Solved: C:\WINDOWS\Temp

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sirus204

Thread Starter
Joined
Jul 10, 2007
Messages
39
can i delete "all" files inside this folder? i have win xp sp2,,, this folder takes up 722mb of space so i was wondering if it's ok if i delete everything inside this folder,,, here's a screeny of the inside of the folder,,,
 

Attachments

Joined
Sep 7, 2004
Messages
49,014
Yes and while you are at it

DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries
 

sirus204

Thread Starter
Joined
Jul 10, 2007
Messages
39
hi there,,, i was looking at my disk space using "treesizefree" [app i found in this forum],,, and i was scanning drive c: of my comp and saw this,,, [1.280mb files]



i went to drive c:/ of my comp and i saw nothing there that had that size even the hidden files,,,



what could that be? and how do i find it? maybe it's just junk [not sure] so maybe i could just delete it ^_^,,,
 

Frank4d

Retired Trusted Advisor
Joined
Sep 10, 2006
Messages
9,126
The winXXXX.tmp.exe (X = random) in post #1 look a lot like malware. Lets see what MFDnNC says about them.
 
Joined
Sep 7, 2004
Messages
49,014
Good spot Frank

Click here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
 

sirus204

Thread Starter
Joined
Jul 10, 2007
Messages
39
hi guys,,, here's the hijackthis log,,,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1.43.49, on 15/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = 123
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [PSPAP] C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\mkfvtgts.dll",realset
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [StarSkin] D:\ANGELO!!!\PROGRAMMI\STARSKIN\STARSKIN.EXE -H
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\AnGeLo!!!\Programmi\adobe reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ltmiffjf.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - http://thinkexist.com/i/sq/as5.gif

--
End of file - 6584 bytes
 

Frank4d

Retired Trusted Advisor
Joined
Sep 10, 2006
Messages
9,126
I see a couple of probable malware items in your log. MFDnNC should be able to help you fix them.

Regarding the 1280 MB of files mentioned in post #4, you need to go to C:\Programmi to see them. Treesize says "Files" so that may be one or more files totaling 1,280 MB.
 
Joined
Sep 7, 2004
Messages
49,014
If you have vundofix, remove it and get the current version

Please download http://www.atribune.org/ccount/click.php?id=4 to C:\
Double-click VundoFix.exe to run it.
click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish its thing, sometimes it can take multiple passes
====================
Download Superantispyware (SAS)

http://www.superantispyware.com/superantispywarefreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.

This can take a while!
 

sirus204

Thread Starter
Joined
Jul 10, 2007
Messages
39
hi there guys,,, sorry i took so long,,, i followed exactly what you said,,, and here is the scan log of the superantispyware,,,

------------------------------------------------
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/16/2007 at 12:25 PM

Application Version : 3.9.1008

Core Rules Database Version : 3269
Trace Rules Database Version: 1280

Scan type : Complete Scan
Total Scan Time : 01:32:58

Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 5226
Registry threats detected : 17
File items scanned : 55596
File threats detected : 102

Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}

Adware.Tracking Cookie
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][5].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][3].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][1].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][2].txt
C:\Documents and Settings\Angelo\Cookies\[email protected][4].txt

Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#OCCUR

Adware.IPWins
HKU\S-1-5-21-746137067-1682526488-1202660629-1003\Software\IpWins

Trojan.Downloader-SpyTool
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\AHUQHQBQ.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\BDMNDEPV.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\CMNGRFYM.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\DCPHXGFU.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\EDNTYIJO.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\FXMFSILX.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\FXMFVKUW.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\GBOCWHBL.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\GFYGIPIJ.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\GQNNIHEG.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\HHLVBALR.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\IAKHNHIG.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\IYYBKIFE.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\KDNEPQBO.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\LODVEFTW.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\MAQYYCGE.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\MVSGYJAB.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\NJKSUPHY.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\OWLWDPGJ.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\SGXNLFNN.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\VADFJULD.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\WSYNILTO.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XHIXAHKU.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XINQTBWL.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XLWVDQVF.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\XVBNOPFG.DLL
C:\DOCUMENTS AND SETTINGS\ANGELO\IMPOSTAZIONI LOCALI\TEMP\YUQAINTF.DLL

Trojan.Downloader-Gen/HitItQuitIt
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5377213-9C93-4E2F-9E64-8BBEDA768A69}\RP154\A0029289.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5377213-9C93-4E2F-9E64-8BBEDA768A69}\RP154\A0029290.DLL
C:\WINDOWS\SYSTEM32\YAYYYWV.DLL

Trojan.Downloader-Gen/TStamp
C:\SYSTEM VOLUME INFORMATION\_RESTORE{B5377213-9C93-4E2F-9E64-8BBEDA768A69}\RP154\A0029291.EXE
C:\VUNDOFIX BACKUPS\PSMROREM.EXE.BAD

Malware.SpywareNuker
C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS
--------------------------------------------------------------------------

and here is the new hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.36.59, on 16/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = 123
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\AnGeLo!!!\Programmi\adobe reader 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {61D6CD63-D000-4A56-83FD-77E6E9B18C1A} - C:\WINDOWS\system32\qopml.dll (file missing)
O2 - BHO: (no name) - {6E0C575E-5F63-4D89-B86D-B5E364B59873} - C:\WINDOWS\system32\purhbwuk.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Versato] C:\Program Files\MagicKey\MagicKey.exe
O4 - HKLM\..\Run: [PSPAP] C:\Programmi\Thrustmaster\FunAccess\PSPAP.exe min
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\AnGeLo!!!\Programmi\adobe reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: winbhv32 - winbhv32.dll (file missing)
O20 - Winlogon Notify: winiur32 - winiur32.dll (file missing)
O20 - Winlogon Notify: winnya32 - winnya32.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ltmiffjf.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O24 - Desktop Component 0: (no name) - http://thinkexist.com/i/sq/as5.gif

--
End of file - 7671 bytes

and btw i noticed something in my desktop, there are gray shades in the background of my fonts,,, here's a screeny,,,
 

Attachments

sirus204

Thread Starter
Joined
Jul 10, 2007
Messages
39
hi guys,,, some days ago i asked the members of this forum if they could suggest a good free antivirus for my comp,,, since my norton went bye bye last month,,, they suggested avg7.5,,, now i went there [im here now-> http://www.grisoft.com/doc/31/us/crp/0] and now im thinking what to download there,,, there are avg internet sec, home edition, and etc.,,, there are also trials and full vers, but im guessing that i should get the full vers,,, but i have no idea which one is better,,, or which one i should,,, thx so much for help,,, i have also noticed a speed up in my comp when i reboot,,, thx again so much,,,
 

Frank4d

Retired Trusted Advisor
Joined
Sep 10, 2006
Messages
9,126
AVG Antivirus Free is good for antivirus protection, and Zone Alarm is a good firewall.

The grey boxex can be fixed by going to Control Panel > System > Advanced tab > Performance Settings button. Under Visual effects, check the box for "Use drop shadows for icon labels on the desktop", then click Apply. (If the box is already checked, uncheck it the recheck it).

Your log still is not clean.
 

sirus204

Thread Starter
Joined
Jul 10, 2007
Messages
39
thx for reply,,, i haven't fixed the gray stuff but i'll think about that later,,,
what do i need to do to clean my log? do i need to re-do the vundo scan and superantispyware scan again? thx
 

Frank4d

Retired Trusted Advisor
Joined
Sep 10, 2006
Messages
9,126
You need for one of the malware experts (gold shield) to come by and help finish cleaning it up.
 

sirus204

Thread Starter
Joined
Jul 10, 2007
Messages
39
oh ok,,, i hope he sees my post soon,,, ^_^
but is my log not that bad as before?
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top