run: [msefpx] C:\WINDOWS\system32\msefpx.exe
    O4 - HKCU\..\Run: [PSHope] "C:\Program Files\PSHope\PSHope.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Think-Adz.lnk = C:\WINDOWS\system32\qwintpex.exe
    O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
    O4 - Global Startup: Exif Launcher.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125339565264
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Filter: text/html - {65BD126C-9E4B-4371-911F-EE85CA17D52B} - C:\WINDOWS\system32\OTPDDP~1.DLL
    O20 - AppInit_DLLs: direct32.dll,inicfg32.dll, dllhost.dll,BattyRun2.dll
    O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\ir68l5ju1.dll (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
     
  6. Shadwx13

    Shadwx13 Thread Starter

    Joined:
    Feb 23, 2006
    Messages:
    14
    and the ewido log:
    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:56:27 PM 9/10/2006

    + Scan result:



    C:\WINDOWS\Sngsh40.dll -> Adware.AdBlaster : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ngsh35.dll -> Adware.AdBlaster : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ngsh40.dll -> Adware.AdBlaster : Cleaned with backup (quarantined).
    C:\WINDOWS\system\sngsh35.dll -> Adware.AdBlaster : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ajhopeml.dll -> Adware.Agent : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\makeofha.dll -> Adware.Agent : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ppmkdndj.dll -> Adware.Agent : Cleaned with backup (quarantined).
    C:\WINDOWS\inst_nnstp5.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
    C:\WINDOWS\eiiiartcfu.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
    C:\WINDOWS\miwnmn.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
    C:\WINDOWS\Wswbaysg.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\ogwzwmnp.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\pnoqubfc.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\rhjtoctm.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\WINDOWS\whmraseb.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Adware.BookedSpace : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Adware.BookedSpace : Cleaned with backup (quarantined).
    C:\Program Files\Batty2\Batty2.dll -> Adware.CASClient : Cleaned with backup (quarantined).
    C:\Program Files\Batty2\Batty2.exe -> Adware.CASClient : Cleaned with backup (quarantined).
    C:\Program Files\Batty\Batty.dll -> Adware.CASClient : Cleaned with backup (quarantined).
    C:\Program Files\CMFibula\CMFibula.exe -> Adware.CASClient : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\Classes\IeBHOs.Control -> Adware.E2G : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\Classes\IeBHOs.Control.1 -> Adware.E2G : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\Classes\IeBHOs.Control\CLSID -> Adware.E2G : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\Classes\IeBHOs.Control\CurVer -> Adware.E2G : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\direct32.dll -> Adware.E2give : Error during cleaning.
    C:\WINDOWS\system32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    [760] C:\WINDOWS\system32\inicfg32.dll -> Adware.E2give : Error during cleaning.
    C:\WINDOWS\Justin.exe -> Adware.EZula : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\Interface\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C78B50-7E98-4AA0-B007-D83114EA6E0F} -> Adware.Generic : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\wqpshell.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
    C:\Program Files\Adverts\uninst.exe -> Adware.Lop : Cleaned with backup (quarantined).
    C:\WINDOWS\876056.exe -> Adware.Mirar : Cleaned with backup (quarantined).
    C:\Program Files\Microsoft AntiSpyware\Quarantine\114B5739-D7D3-4E84-B235-E67363\A164AFC9-C222-4D9D-87A4-13C98C -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CLSID -> Adware.PowerStrip : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\Classes\KBBar.KBBarBand\CurVer -> Adware.PowerStrip : Cleaned with backup (quarantined).
    C:\Program Files\PSCloner\PSCloner.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\brwj.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\wυaclt.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\fufudc.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ra8pv.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\WINDOWS\system32fufudc.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\WINDOWS\system32ra8pv.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\nst23.EXE -> Adware.SmartPops : Cleaned with backup (quarantined).
    C:\Program Files\Microsoft AntiSpyware\Quarantine\E8C0657C-42B1-4978-8205-B60478\173B45DB-FE2A-4AA4-B33C-7482F1 -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\Program Files\Microsoft AntiSpyware\Quarantine\E8C0657C-42B1-4978-8205-B60478\AB458EC0-3B41-43CB-AC0F-5D9A12 -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\mnopdb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\iD.tmp -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKU\S-1-5-21-602162358-308236825-1801674531-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\dsysiz.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\dwdsregt.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\pldsregl.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\qwintpex.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\qwintpez.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\rkdsregl.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\rwinmqez.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\twinlsag.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\twinlsai.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\twinlsaw.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\аѕsembly\taskmgr.exe -> Downloader.PurityScan.bj : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\AрpPatch\winspool.exe -> Downloader.PurityScan.cl : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temporary Internet Files\Content.IE5\1CBYLBT7\!update-4295[1].0000 -> Downloader.PurityScan.co : Cleaned with backup (quarantined).
    C:\Program Files\Common Files\Y1324OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined).
    C:\WINDOWS\stup3.exe -> Downloader.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\ms0651274-207532006.exe -> Downloader.VB.tw : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\45IPUZEF\xp-cydoor-728[1].swf -> Not-A-Virus.Hoax.SWF.Alerter.a : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Admarketplace : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Enhance : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Hypertracker : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Kmpads : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Paypopup : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Starware : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected]ager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\WINDOWS\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
    C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\MLRW9HW0\DrPMon[1].dll -> Trojan.Agent.db : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ewxcksr.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ha3f.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\WINDOWS\system32ha3f.exe -> Trojan.Runner.j : Cleaned with backup (quarantined).
    C:\WINDOWS\VapeG22.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
    C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
    C:\WINDOWS\uninst104.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


    ::Report end
     
  7. Shadwx13

    Shadwx13 Thread Starter

    Joined:
    Feb 23, 2006
    Messages:
    14
    and finally the activescan log:


    Incident Status Location

    Adware:Adware/StartPage.AHW Not disinfected c:\windows\cfg32.exe
    Adware:Adware/E2Give Not disinfected C:\WINDOWS\system32\inicfg32.dll
    Adware:Adware/E2Give Not disinfected C:\WINDOWS\system32\direct32.dll
    Adware:adware program Not disinfected c:\windows\system32\key.~
    Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Daisy\Local Settings\Temporary Internet Files\Ssk.log
    Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard31.dat
    Adware:adware/ieplugin Not disinfected c:\windows\kwv2.dat
    Spyware:spyware/media-motor Not disinfected c:\windows\ubber60.ini
    Spyware:spyware/adclicker Not disinfected c:\windows\usta33.ini
    Adware:adware/maxifiles Not disinfected c:\program files\common files\InetGet
    Adware:adware/vaultsearch Not disinfected c:\program files\common files\VCClient
    Adware:adware/e2give Not disinfected c:\program files\E2G
    Adware:adware/deskwizz Not disinfected Windows Registry
    Adware:adware/elitebar Not disinfected Windows Registry
    Adware:adware/popper Not disinfected Windows Registry
    Adware:adware/fchelp Not disinfected Windows Registry
    Adware:adware/sqwire Not disinfected Windows Registry
    Adware:adware/novo Not disinfected Windows Registry
    Adware:adware/yazzlesudoku Not disinfected Windows Registry
    Adware:adware/bookedspace Not disinfected Windows Registry
    Adware:adware/powerstrip Not disinfected Windows Registry
    Adware:adware/adblaster Not disinfected Windows Registry
    Adware:adware/ucmore Not disinfected Windows Registry
    Adware:adware/cws.aboutblank Not disinfected Windows Registry
    Adware:adware/stiebar Not disinfected Windows Registry
    Adware:adware/gator Not disinfected Windows Registry
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Daisy\Cookies\[email protected][2].txt
    Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Daisy\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Daisy\Cookies\[email protected][2].txt
    Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Daisy\Cookies\[email protected][2].txt
    Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Daisy\Local Settings\Temp\Cookies\[email protected][3].txt
    Spyware:Spyware/7r7t Not disinfected C:\Documents and Settings\Daisy\Local Settings\Temp\minisetup43.exe

    and once again thank you in advance and sorry for triple posting but i couldnt post all three logs in 1 post.
     
  8. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Click here to download KillBox.

    Save it to your desktop.
    DO NOT run it yet.

    Please download Qoofix by Rubber Ducky to your desktop.
    • Right click on the Qoofix folder, and choose "Extract All". Extract Qoofix to your C: drive
    • Close all windows and programs, including internet windows.
    • Go to C:\Qoofix and open the folder, then double click on Qoofix.exe
    • Click Begin Removal and wait for the scan to finish
    • If Qoofix finds an infection, select yes to restart your computer
    • You will now find a log from this tool, located at C:\Qoofix\Qoofix Logfile.txt Copy and paste the contents of that report into your next reply here.
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490356

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice