1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: C:\WINDOWS\Temp

Discussion in 'Windows XP' started by sirus204, Jul 14, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    can i delete "all" files inside this folder? i have win xp sp2,,, this folder takes up 722mb of space so i was wondering if it's ok if i delete everything inside this folder,,, here's a screeny of the inside of the folder,,,
     

    Attached Files:

  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yes and while you are at it

    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries
     
  3. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    thank you for fast reply and thx for the link,,,
     
  4. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    hi there,,, i was looking at my disk space using "treesizefree" [app i found in this forum],,, and i was scanning drive c: of my comp and saw this,,, [1.280mb files]

    [​IMG]

    i went to drive c:/ of my comp and i saw nothing there that had that size even the hidden files,,,

    [​IMG]

    what could that be? and how do i find it? maybe it's just junk [not sure] so maybe i could just delete it ^_^,,,
     
  5. Frank4d

    Frank4d Retired Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    The winXXXX.tmp.exe (X = random) in post #1 look a lot like malware. Lets see what MFDnNC says about them.
     
  6. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Good spot Frank

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
     
  7. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    hi guys,,, here's the hijackthis log,,,

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1.43.49, on 15/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
    C:\Programmi\Windows Defender\MSASCui.exe
    C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Windows Media Player\WMPNSCFG.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = 123
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
    O4 - HKLM\..\Run: [PSPAP] C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe min
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\mkfvtgts.dll",realset
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [StarSkin] D:\ANGELO!!!\PROGRAMMI\STARSKIN\STARSKIN.EXE -H
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\AnGeLo!!!\Programmi\adobe reader 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ltmiffjf.exe (file missing)
    O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
    O24 - Desktop Component 0: (no name) - http://thinkexist.com/i/sq/as5.gif

    --
    End of file - 6584 bytes
     
  8. Frank4d

    Frank4d Retired Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    I see a couple of probable malware items in your log. MFDnNC should be able to help you fix them.

    Regarding the 1280 MB of files mentioned in post #4, you need to go to C:\Programmi to see them. Treesize says "Files" so that may be one or more files totaling 1,280 MB.
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    If you have vundofix, remove it and get the current version

    Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
    Double-click VundoFix.exe to run it.
    click the Scan for Vundo button.
    Once it's done scanning, click the Remove Vundo button.
    You will receive a prompt asking if you want to remove the files, click YES.
    Once you click yes, your desktop will go blank as it starts removing Vundo.
    When completed, it will prompt that it will shutdown your computer, click OK.
    Turn your computer back on.
    Please post the contents of C:\vundofix.txt
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

    Please let Vundo finish its thing, sometimes it can take multiple passes
    ====================
    Download Superantispyware (SAS)

    http://www.superantispyware.com/superantispywarefreevspro.html

    Install it and double-click the icon on your desktop to run it.
    · It will ask if you want to update the program definitions, click Yes.
    · Under Configuration and Preferences, click the Preferences button.
    · Click the Scanning Control tab.
    · Under Scanner Options make sure the following are checked:
    o Close browsers before scanning
    o Scan for tracking cookies
    o Terminate memory threats before quarantining.
    o Please leave the others unchecked.
    o Click the Close button to leave the control center screen.
    · On the main screen, under Scan for Harmful Software click Scan your computer.
    · On the left check C:\Fixed Drive.
    · On the right, under Complete Scan, choose Perform Complete Scan.
    · Click Next to start the scan. Please be patient while it scans your computer.
    · After the scan is complete a summary box will appear. Click OK.
    · Make sure everything in the white box has a check next to it, then click Next.
    · It will quarantine what it found and if it asks if you want to reboot, click Yes.
    · To retrieve the removal information for me please do the following:
    o After reboot, double-click the SUPERAntispyware icon on your desktop.
    o Click Preferences. Click the Statistics/Logs tab.
    o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    o It will open in your default text editor (such as Notepad/Wordpad).
    o Please highlight everything in the notepad, then right-click and choose copy.
    · Click close and close again to exit the program.
    · Please paste that information here for me with a new HijackThis log.

    This can take a while!
     
  10. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    hi there guys,,, sorry i took so long,,, i followed exactly what you said,,, and here is the scan log of the superantispyware,,,

    ------------------------------------------------
    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/16/2007 at 12:25 PM

    Application Version : 3.9.1008

    Core Rules Database Version : 3269
    Trace Rules Database Version: 1280

    Scan type : Complete Scan
    Total Scan Time : 01:32:58

    Memory items scanned : 502
    Memory threats detected : 0
    Registry items scanned : 5226
    Registry threats detected : 17
    File items scanned : 55596
    File threats detected : 102

    Unclassified.Unknown Origin
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

    Adware.Tracking Cookie
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][5].txt
    C:\Documents and Settings\Angelo\Cookies\ange[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][3].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
    C:\Documents and Settings\Angelo\Cookies\[email protected][4].txt

    Trojan.Unknown Origin
    HKLM\SOFTWARE\Microsoft\MSSMGR
    HKLM\SOFTWARE\Microsoft\MSSMGR#Data
    HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
    HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#PID
    HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
    HKLM\SOFTWARE\Microsoft\MSSMGR#LID
    HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
    HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
    HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR

    Adware.IPWins
    HKU\S-1-5-21-746137067-1682526488-1202660629-1003\Software\IpWins

    Trojan.Downloader-SpyTool
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\AHUQHQBQ.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\BDMNDEPV.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\CMNGRFYM.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\DCPHXGFU.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\EDNTYIJO.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\FXMFSILX.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\FXMFVKUW.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\GBOCWHBL.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\GFYGIPIJ.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\GQNNIHEG.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\HHLVBALR.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\IAKHNHIG.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\IYYBKIFE.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\KDNEPQBO.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\LODVEFTW.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\MAQYYCGE.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\MVSGYJAB.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\NJKSUPHY.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\OWLWDPGJ.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\SGXNLFNN.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\VADFJULD.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\WSYNILTO.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XHIXAHKU.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XINQTBWL.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XLWVDQVF.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XVBNOPFG.DLL
    C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\YUQAINTF.DLL

    Trojan.Downloader-Gen/HitItQuitIt
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5377213-9C93-4E2F-9E64-8BBEDA768A69}\RP154\A0029289.DLL
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5377213-9C93-4E2F-9E64-8BBEDA768A69}\RP154\A0029290.DLL
    C:\WINDOWS\SYSTEM32\YAYYYWV.DLL

    Trojan.Downloader-Gen/TStamp
    C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5377213-9C93-4E2F-9E64-8BBEDA768A69}\RP154\A0029291.EXE
    C:\VUNDOFIX BACKUPS\PSMROREM.EXE.BAD

    Malware.SpywareNuker
    C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS
    --------------------------------------------------------------------------

    and here is the new hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12.36.59, on 16/07/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
    C:\Programmi\Windows Defender\MSASCui.exe
    C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe
    C:\Programmi\Eset\nod32kui.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
    C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Windows Media Player\WMPNSCFG.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\Eset\nod32krn.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = 123
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\AnGeLo!!!\Programmi\adobe reader 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {61D6CD63-D000-4A56-83FD-77E6E9B18C1A} - C:\WINDOWS\system32\qopml.dll (file missing)
    O2 - BHO: (no name) - {6E0C575E-5F63-4D89-B86D-B5E364B59873} - C:\WINDOWS\system32\purhbwuk.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
    O4 - HKLM\..\Run: [PSPAP] C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe min
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
    O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\AnGeLo!!!\Programmi\adobe reader 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: winbhv32 - winbhv32.dll (file missing)
    O20 - Winlogon Notify: winiur32 - winiur32.dll (file missing)
    O20 - Winlogon Notify: winnya32 - winnya32.dll (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ltmiffjf.exe (file missing)
    O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
    O24 - Desktop Component 0: (no name) - http://thinkexist.com/i/sq/as5.gif

    --
    End of file - 7671 bytes

    and btw i noticed something in my desktop, there are gray shades in the background of my fonts,,, here's a screeny,,,
     

    Attached Files:

  11. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    hi guys,,, some days ago i asked the members of this forum if they could suggest a good free antivirus for my comp,,, since my norton went bye bye last month,,, they suggested avg7.5,,, now i went there [im here now-> http://www.grisoft.com/doc/31/us/crp/0] and now im thinking what to download there,,, there are avg internet sec, home edition, and etc.,,, there are also trials and full vers, but im guessing that i should get the full vers,,, but i have no idea which one is better,,, or which one i should,,, thx so much for help,,, i have also noticed a speed up in my comp when i reboot,,, thx again so much,,,
     
  12. Frank4d

    Frank4d Retired Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    AVG Antivirus Free is good for antivirus protection, and Zone Alarm is a good firewall.

    The grey boxex can be fixed by going to Control Panel > System > Advanced tab > Performance Settings button. Under Visual effects, check the box for "Use drop shadows for icon labels on the desktop", then click Apply. (If the box is already checked, uncheck it the recheck it).

    Your log still is not clean.
     
  13. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    thx for reply,,, i haven't fixed the gray stuff but i'll think about that later,,,
    what do i need to do to clean my log? do i need to re-do the vundo scan and superantispyware scan again? thx
     
  14. Frank4d

    Frank4d Retired Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    You need for one of the malware experts (gold shield) to come by and help finish cleaning it up.
     
  15. sirus204

    sirus204 Thread Starter

    Joined:
    Jul 10, 2007
    Messages:
    39
    oh ok,,, i hope he sees my post soon,,, ^_^
    but is my log not that bad as before?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/595724

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice