Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijackthis Log - Someone Please Help


  • Please log in to reply
8 replies to this topic

#1 footyfever2day

footyfever2day

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 24 August 2007 - 09:53 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:48:07 PM, on 24/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\ONLINE 16.exe
O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [sect store] C:\DOCUME~1\Aldo\APPLIC~1\HECKFL~1\dart program.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\2.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm037YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?6f0db373740a4e97ac64cfdb733a2b90
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?6f0db373740a4e97ac64cfdb733a2b90
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aldo\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab50997.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab50997.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11921 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 24 August 2007 - 11:43 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum footyfever2day :thumbsup:
My name is Richie and i'll be helping you to fix your problems.

Click on Start/Control Panel/Add or Remove Programs and remove/uninstall MyWebSearch,then restart your pc.

You've no virus protection installed.
Download\install one of the following freeware options from the choice below.
Once installed update its definitions and then run a full system virus scan.

AVG7 Free Edition Antivirus:
http://free.grisoft.com/softw/70free/setup...ree_446a965.exe

Avast! 4 Home Edition:
http://files.avast.com/iavs4pro/setupeng.exe

Avira AntiVir Personal Edition Classic
http://www.free-av.com/

Download Deljob.exe and save it on your desktop.
Double click on Deljob.exe.
A log,(logit.txt) should open afterwards.
This log will be present on your desktop.
Post the contents of the logfile into your next reply,along with a new Hijack This log please.
Posted Image
Posted Image

#3 footyfever2day

footyfever2day
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 August 2007 - 12:39 AM

Deljob Log:
--------------------------------------------------------
File(s) moved to C:\deljob

A14F277F9184DFAB.job
--------------------------------------------------------
Files remaining after cleaning

AntiSpyware Scheduled Scan.job
AppleSoftwareUpdate.job
Check Updates for Windows Live Toolbar.job
--------------------------------------------------------
App data folders

Volume in drive C has no label.
Volume Serial Number is 3823-0A31

Directory of C:\Documents and Settings\Aldo\Application Data

25/08/2007 12:53 PM <DIR> .
25/08/2007 12:53 PM <DIR> ..
16/10/2006 04:08 PM <DIR> Adobe
16/10/2006 04:08 PM <DIR> AdobeUM
17/08/2007 01:40 AM <DIR> ANTISP~1 AntiSpyware
08/10/2006 10:57 AM <DIR> APPLEC~1 Apple Computer
25/08/2007 12:53 PM <DIR> Azureus
11/01/2007 11:00 AM <DIR> CYBERL~1 CyberLink
24/04/2007 05:53 PM <DIR> DivX
02/07/2007 09:32 PM <DIR> DNA
04/11/2006 07:33 PM <DIR> Google
25/08/2007 01:05 PM <DIR> HECKFL~1 Heck Flaw Bits
28/11/2006 06:55 PM <DIR> Help
05/10/2006 12:14 PM <DIR> IDENTI~1 Identities
09/12/2006 09:23 PM <DIR> IMVU
13/07/2007 07:35 PM <DIR> iWin
10/04/2007 03:52 PM <DIR> Lavasoft
04/11/2006 05:14 PM <DIR> MACROM~1 Macromedia
05/06/2007 09:21 PM <DIR> MICROS~1 Microsoft
10/04/2007 04:01 PM <DIR> Mozilla
11/12/2006 07:37 PM <DIR> MSNINS~1 MSNInstaller
10/04/2007 03:36 PM <DIR> NEOPET~1 Neopets Toolbar
18/04/2007 10:42 PM <DIR> Nokia
14/05/2007 02:22 PM <DIR> NOKIAM~1 Nokia Multimedia Player
06/05/2007 11:31 AM <DIR> PCSUIT~1 PC Suite
17/08/2007 01:40 AM <DIR> PCTOOL~1 PC Tools
27/11/2006 08:32 PM <DIR> SHARE-~1 Share-to-Web Upload Folder
07/12/2006 09:39 AM <DIR> Sun
02/08/2007 08:03 PM <DIR> VideoEgg
03/07/2007 09:58 AM <DIR> vlc
07/07/2007 09:26 PM <DIR> WinRAR
0 File(s) 0 bytes
31 Dir(s) 139,449,487,360 bytes free
Volume in drive C has no label.
Volume Serial Number is 3823-0A31

Directory of C:\Documents and Settings\All Users\Application Data

03/08/2007 12:59 PM <DIR> .
03/08/2007 12:59 PM <DIR> ..
06/02/2007 07:19 PM <DIR> Adobe
08/10/2006 10:57 AM <DIR> APPLEC~1 Apple Computer
02/07/2007 07:59 PM <DIR> Azureus
19/08/2007 01:34 PM <DIR> BAGSDE~1 Bags default this mpeg
06/10/2006 08:17 AM <DIR> CYBERL~1 CyberLink
04/11/2006 05:15 PM <DIR> Google
18/04/2007 10:11 PM <DIR> INSTAL~1 Installations
07/10/2006 10:42 AM <DIR> MESSEN~1 Messenger Plus!
27/01/2007 08:36 AM <DIR> MICROS~1 Microsoft
03/08/2007 12:59 PM <DIR> MPEGEL~1 MPEG ELSE ONE VIEW
11/04/2007 04:11 PM <DIR> NVIEW_~1 nView_Profiles
18/04/2007 10:17 PM <DIR> PCSUIT~1 PC Suite
25/08/2007 01:19 PM <DIR> SITEBA~1 sitebalmfastdelete
08/03/2007 07:53 PM <DIR> TEMP
14/10/2006 04:58 PM <DIR> VideoEgg
10/12/2006 09:33 AM <DIR> WINDOW~2 Windows Genuine Advantage
07/10/2006 09:12 PM <DIR> WINDOW~1 Windows Live Toolbar
10/12/2006 09:46 AM <DIR> YAHOO!~1 Yahoo! Companion
0 File(s) 0 bytes
20 Dir(s) 139,449,487,360 bytes free
--------------------------------------------------------


HiJackThis Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:32 PM, on 25/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\ONLINE 16.exe
O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [sect store] C:\DOCUME~1\Aldo\APPLIC~1\HECKFL~1\dart program.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm037YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?6f0db373740a4e97ac64cfdb733a2b90
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?6f0db373740a4e97ac64cfdb733a2b90
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aldo\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab50997.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab50997.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11916 bytes

#4 footyfever2day

footyfever2day
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 25 August 2007 - 12:55 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:32 PM, on 25/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\ONLINE 16.exe
O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [sect store] C:\DOCUME~1\Aldo\APPLIC~1\HECKFL~1\dart program.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm037YYAU
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?6f0db373740a4e97ac64cfdb733a2b90
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?6f0db373740a4e97ac64cfdb733a2b90
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aldo\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab50997.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab50997.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11916 bytes

#5 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 25 August 2007 - 04:57 AM

Please download OTMoveIt by OldTimer:
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Save it to your desktop.
Please double-click OTMoveIt.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'):

C:\Documents and Settings\Aldo\Application Data\Heck Flaw Bits
C:\Documents and Settings\All Users\Application Data\Bags default this mpeg
C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW
C:\Documents and Settings\All Users\Application Data\sitebalmfastdelete


Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
Click the red Moveit! button Posted Image.

Copy everything on the 'Results' window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose 'Copy'), and paste it on your next reply.
Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.


Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [One view global this] C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW\ONLINE 16.exe
O4 - HKCU\..\Run: [sect store] C:\DOCUME~1\Aldo\APPLIC~1\HECKFL~1\dart program.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm037YYAU
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Aldo\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...tup1.0.0.15.cab

Exit Hijackthis.

Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#6 footyfever2day

footyfever2day
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 August 2007 - 03:34 AM

File/Folder C:\Documents and Settings\Aldo\Application Data\Heck Flaw Bits not found.
File/Folder C:\Documents and Settings\All Users\Application Data\Bags default this mpeg not found.
File/Folder C:\Documents and Settings\All Users\Application Data\MPEG ELSE ONE VIEW not found.
File/Folder C:\Documents and Settings\All Users\Application Data\sitebalmfastdelete not found.

Created on 08/26/2007 16:31:56


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/26/2007 at 04:23 PM

Application Version : 3.9.1008

Core Rules Database Version : 3292
Trace Rules Database Version: 1303

Scan type : Complete Scan
Total Scan Time : 01:05:17

Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 5527
Registry threats detected : 0
File items scanned : 37251
File threats detected : 149

Adware.Tracking Cookie
C:\Documents and Settings\Aldo\Cookies\aldo@servedby.adxpower[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adtech[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banners.empoweredcomms.com[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.adbrite[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@kanoodle[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@realmedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@entry.porn.xxxallaccesspass[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.winantispyware[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.macromedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@server.iad.liveperson[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@data2.perf.overture[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@atwola[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.revsci[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@us.adrevenue[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adopt.hotbar[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@int.sitestat[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banners.casino[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@serving-sys[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@msnportal.112.2o7[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@toplist[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@media.sensis.com[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mt[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.monster[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@as-eu.falkag[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@xtendmedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@hypertracker[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@content.licenseacquisition[5].txt
C:\Documents and Settings\Aldo\Cookies\aldo@starware[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@click.cashengines[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@drivecleaner[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@scanner[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mediaplex[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.adsalliance[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@media.licenseacquisition[5].txt
C:\Documents and Settings\Aldo\Cookies\aldo@da-tracking[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.burstnet[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@burstnet[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@atdmt[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.mgoldcasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.screensavers[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@flixbanner.bearshare[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@imrworldwide[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.zanox[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mywebsearch[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.yieldmanager[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@bs.serving-sys[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@camteen[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.movieland[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mediaonenetwork[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@dalenetwork.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@azjmp[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.ppctracking[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@h.starware[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.blog[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@smileycentral[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@winfixer[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@i.screensavers[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@winantispyware[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@hotbar[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.prestigecasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@jamster.com[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@int.sitestat[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@stats1.reliablestats[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@http.edge.vru4[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@data4.perf.overture[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@partygaming.122.2o7[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@try.starware[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.winfixer[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@cpvfeed[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.eurogrand[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.ambercoastcasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@teenpeople[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@tracker.mediatracker.co[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.32vegas[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@secure.agoramedia[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@focalex[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.teenidols4you[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.3dstats[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.amaena[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@tinkerbell875.tripod[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.googleadservices[3].txt
C:\Documents and Settings\Aldo\Cookies\aldo@teenidols4you[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@track.webtrekk[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.media-servers[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@offeroptimizer[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@precisionclick[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@directtrack[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@clickollector[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.realtechnetwork[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@pranks[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@eas.apm.emediate[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@yadro[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@rapidresponse.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@winantivirus[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@server.cpmstar[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@partners.4tracking[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.clickxchange[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@azoogleads[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@sensismediasmart.com[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@casalemedia[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@data1.perf.overture[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@pamedia.com[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.adgarden[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@login.tracking101[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@doubleclick[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@primequk.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@xiti[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@overture[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@stats.drivecleaner[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.diamondclubcasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@advertising[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.topix[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@cts.metricsdirect[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.stardoll[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.googleadservices[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.ak.facebook[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.dealtime[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@interclick[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@agoramedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@tradedoubler[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@netmediagroup[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@aff.primaryads[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.accelerator-media[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.e-planning[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@nextag[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@empornium[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adopt.euroclick[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@maxserving[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.googleadservices[4].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.adserver5[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adecn[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.bannerconnect[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@clicktorrent[1].txt
C:\Documents and Settings\Family\Cookies\family@media.licenseacquisition[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.hotbar[1].txt
C:\Documents and Settings\Guest\Cookies\guest@hotbar[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media.licenseacquisition[1].txt

Adware.Lop-Gen
C:\DOCUMENTS AND SETTINGS\ALDO\LOCAL SETTINGS\TEMP\BIS35.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\QTFYIEDU.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\QZYVKSXU.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SITEBALMFASTDELETE\WIN ACTIVE.EXE

Adware.Lop-Variant
C:\DOCUMENTS AND SETTINGS\ALDO\LOCAL SETTINGS\TEMP\STA12.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\DART PROGRAM.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\MOVE FIND 1.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\ZTVVLFJN.EXE

Adware.MovieLand/MediaPipe
C:\PROGRAM FILES\FSUPPORT\NOTIFIER.EXE

Adware.Lop
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SITEBALMFASTDELETE\KEEP SETUP.EXE


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/26/2007 at 04:23 PM

Application Version : 3.9.1008

Core Rules Database Version : 3292
Trace Rules Database Version: 1303

Scan type : Complete Scan
Total Scan Time : 01:05:17

Memory items scanned : 569
Memory threats detected : 0
Registry items scanned : 5527
Registry threats detected : 0
File items scanned : 37251
File threats detected : 149

Adware.Tracking Cookie
C:\Documents and Settings\Aldo\Cookies\aldo@servedby.adxpower[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adtech[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banners.empoweredcomms.com[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.adbrite[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@kanoodle[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@realmedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@entry.porn.xxxallaccesspass[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.winantispyware[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.macromedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@server.iad.liveperson[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@data2.perf.overture[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@atwola[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.revsci[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@us.adrevenue[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adopt.hotbar[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@int.sitestat[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banners.casino[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@serving-sys[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@msnportal.112.2o7[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@toplist[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@media.sensis.com[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mt[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.monster[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@as-eu.falkag[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@xtendmedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@hypertracker[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@content.licenseacquisition[5].txt
C:\Documents and Settings\Aldo\Cookies\aldo@starware[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@click.cashengines[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@drivecleaner[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@scanner[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mediaplex[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.adsalliance[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@media.licenseacquisition[5].txt
C:\Documents and Settings\Aldo\Cookies\aldo@da-tracking[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.burstnet[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@burstnet[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@atdmt[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.mgoldcasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.screensavers[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@flixbanner.bearshare[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@imrworldwide[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.zanox[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mywebsearch[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.yieldmanager[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@bs.serving-sys[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@camteen[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.movieland[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@mediaonenetwork[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@dalenetwork.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@azjmp[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.ppctracking[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@h.starware[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.blog[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@smileycentral[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@winfixer[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@i.screensavers[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@winantispyware[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@hotbar[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.prestigecasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@jamster.com[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@int.sitestat[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@stats1.reliablestats[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@http.edge.vru4[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@data4.perf.overture[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@partygaming.122.2o7[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@try.starware[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.winfixer[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@cpvfeed[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.eurogrand[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.ambercoastcasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@teenpeople[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@tracker.mediatracker.co[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.32vegas[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@secure.agoramedia[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@focalex[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.teenidols4you[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.3dstats[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.amaena[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@tinkerbell875.tripod[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.googleadservices[3].txt
C:\Documents and Settings\Aldo\Cookies\aldo@teenidols4you[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@track.webtrekk[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.mediamayhemcorp[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.media-servers[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@offeroptimizer[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@precisionclick[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@directtrack[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@clickollector[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.realtechnetwork[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@pranks[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@eas.apm.emediate[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@yadro[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@rapidresponse.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@winantivirus[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@server.cpmstar[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@partners.4tracking[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.clickxchange[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@azoogleads[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@sensismediasmart.com[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@casalemedia[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@data1.perf.overture[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@pamedia.com[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.adgarden[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@login.tracking101[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@doubleclick[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@primequk.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@xiti[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@overture[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@stats.drivecleaner[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@banner.diamondclubcasino[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@advertising[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.topix[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@cts.metricsdirect[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.stardoll[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.googleadservices[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.ak.facebook[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.dealtime[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@interclick[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@agoramedia[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@tradedoubler[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@netmediagroup[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@angleinteractive.directtrack[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@aff.primaryads[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.accelerator-media[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ads.e-planning[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@nextag[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@empornium[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adopt.euroclick[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@maxserving[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.googleadservices[4].txt
C:\Documents and Settings\Aldo\Cookies\aldo@www.adserver5[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@adecn[1].txt
C:\Documents and Settings\Aldo\Cookies\aldo@ad.bannerconnect[2].txt
C:\Documents and Settings\Aldo\Cookies\aldo@clicktorrent[1].txt
C:\Documents and Settings\Family\Cookies\family@media.licenseacquisition[2].txt
C:\Documents and Settings\Guest\Cookies\guest@adopt.hotbar[1].txt
C:\Documents and Settings\Guest\Cookies\guest@hotbar[1].txt
C:\Documents and Settings\Guest\Cookies\guest@media.licenseacquisition[1].txt

Adware.Lop-Gen
C:\DOCUMENTS AND SETTINGS\ALDO\LOCAL SETTINGS\TEMP\BIS35.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\QTFYIEDU.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\QZYVKSXU.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SITEBALMFASTDELETE\WIN ACTIVE.EXE

Adware.Lop-Variant
C:\DOCUMENTS AND SETTINGS\ALDO\LOCAL SETTINGS\TEMP\STA12.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\DART PROGRAM.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\MOVE FIND 1.EXE
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALDO\APPLICATION DATA\HECK FLAW BITS\ZTVVLFJN.EXE

Adware.MovieLand/MediaPipe
C:\PROGRAM FILES\FSUPPORT\NOTIFIER.EXE

Adware.Lop
C:\_OTMOVEIT\MOVEDFILES\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\SITEBALMFASTDELETE\KEEP SETUP.EXE



Richie,

I would like to Thank you very much for all your assistance. And I will definitely donate once my
computer is up and running like it should be again.

Thank you very much

Nick

#7 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 26 August 2007 - 07:07 AM

Could you post the new Hijackthis log please.
Posted Image
Posted Image

#8 footyfever2day

footyfever2day
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:54 AM

Posted 26 August 2007 - 07:10 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:10:19 PM, on 26/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Cole2k Media Toolbar Helper - {5499BCB1-5641-4A4C-9F75-462D4D8D0DA0} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Cole2k Media Toolbar - {8AE33802-00D3-4F1B-B5C7-6FEE34E402CE} - C:\Program Files\Cole2k Media Toolbar\v3.2.0.0\Cole2k_Media_Toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [BearFlix] "C:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [AntiSpyware] C:\Program Files\AntiSpyware\AntiSpyware.exe -boot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: IMVU.lnk = C:\Program Files\IMVU\gui1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: NETGEAR WG311T Wireless Assistant.lnk = C:\Program Files\NETGEAR\WG311T\wlancfg5.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/229?6f0db373740a4e97ac64cfdb733a2b90
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-au\msntabres.dll.mui/230?6f0db373740a4e97ac64cfdb733a2b90
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab50997.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab50997.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/Windows...ggPublisher.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11337 bytes

#9 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 26 August 2007 - 07:25 AM

Your log is clean :thumbsup:
If all's ok,please do the following.

Find and delete:
Deljob.exe
logit.txt
OTMoveIt.exe

C:\_OTMoveIt

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1

Double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Your version of Sun Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older versions of Sun Java,and then update.
1. Download the latest version of Java Runtime Environment (JRE)
2. Scroll down to where it says 'Java Runtime Environment (JRE) 6u2'.
3. Click the "Download" button to the right.
4. Check the box that says: "Accept License Agreement".
5. The page will refresh.
6. Click on the link to download 'Windows Offline Installation, Multi-language' and save to your desktop.
7. Close any programs you may have running - especially your web browser.
8. Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
9. Check any item with Java Runtime Environment (JRE or J2SE) in the name.
10. Click the Change/Remove button.
11. Repeat as many times as necessary to remove each Java versions.
12. Reboot your computer once all Java components are removed.
13. Then from your desktop double-click on jre-6u2-windows-i586-p.exe to install the newest version.

Click on Start/All Programs/Accessories/System Tools/System Restore.
In the 'System Restore' window,click on the 'Create a Restore Point' button,then click 'Next'.
In the window that appears,enter a description\name for the Restore Point,then click on 'Create',wait,then click 'Close'.
The date and time will be created automatically.

Next click on Start/All Programs/Accessories/System Tools/Disk Cleanup.
The 'Select Drive' box will appear,click on Ok.
The 'Disk Cleanup for [C:]' box will appear,click on the 'More Options' tab.
At the bottom in the 'System Restore' window,click on the 'Clean up...' button.
A box will pop up 'Are you sure you want to delete all but the most recent restore point?',click on 'Yes'.
Click on 'Yes' at 'Are you sure you want to perform these actions?'.
Now wait until 'Disk Cleanup' finishes and the box disappears.

Read through the information found here,to help you prevent any possible future infections.
'How to prevent Malware' by miekiemoes:
http://users.telenet.be/bluepatchy/miekiem...prevention.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users