Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Know I Have A Bug, However I Can Not Find It! (with Hijackthis Log)


  • This topic is locked This topic is locked
15 replies to this topic

#1 Shelleybeane

Shelleybeane

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 06 October 2007 - 12:29 PM

I'm 99% sure that my parents computer has a bug/worm/trojan (AVG has not been updated despite attempts to do so, Ad-Aware is missing from the Lavasoft folder/Programs menu, SpyBot is only picking up tracking cookies?...)
I downloaded & used ComboFix, however I am not receiving any results from that program?!
Note: My sister has downloaded & used LimeWire in the past, I would not be surprised if it had something to do with this problem.
My parents are not having any other *overt* problems, no excessive amounts of annoying pop-ups, etc. however I understand that there is something else going on that I would like to fix!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:28, on 2007-10-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jamie Chancey\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F3E3BB7F-3137-4DAA-B048-216CDBD26E3f} - C:\WINDOWS\system32\tnoapuew.dll
O2 - BHO: (no name) - {FC523C77-FED2-4A0D-99A5-7953329095C9} - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: cpafx - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O20 - Winlogon Notify: ncemfaeu - ncemfaeu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6445 bytes

(There were also 6 'O15' files that I 'fixed' using HiJackThis... however, now I made the mistake of not saving it) :thumbsup:


Add/Remove Programs Manager

Apple Mobile Device Support
Apple Software Update
HiJackThis 2.0
Hotfix for Windows Media Player (KB939683)
IrfanView (remove only)
iTunes
Mozilla Firefox (2.0.0.7)
Update for Windows XP (KB933360)



StartupList report, 2007-10-06, 13:30:27
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Jamie Chancey\Desktop\HiJackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16512)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jamie Chancey\Desktop\HiJackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Event Reminder.lnk = ?

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IAAnotif = C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
CTHelper = CTHELPER.EXE
AsioReg = REGSVR32.EXE /S CTASIO.DLL
AVG7_CC = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADLTScriptFile\shell\open\command

(Default) = "C:\WINDOWS\notepad.exe" "%1"

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssmarque.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - (no file) - {02478D38-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {549B5CA7-4A86-11D7-A4DF-000874180BB3}
(no name) - C:\WINDOWS\system32\dla\tfswshx.dll - {5CA3D70E-1895-11CF-8E15-001234567890}
(no name) - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - C:\WINDOWS\system32\tnoapuew.dll - {F3E3BB7F-3137-4DAA-B048-216CDBD26E3f}
(no name) - C:\WINDOWS\Cursors\cpafx.dll (file missing) - {FC523C77-FED2-4A0D-99A5-7953329095C9}
(no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft Office Template and Media Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\IEAWSDC.DLL
CODEBASE = http://office.microsoft.com/templates/ieawsdc.cab

[Installation Support]
InProcServer32 = C:\Program Files\Yahoo!\Common\Yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\Yinsthelper.dll

[Jigsaw Genius Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\jigsaw.ocx
CODEBASE = http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab

[Wwlaunch Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wwlaunch.ocx
CODEBASE = http://www.worldwinner.com/games/shared/wwlaunch.cab

[WoF Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wof.ocx
CODEBASE = http://www.worldwinner.com/games/v46/wof/wof.cab

[SwapIt Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\swapit.ocx
CODEBASE = http://www.worldwinner.com/games/v61/swapit/swapit.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab

[iTunesDetector Class]
InProcServer32 = C:\Program Files\iTunes\ITDetector.ocx
CODEBASE = http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.games.yahoo.com/games/web_...aploader_v6.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll

--------------------------------------------------
End of report, 6,759 bytes
Report generated in 0.015 seconds


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:21 AM

Posted 14 October 2007 - 10:06 PM

Hello Shelleybeane,

Welcome to Bleeping Computer :blink:

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 Shelleybeane

Shelleybeane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 October 2007 - 07:38 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:40, on 2007-10-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jamie Chancey\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F3E3BB7F-3137-4DAA-B048-216CDBD26E3f} - C:\WINDOWS\system32\tnoapuew.dll
O2 - BHO: (no name) - {FC523C77-FED2-4A0D-99A5-7953329095C9} - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: cpafx - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O20 - Winlogon Notify: ncemfaeu - ncemfaeu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6641 bytes

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:21 AM

Posted 15 October 2007 - 08:12 PM

Hello,

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please, along with a new HijackThis log.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 Shelleybeane

Shelleybeane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 15 October 2007 - 08:41 PM

OH how I hate trojans!!!

SDFix: Version 1.109

Run on 2007-10-15 at 09:22

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
DP1112

ImagePath:
\??\C:\WINDOWS\system32\Drivers\DP.sys

DP1112 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\JAMIEC~1\LOCALS~1\Temp\hdo45.tmp - Deleted
C:\DOCUME~1\JAMIEC~1\LOCALS~1\Temp\temp.bat - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Disabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Common Files\\AOL\\1124215644\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1124215644\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 12 Nov 2006 1,502,559 A.SH. --- "C:\WINDOWS\Cursors\xfapc.bak1"
Tue 14 Nov 2006 976,904 A.SH. --- "C:\WINDOWS\Cursors\xfapc.bak2"
Sun 18 Dec 2005 321,850 ..SH. --- "C:\WINDOWS\SYSTEM32\klnmp.tmp"
Thu 8 Dec 2005 27,661 ..SH. --- "C:\WINDOWS\SYSTEM32\mljjg.dll"
Mon 5 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 11 Aug 2007 520,374 A..H. --- "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP895\A0103711.sys"
Sat 11 Aug 2007 4,533,966 A..H. --- "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP895\A0103712.sys"
Sun 12 Aug 2007 520,356 A..H. --- "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP899\A0103831.sys"
Sun 12 Aug 2007 4,537,027 A..H. --- "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP899\A0103863.sys"
Thu 16 Aug 2007 4,539,479 A..H. --- "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103904.sys"
Thu 16 Aug 2007 520,383 A..H. --- "C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103907.sys"
Tue 29 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 8 Sep 2005 19,968 ...H. --- "C:\Documents and Settings\Jamie Chancey\Application Data\Microsoft\Word\~WRL0004.tmp"
Thu 8 Sep 2005 22,528 ...H. --- "C:\Documents and Settings\Jamie Chancey\Application Data\Microsoft\Word\~WRL0539.tmp"
Thu 8 Sep 2005 26,112 ...H. --- "C:\Documents and Settings\Jamie Chancey\Application Data\Microsoft\Word\~WRL0999.tmp"
Thu 8 Sep 2005 25,088 ...H. --- "C:\Documents and Settings\Jamie Chancey\Application Data\Microsoft\Word\~WRL1356.tmp"
Thu 8 Sep 2005 23,552 ...H. --- "C:\Documents and Settings\Jamie Chancey\Application Data\Microsoft\Word\~WRL1992.tmp"
Thu 8 Sep 2005 25,600 ...H. --- "C:\Documents and Settings\Jamie Chancey\Application Data\Microsoft\Word\~WRL3627.tmp"
Mon 5 Sep 2005 4,348 A..H. --- "C:\Documents and Settings\Jamie Chancey\My Documents\Share to laptop\My Music\License Backup\drmv1key.bak"
Mon 13 Feb 2006 20 A..H. --- "C:\Documents and Settings\Jamie Chancey\My Documents\Share to laptop\My Music\License Backup\drmv1lic.bak"
Mon 5 Sep 2005 400 A.SH. --- "C:\Documents and Settings\Jamie Chancey\My Documents\Share to laptop\My Music\License Backup\drmv2key.bak"

Finished!

ComboFix 07-10-15.1 - Jamie Chancey 2007-10-15 9:36:09.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.621 [GMT -5:00]
Running from: C:\Documents and Settings\Jamie Chancey\Desktop\ComboFix(2).exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jamie Chancey\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\Jamie Chancey\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\Jamie Chancey\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\Jamie Chancey\err.log
C:\Program Files\Common Files\companion wizard
C:\Program Files\Common Files\companion wizard\compwiz.exe
C:\Program Files\Common Files\Companion Wizard\compwiz.exe
C:\Program Files\Common Files\companion wizard\WapCHK.dll
C:\Program Files\Common Files\Companion Wizard\WapCHK.dll
C:\WINDOWS\system32\mljjg.dll
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\stera.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FOPN


((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.

2007-10-15 09:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-10 02:09 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-06 11:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-28 17:55 <DIR> d-------- C:\Program Files\iTunes
2007-09-28 17:55 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-15 13:51 --------- d-----w C:\Documents and Settings\Jamie Chancey\Application Data\AVG7
2007-09-16 00:21 --------- d-----w C:\Program Files\Apple Software Update
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-18 19:21 --------- d-----w C:\Program Files\Yahoo!
2007-08-18 19:21 --------- d-----w C:\Program Files\Viewpoint
2007-08-18 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-08-18 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2006-11-14 16:50 976,904 --sha-w C:\WINDOWS\Cursors\xfapc.bak2
2006-11-12 15:35 1,502,559 --sha-w C:\WINDOWS\Cursors\xfapc.bak1
2006-11-12 15:35:56 1,502,559 --sha-w C:\WINDOWS\Cursors\xfapc.bak1
2006-11-14 16:50:56 976,904 --sha-w C:\WINDOWS\Cursors\xfapc.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3E3BB7F-3137-4DAA-B048-216CDBD26E3f}]
2006-09-10 06:32 131604 --a------ C:\WINDOWS\system32\tnoapuew.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC523C77-FED2-4A0D-99A5-7953329095C9}]
C:\WINDOWS\Cursors\cpafx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 12:16]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 10:30]
"CTHelper"="CTHELPER.EXE" [2003-02-20 16:45 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\regsvr32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-16 08:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-10 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\pmremind.exe [2005-09-29 16:31:58]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cpafx]
C:\WINDOWS\Cursors\cpafx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ncemfaeu]
ncemfaeu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jamie Chancey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jamie Chancey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]
"C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC6cw]
"C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)


.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 22:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-15 12:38:11 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 09:38:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-15 9:39:53 - machine was rebooted
.
--- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:43:40 AM, on 10/15/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jamie Chancey\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {F3E3BB7F-3137-4DAA-B048-216CDBD26E3f} - C:\WINDOWS\system32\tnoapuew.dll
O2 - BHO: (no name) - {FC523C77-FED2-4A0D-99A5-7953329095C9} - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O20 - Winlogon Notify: cpafx - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O20 - Winlogon Notify: ncemfaeu - ncemfaeu.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 6502 bytes


#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:21 AM

Posted 16 October 2007 - 12:17 PM

Hello,

I hate them too. That's why I do this. :thumbsup:

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {F3E3BB7F-3137-4DAA-B048-216CDBD26E3f} - C:\WINDOWS\system32\tnoapuew.dll
O2 - BHO: (no name) - {FC523C77-FED2-4A0D-99A5-7953329095C9} - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O20 - Winlogon Notify: cpafx - C:\WINDOWS\Cursors\cpafx.dll (file missing)
O20 - Winlogon Notify: ncemfaeu - ncemfaeu.dll (file missing)


Close all browsers and other windows except for HijackThis!, and click "Fix checked".

Delete the following file, if present:

C:\WINDOWS\system32\tnoapuew.dll

Reboot your computer.

Please run ComboFix again and post the report, along with a new HijackThis log. Please also let me know how it's running now. :blink:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Shelleybeane

Shelleybeane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 16 October 2007 - 08:02 PM

ComboFix 07-10-15.1 - 2007-10-16 8:44:29.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.711 [GMT -5:00]
Running from: C:\Documents and Settings\Jamie Chancey\Desktop\ComboFix(2).exe
.

((((((((((((((((((((((((( Files Created from 2007-09-16 to 2007-10-16 )))))))))))))))))))))))))))))))
.

2007-10-15 09:21 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-10 02:09 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-10-06 11:36 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-28 17:55 <DIR> d-------- C:\Program Files\iTunes
2007-09-28 17:55 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-16 13:04 --------- d-----w C:\Documents and Settings\Jamie Chancey\Application Data\AVG7
2007-09-16 00:21 --------- d-----w C:\Program Files\Apple Software Update
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\SYSTEM32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\urlmon.dll
2007-08-18 19:21 --------- d-----w C:\Program Files\Yahoo!
2007-08-18 19:21 --------- d-----w C:\Program Files\Viewpoint
2007-08-18 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-08-18 19:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-08-17 10:21 625,152 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2007-07-31 00:19 92,504 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2007-07-31 00:19 549,720 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2007-07-31 00:19 53,080 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2007-07-31 00:19 43,352 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2007-07-31 00:19 325,976 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2007-07-31 00:19 203,096 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2007-07-31 00:19 1,712,984 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2007-07-31 00:18 33,624 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2006-11-14 16:50 976,904 --sha-w C:\WINDOWS\Cursors\xfapc.bak2
2006-11-12 15:35 1,502,559 --sha-w C:\WINDOWS\Cursors\xfapc.bak1
2006-11-12 15:35:56 1,502,559 --sha-w C:\WINDOWS\Cursors\xfapc.bak1
2006-11-14 16:50:56 976,904 --sha-w C:\WINDOWS\Cursors\xfapc.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 12:16]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-28 10:30]
"AsioReg"="REGSVR32.exe" [2004-08-04 02:56 C:\WINDOWS\SYSTEM32\regsvr32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-08-16 08:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-10 12:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\pmremind.exe [2005-09-29 16:31:58]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jamie Chancey^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jamie Chancey\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveCleaner 2006 Free]
"C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB002" /M "Stylus CX3800"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PAS_Check]
"C:\Program Files\Common Files\DriveCleaner 2006 Free\udcpas.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDR6_Check]
"C:\Program Files\Common Files\DriveCleaner 2006 Free\udcsdr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC6cw]
"C:\Program Files\DriveCleaner 2006 Free\UDC6cw.exe" -c

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3 (0x3)
"LexBceS"=2 (0x2)
"iPod Service"=3 (0x3)
"C-DillaCdaC11BA"=2 (0x2)


.
Contents of the 'Scheduled Tasks' folder
"2007-10-05 22:52:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-16 00:38:11 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-16 08:46:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-16 8:46:29
C:\ComboFix2.txt ... 2007-10-15 09:39
.
--- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:38:02 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Grisoft\AVG7\avgw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jamie Chancey\Desktop\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVG7\avginet.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5665 bytes


AH HA!

I knew there was something sketchy about one of those CTHelper things!
I think I wasn't looking in the correct places as I couldn't find any dirt on it... *shrugs*
So far-- so good. I hope that we are 'good' for a longggggggggg time!


#8 Shelleybeane

Shelleybeane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 16 October 2007 - 08:07 PM

OK so I spoke too soon...
I'm still not able to download any updates from AVG, priority or otherwise. :thumbsup:


#9 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:21 AM

Posted 17 October 2007 - 02:19 AM

Hello,

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#10 Shelleybeane

Shelleybeane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 21 October 2007 - 10:44 PM

SmitFraudFix v2.240

Scan done at 11:46:35.76, Sun 10/21/2007
Run from C:\Documents and Settings\Jamie Chancey\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jamie Chancey


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jamie Chancey\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JAMIEC~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
DNS Server Search Order: 68.87.74.162
DNS Server Search Order: 68.87.68.162

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2A6DA992-110D-4976-A8EF-39E7B1F75436}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS2\Services\Tcpip\..\{23924728-FF6C-4F81-95A3-E809EF8CDA8B}: DhcpNameServer=143.166.95.37 143.166.6.24
HKLM\SYSTEM\CS3\Services\Tcpip\..\{2A6DA992-110D-4976-A8EF-39E7B1F75436}: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.74.162 68.87.68.162


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


#11 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:21 AM

Posted 22 October 2007 - 11:14 AM

Hi there,

Delete SmitfraudFix, please.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please print these instructions or copy them to Notepad (or another word processor), and save it for easier reference. This is because we will be in Safe Mode during the fix and you won’t be able to access the Internet to view these instructions.

Please download AVG Anti-Spyware Free Edition and save that file to your desktop.

This is a 30-day trial of the program -- This means that after 30 days the "background guard" protection will be de-activated. However, this version can continue to be manually updated and used as an on-demand scanner forever.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the top of the main screen select the "Update" icon, then under the "Manual update" section click the "Start update" button.
  • The update will start and a progress bar will show the updates being installed.
  • Once the update has completed (the progress bar will display "Update successful!") select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the "Settings" screen:
    • Click on "Recommended actions" -> select "Quarantine".
    • Under "Reports:" -> select "Do not automatically generate reports".
  • Close AVG Anti-Spyware. Please do NOT run a scan yet!
Next, please reboot your computer into Safe Mode by doing the following:
  • Reboot your computer.
  • After hearing your computer beep once during startup, but just before the Windows icon appears, begin tapping the F8 key on your keyboard. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, reboot the computer and try again.
  • Instead of Windows loading as normal, a menu should appear.
  • Using the arrow keys on the keyboard, scroll to and select the "Safe Mode" menu item, and then press "Enter".
Then please run a scan with AVG Anti-Spyware:

IMPORTANT: Do NOT open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process.
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab. Click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
  • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select the "Apply all actions" button, AVG Anti-Spyware will then display "All actions have been applied" on the right hand side.
    • Next select the "Save Report" button at the bottom.
    • Then select the "Save report as" button in the lower left hand corner of the screen and save it as a text file on your system (make sure to remember where you saved that file, this is important!).
  • Close AVG Anti-Spyware and reboot your system normally into Windows. Please post the contents of the AVG Anti-Spyware report in your next reply, along with a new HijackThis log.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#12 Shelleybeane

Shelleybeane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 28 October 2007 - 03:11 PM

Geez... its ugly!

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:52:10 AM 10/28/2007

+ Scan result:

C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP960\A0107194.dll -> Adware.Companion : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\Program Files\Common Files\Companion Wizard\WapCHK.dll.vir -> Adware.Companion : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AE84FF0C-BABD-4D91-92A1-AF75D2D02E6D} -> Adware.DriveCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103895.exe -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103898.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103899.dll -> Adware.ErrorSafe : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\idgexbtx.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vsorxmpd.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\Program Files\Common Files\SysProtect\PCheck.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\Program Files\SysProtect -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\Program Files\SysProtect\lock.dat -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103900.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103901.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103902.dll -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\SysProtect -> Adware.SysProtect : Cleaned with backup (quarantined).
HKU\S-1-5-21-2887971863-2832468731-3142362934-1005\Software\SysProtect -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103897.exe -> Adware.SystemDoctor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP960\A0107192.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\qoobox\Quarantine\C\WINDOWS\SYSTEM32\mljjg.dll.vir -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-2887971863-2832468731-3142362934-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103958.exe -> Adware.WinFixer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103973.exe -> Backdoor.Suspect.bj : Cleaned with backup (quarantined).
HKU\S-1-5-21-2887971863-2832468731-3142362934-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00DBDAC8-4691-4797-8E6A-7C6AB89BC441} -> Downloader.ConHook.l : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103956.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP901\A0103894.exe -> Not-A-Virus.Downloader.Win32.WinFixer.t : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.214:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.215:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.216:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.217:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.218:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.219:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.220:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.221:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.229:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.232:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.233:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.234:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.320:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.499:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.722:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.724:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.743:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.764:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.819:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.842:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.846:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.850:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.882:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.479:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.480:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.182:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.183:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.184:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.204:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.205:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.206:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.207:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.208:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.209:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.210:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.211:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.643:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.854:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.855:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.100:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.101:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.102:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.98:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.99:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.119:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.517:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.661:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.844:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.447:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.650:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.243:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.261:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.262:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.321:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.322:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.323:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.324:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.325:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.326:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.327:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.328:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.594:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.77:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.311:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.312:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.313:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.314:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.315:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.76:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.78:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.79:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.80:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.81:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.82:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.476:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.598:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.270:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.271:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.272:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.405:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.406:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.407:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.408:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.409:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.429:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.432:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.434:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.435:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.449:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.450:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.452:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.457:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.568:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.627:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.628:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.808:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.829:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.832:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.833:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.423:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.424:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.813:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.175:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.181:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.337:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.436:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.437:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.438:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.776:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.414:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.415:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.416:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.417:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.418:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.419:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.420:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.421:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.422:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.196:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.200:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.105:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.106:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.107:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.108:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.109:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.577:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.814:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.364:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.365:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.366:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.367:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.368:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.369:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.370:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.371:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.372:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.373:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.569:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.570:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.571:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.572:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.573:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.704:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.342:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.343:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.344:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.345:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.244:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.245:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.246:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.247:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.263:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.601:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.858:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.83:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.84:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.85:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.86:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.87:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.88:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.89:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.90:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.91:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.92:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.93:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.94:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.95:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.104:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.827:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.828:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.495:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.393:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.52:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.55:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.58:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.59:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.60:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.61:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.62:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.361:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.362:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.363:C:\Documents and Settings\~JC\Application Data\Mozilla\Firefox\Profiles\vglbgbur.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:14 AM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jamie Chancey\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Lavasoft\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Event Reminder.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {41D1977F-4161-4720-800F-EA4903983A38} (Jigsaw Genius Control) - http://www.worldwinner.com/games/v42/jigsaw/jigsaw.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) - http://www.worldwinner.com/games/v61/swapit/swapit.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 5874 bytes


#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:21 AM

Posted 29 October 2007 - 11:56 AM

Holy Moly! :wacko: PLEASE don't post in red any more. That nearly burned the eyes right out of me. It's very hard to look at. Just leave it all black, please. :thumbsup:

How is it running now? Can you get updates? Let me know. :blink:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#14 Shelleybeane

Shelleybeane
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:21 AM

Posted 29 October 2007 - 04:28 PM

Sadly, AVG Anti-Virus is still not updating. (I was able to connect with a Priority Update, however, the files downloaded but were blocked from installing.)
AVG Anti-Spyware is fine.
As for Anti-Virus, should I go ahead & uninstall it, then re-install? I'm not sure if that will help, but it was my next thought?!!?!
I'm glad that all that junk is gone.


No red this time!


#15 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:03:21 AM

Posted 29 October 2007 - 05:14 PM

You can try it. :thumbsup: I also see remnants of Symantec. If you don't use anything Symantec then do this :

The Norton uninstall tool uninstalls ALL Norton 2004/2005/2006 products from your computer. It also uninstalls Norton Ghost 10.0/9.0/2003. http://service1.symantec.com/SUPPORT/tsgen...005033108162039

Let me know!

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users