Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Curse You Internet Porn!...help, Please...i've Got Trojans And Not The Good Kind!


  • This topic is locked This topic is locked
11 replies to this topic

#1 Buenovistache

Buenovistache

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 29 May 2008 - 03:31 PM

Weeeell....I really need someone's help. I've noticed my PC has been acting a little squirrelly lately...taking more and more time to load programs (firefox, word, office) and the other big issue, I've had noticed is that when I went to open PDF's on adobe, the program would freeze my computer.

Recently, i removed the old adobe (version 5.million years old) using the add removal tool and upgraded to the 8.1.2 version and I also upgraded to AVG 8.0 because they're not updating 7.5 after may 31st (but, you probably knew that). I've had a couple of serious hiccups since.

For the second time in 3 days, I've had a "Blue Screen of Death" issue, basically telling me Windows has suffered a fatal error and had to restart and check the disk. I've run the AVG a few times and a virus or trojan horse keeps showing up. 1st I saw the Zlob listed and then I saw the others. I figure I could keep doing this and bang my head against a wall but it seems I'm only putting paint over the situation....and mixing a few metaphors to boot!

So, here I am. I went ahead and followed the pinned advice, I ran the Kaspersky and the Deckard/Hijackthis and included them below. I am at your mercy and will do what ever I need to do here to fix the issue and prevent it from happening again (even if that means making my wife stop looking at the adult sites ;-). Thanks again for all your help!!!

This is my system info:

Microsoft win xp
media center edition
version 2002
service pack 2
pentium 4 cpu 2.4ghz
1.5 gb ram

1st Kapersky
----------------------------------------------------------------------
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 29, 2008 3:57:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 29/05/2008
Kaspersky Anti-Virus database records: 812777
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 120600
Number of viruses found: 4
Number of infected objects: 17
Number of suspicious objects: 0
Duration of the scan process: 02:28:39

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4A5F.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\Stu Files\dietk_3_0_8.exe/Stream/data0046 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\Administrator\My Documents\Stu Files\dietk_3_0_8.exe/Stream Infected: not-a-virus:AdWare.Win32.Cydoor skipped
C:\Documents and Settings\Administrator\My Documents\Stu Files\dietk_3_0_8.exe Inno: infected - 2 skipped
C:\Documents and Settings\Administrator\My Documents\Stu Files\prettyprincesswall.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Documents and Settings\Administrator\My Documents\Stu Files\prettyprincesswall.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.EZula.cp skipped
C:\Documents and Settings\Administrator\My Documents\Stu Files\prettyprincesswall.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
C:\Documents and Settings\Administrator\My Documents\Stu Files\prettyprincesswall.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\_restore{AE9FF3FD-6B9C-4C5B-8887-16A163BE8E8E}\RP549\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ModemLog_GTW V.92 Voicemodem.txt Object is locked skipped
C:\WINDOWS\SAA144B06.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
G:\Stu Files\dietk_3_0_8.exe/Stream/data0046 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
G:\Stu Files\dietk_3_0_8.exe/Stream Infected: not-a-virus:AdWare.Win32.Cydoor skipped
G:\Stu Files\dietk_3_0_8.exe Inno: infected - 2 skipped
G:\Stu Files\prettyprincesswall.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
G:\Stu Files\prettyprincesswall.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.EZula.cp skipped
G:\Stu Files\prettyprincesswall.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
G:\Stu Files\prettyprincesswall.exe WiseSFX: infected - 3 skipped
G:\Temp\dietk_3_0_8.exe/Stream/data0046 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
G:\Temp\dietk_3_0_8.exe/Stream Infected: not-a-virus:AdWare.Win32.Cydoor skipped
G:\Temp\dietk_3_0_8.exe Inno: infected - 2 skipped

Scan process completed.

NOW, DECKARD/HIJACKTHIS:
----------------------------------------------------------------------------
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 2.40GHz
Percentage of Memory in Use: 40%
Physical Memory (total/avail): 1534.8 MiB / 918.78 MiB
Pagefile Memory (total/avail): 3433.81 MiB / 3037.4 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1944.95 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 111.79 GiB total, 48 GiB free.
D: is Removable (No Media)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is Fixed (FAT32) - 298.02 GiB total, 197.05 GiB free.
H: is CDROM (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3120023A - 111.79 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 111.79 GiB - C:

\\.\PHYSICALDRIVE2 - Generic STORAGE DEVICE USB Device

\\.\PHYSICALDRIVE3 - HP Photosmart C6180 USB Device

\\.\PHYSICALDRIVE1 - Seagate External Drive USB Device - 298.09 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 298.09 GiB - G:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FW: Sunbelt Personal Firewall v4.5.916 T (Sunbelt)
AV: AVG Anti-Virus Free v8.0 (AVG Technologies)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"E:\\setup\\HPZNET01.EXE"="E:\\setup\\HPZNET01.EXE:*:Enabled:hpznet01.exe"
"E:\\setup\\HPONICIFS01.EXE"="E:\\setup\\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 11\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SISSYPHUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\SISSYPHUS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Pinnacle\Shared Files;C:\Program Files\Pinnacle\Shared Files\Filter
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 7, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0207
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=SISSYPHUS
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S /R
--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
America Online --> C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20020823.1) --> C:\WINDOWS\AolCInUn.exe
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Disk Defrag --> "C:\Program Files\AusLogics Disk Defrag\unins000.exe"
AVG Free 8.0 --> C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Azureus Vuze --> C:\Program Files\Azureus\uninstall.exe
ConvertXtoDVD 2.2.3.258 --> "C:\Program Files\VSO\ConvertXtoDVD\unins000.exe"
Creative Driver --> C:\WINDOWS\System32\ctdrvins /s /u /g
Do More 6.0 --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20440EF7-D14E-47E2-9D7F-18336E728FB9 /Prompt
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"
File Shredder 2.0 --> "C:\Program Files\File Shredder\unins000.exe"
Free iPod Video Converter 1.34 --> "C:\Program Files\Free iPod Video Converter\unins000.exe"
Gateway Desktop Manager --> C:\Program Files\Gateway\BMPMAN\GWBMPMAN.exe UNINSTALL
Gateway Drivers and Applications Recovery --> C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway IE Customizations --> C:\Program Files\\Gateway\IECustom\IEProj.exe UNINSTALL
Gateway Power Management --> C:\Program Files\Gateway\Power Management\Grnstar.exe UNINSTALL
Gateway Rhapsody --> "C:\Program Files\SIFXINST\SIFXINST.EXE" /UnapplyFile 20BBF229-A337-40AD-9FEB-2C98CDA53D1C /Prompt
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
GTW V.92 Voicemodem --> C:\WINDOWS\GWMDMU.exe verbose
HelpSpot --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Gateway\HelpSpot\Uninst.isu"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMate 5 in 1 Reader/Writer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4BF87C8-3EEC-4774-82A2-584F109187B1}\Setup.exe"
Intel® PRO Ethernet Adapter and Software --> Prounstl.exe
iPod for Windows 2005-10-12 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1033
Java™ 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Mega Codec Pack 2.2.9 *BETA* --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0 --> MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works 2003 Setup Launcher --> C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe E:\
Microsoft Works 7.0 --> MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Move Networks Media Player for Internet Explorer --> C:\Documents and Settings\Administrator\Application Data\Move Networks\ie_bin\Uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\setup.exe /uninstall
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PC-Doctor for Windows --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
PeerGuardian 2.0 --> "C:\Program Files\PeerGuardian2\unins000.exe"
PhoneTools --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\SETUP.EXE" -l0x9 ControlPanel
Pinnacle Instant DVD Recorder --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x9 UNINSTALL
proDAD Heroglyph 2.5 --> "C:\Program Files\proDAD\Heroglyph-2.5\uninstall.exe" uninstall spcp PATHVERSION 2.5 MAINNAME Heroglyph
proDAD Vitascene 1.0 --> "C:\Program Files\proDAD\Vitascene-1.0\uninstall.exe" uninstall spcp PATHVERSION 1.0 MAINNAME Vitascene
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Sound Blaster Audigy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\Setup.exe" -l0x9
SoundSoap PE --> MsiExec.exe /I{CBF78A5F-7950-4CF1-A063-C4C7B2B82CE6}
Studio 11 --> C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio 11 Bonus DVD --> C:\Program Files\InstallShield Installation Information\{45A1BF92-700A-4408-B95E-79F462E3D67D}\setup.exe -runfromtemp -l0x0009 UNINSTALL -removeonly
Studio 11 Ultimate --> C:\Program Files\InstallShield Installation Information\{CC874CBB-BD87-4126-9465-AE73BB62D6E0}\setup.exe -runfromtemp -l0x0009 -removeonly
Sunbelt Personal Firewall --> MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
Total Video Converter 3.10 --> "C:\Program Files\Total Video Converter\unins001.exe"
Viewpoint Media Player (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinWay Resume Deluxe --> MsiExec.exe /x{536E1504-E2E0-4B25-9D61-5418DE8319A4}
Yahoo! Desktop Login --> MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}


-- Application Event Log -------------------------------------------------------

Event Record #/Type4762 / Error
Event Submitted/Written: 05/27/2008 01:34:31 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4761 / Error
Event Submitted/Written: 05/27/2008 01:32:11 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4760 / Error
Event Submitted/Written: 05/27/2008 01:30:10 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4759 / Error
Event Submitted/Written: 05/27/2008 01:08:16 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type4758 / Error
Event Submitted/Written: 05/27/2008 09:37:53 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21175 / Error
Event Submitted/Written: 05/29/2008 03:51:54 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer LAPTOP1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E9D08DA3-EDA3-4713-A.
The master browser is stopping or an election is being forced.

Event Record #/Type21174 / Error
Event Submitted/Written: 05/29/2008 02:37:39 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer LAPTOP1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E9D08DA3-EDA3-4713-A.
The master browser is stopping or an election is being forced.

Event Record #/Type21173 / Error
Event Submitted/Written: 05/29/2008 01:37:37 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer LAPTOP1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E9D08DA3-EDA3-4713-A.
The master browser is stopping or an election is being forced.

Event Record #/Type21172 / Error
Event Submitted/Written: 05/29/2008 00:01:41 PM
Event ID/Source: 8003 / MRxSmb
Event Description:
The master browser has received a server announcement from the computer LAPTOP1
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E9D08DA3-EDA3-4713-A.
The master browser is stopping or an election is being forced.

Event Record #/Type21170 / Error
Event Submitted/Written: 05/29/2008 11:48:24 AM / 05/29/2008 11:48:25 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type



-- End of Deckard's System Scanner: finished at 2008-05-29 16:14:11 ------------

BC AdBot (Login to Remove)

 


m

#2 Buenovistache

Buenovistache
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 May 2008 - 09:37 AM

Hello, Thunder or Buckeye...anyone? I really need some of your expertise here and not exactly sure how to get someone to check this out. Please help or shoot me a note pointing me in a direction that can help. Thanks.

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:01 PM

Posted 30 May 2008 - 09:53 AM

Hello Buenovistache,

Welcome to Bleeping Computer :thumbsup:

I need to see the "Main" part of the DSS report, or a log from HijackThis, please. :)

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 Buenovistache

Buenovistache
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 May 2008 - 11:07 AM

Thanks, Tea...is this what you're looking for?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:59 PM, on 5/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\ehome\ehSched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\umonit.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: HP934725 HP0018FE934725
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: Start Firewall (2).lnk = C:\WINDOWS\system32\net.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179287155437
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179287141390
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D3E6DB-3672-4264-B8FF-3A35FB67A551}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6596 bytes

#5 Buenovistache

Buenovistache
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 May 2008 - 11:09 AM

also, i've run ad-aware and avg 8.0 scan since yesterday....

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:01 PM

Posted 30 May 2008 - 11:51 AM

Hi there,

Thanks for that. :thumbsup:

Let's have a looksee:

Please download Malwarebytes' Anti-Malware from one of these places:
http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html
http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.


Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 Buenovistache

Buenovistache
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 May 2008 - 03:27 PM

Weeeell.....it said nothing was there on the quick scan (listed below) so I ran a full Malware scan (below the 1st one). Could the AVG have done the trick? I know I haven't seen the Zlob.wfh again on the AVG log reports, but it does keep showing a cookie tracking in the mozilla/profile section that I can't delete (I put both the first avg scan and the one i ran last night at the bottom of this post).

I can only tell you that the computer isn't acting as "tight" as it used to and those blue screens really had me concerned. Let me know if you see anything peculiar and frankly, if the problem was solved by ad-aware and avg, I apologize for wasting your time, tea.








Malwarebytes' Anti-Malware 1.14
Database version: 803

2:45:47 PM 5/30/2008
mbam-log-5-30-2008 (14-45-47).txt

Scan type: Quick Scan
Objects scanned: 34580
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
--------------------------------------------------------------------------------------------------------------------------------
Full Malware SCAN

Malwarebytes' Anti-Malware 1.14
Database version: 803

4:27:05 PM 5/30/2008
mbam-log-5-30-2008 (16-27-05).txt

Scan type: Full Scan (C:\|F:\|G:\|)
Objects scanned: 156979
Time elapsed: 1 hour(s), 37 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




---------------------------------------------------------------------------------------------------------------------------------

1st AVG SCAN:


Scan ""Scan whole computer"" was finished."
"Infections found:;""15"""
"Infected objects removed or healed;""15"""
"Not removed or healed.;""0"""
"Spyware found:;""2"""
"Spyware removed:;""2"""
"Not removed:;""0"""
"Warnings count:;""0"""
"Information count:;""0"""
"Scan started:;""Wednesday, May 28, 2008, 8:44:31 PM"""
"Total object scanned:;""721504"""
"Time needed:;""2 hour(s) 7 minute(s) 13 second(s) """
"Errors encountered:;""0"""

Infections
"File;""Infection"";""Result"""
"C:\Documents and Settings\Administrator\My Documents\Downloaded Stuff\earthsim_ati.exe:\$BK\Earthsim\Channel\espack0.0.exe:\$JK\espackui.dll;""Trojan horse Downloader.Zlob.WFH"";""Deleted"""
"C:\Documents and Settings\Administrator\My Documents\Downloaded Stuff\earthsim_ati.exe:\$BK\Earthsim\Channel\espack0.0.exe;""Trojan horse Downloader.Zlob.WFH"";""Deleted"""
"C:\Documents and Settings\Administrator\My Documents\Downloaded Stuff\earthsim_ati.exe:\$BK\Earthsim\Channel\espack0.1.exe:\$JK\espackui.dll;""Trojan horse Downloader.Zlob.WFH"";""Deleted"""
"C:\Documents and Settings\Administrator\My Documents\Downloaded Stuff\earthsim_ati.exe:\$BK\Earthsim\Channel\espack0.1.exe;""Trojan horse Downloader.Zlob.WFH"";""Deleted"""
"C:\Documents and Settings\Administrator\My Documents\Downloaded Stuff\earthsim_ati.exe;""Trojan horse Downloader.Zlob.WFH"";""Deleted"""
"C:\Documents and Settings\Administrator\My Documents\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\sysdebug32.exe;""Trojan horse Clicker.2.S"";""Moved to Virus Vault"""
"C:\Documents and Settings\Administrator\My Documents\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\netdaemon.exe;""Trojan horse VB.L"";""Moved to Virus Vault"""
"C:\Documents and Settings\Administrator\My Documents\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\ntec32.exe;""Trojan horse Downloader.Agent.9.AI"";""Moved to Virus Vault"""
"C:\Documents and Settings\Administrator\My Documents\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe;""Trojan horse Clicker.2.S"";""Moved to Virus Vault"""
"C:\Documents and Settings\Administrator\My Documents\Stu Files\divx-1[1].0.7.exe;""Trojan horse Clicker.2.S"";""Moved to Virus Vault"""
"G:\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\sysdebug32.exe;""Trojan horse Clicker.2.S"";""Moved to Virus Vault"""
"G:\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\netdaemon.exe;""Trojan horse VB.L"";""Moved to Virus Vault"""
"G:\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\ntec32.exe;""Trojan horse Downloader.Agent.9.AI"";""Moved to Virus Vault"""
"G:\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe;""Trojan horse Clicker.2.S"";""Moved to Virus Vault"""
"G:\Stu Files\divx-1[1].0.7.exe;""Trojan horse Clicker.2.S"";""Moved to Virus Vault"""

Spyware
"File;""Infection"";""Result"""
"C:\Documents and Settings\Administrator\My Documents\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\localsplnet.dll;""Adware Generic.ABM"";""Moved to Virus Vault"""
"G:\Stu Files\divx-1[1].0.7.exe:\$JJ\bg512.exe:\$CF\localsplnet.dll;""Adware Generic.ABM"";""Moved to Virus Vault"""

Warnings
"File;""Infection"";""Result"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.3bcedd4f;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.3053870c;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.9464f2b7;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.3db938f3;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.7240d9af;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.189b1d38;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.23e763b3;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.f599905c;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.146f5cf0;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.79e3925d;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.6d0150be;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.7919062b;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.84c199e2;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.ca97f6e1;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.ba00a41a;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.db3f5920;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.3a3be078;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.d3df4663;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.330fc207;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.ca30b7c8;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.af51ae29;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.ac5209af;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.3a0e6e11;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.82ae2df5;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.a35b4285;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.421018d1;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.68344bfc;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.694ef806;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.5cef2cf7;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.84df2d3b;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.5fe08528;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.3639522a;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.1a1b1110;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.33bac12f;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.404851f2;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.23a940be;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.e8a4cdd0;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.1ac40a8a;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.19356acf;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.b0922707;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.904ea7ca;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.69e1b881;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.ac8873cd;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.2e1f9920;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.1aa86b19;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.35a30809;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.484dbb69;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\msnportal.112.2o7.net.7225be6f;""Found Tracking cookie.2o7"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\overture.com.d727de6f;""Found Tracking cookie.Overture"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\overture.com.52ca467a;""Found Tracking cookie.Overture"";""Healed"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt;""Found Tracking cookie.2o7"";""Healed"""
------------------------------------------------------------------------------------------------------------------------------------------------------------------

Most recent AVG Scan:


"Scan ""Scan whole computer"" was finished."
"Infections found:;""0"""
"Infected objects removed or healed;""0"""
"Not removed or healed.;""0"""
"Spyware found:;""0"""
"Spyware removed:;""0"""
"Not removed:;""0"""
"Warnings count:;""4"""
"Information count:;""0"""
"Scan started:;""Thursday, May 29, 2008, 4:34:42 PM"""
"Total object scanned:;""722083"""
"Time needed:;""2 hour(s) 6 minute(s) 14 second(s) """
"Errors encountered:;""0"""

Warnings
"File;""Infection"";""Result"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.84c199e2;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.7919062b;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt:\2o7.net.ca97f6e1;""Found Tracking cookie.2o7"";""Potentially dangerous object"""
"C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\2e9jg6qk.default\cookies.txt;""Found Tracking cookie.2o7"";""Potentially dangerous object"""

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:01 PM

Posted 30 May 2008 - 03:46 PM

It must have because I'm not seeing a thing. Have you given it a defrag, deleted old restore points, just a good thorough cleaning? Now it could be that AVG8 is not playing nice. I can't tell you how many folks have already come to me because it caused so many problems they thought they were infected. Lags, freezes, restarts, the whole nine yards. :thumbsup: You could test this theory by uninstalling AVG8 (offline of course) and see if the system behaves better.

No need to apologize. You aren't wasting my time. :)

tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 Buenovistache

Buenovistache
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 30 May 2008 - 05:28 PM

Defragged recently, but definitely could use some restore point removal. Can you recommend a good cleaning app? I'll try uninstalling avg and reinstalling and see if that's the culprit. If so, is there a better antivirus option? Regardless, I really appreciate your help and the fact that this site is available and so popular. I was checking out a few of the other posts...there is so much to learn here!!!! Thanks again, Tea!


Che

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:01 PM

Posted 30 May 2008 - 06:00 PM

Hello,

You're welcome. :)

You already have the tools you need to take care of the old restore points. :thumbsup:

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it ( something you'll remember) and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.

I run Avira on my own system, and before that I ran Avast! for about 2 years. Both are good products. Avira OR Avast are good FREE antivirus.

Let me know how you come out. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 Buenovistache

Buenovistache
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:01 PM

Posted 31 May 2008 - 07:28 PM

Just checkin' back in, Tea. Did all of the above and it and it hasn't occurred again. Ah, well...kind of like when you take your car in and it stops making "that sound". Thanks for all your help and I learned a little something as well. I'll be checking in on this site regularly, knowing what a great resource it is. In fact, I downloaded that startup tool and started going through the windows startup database. Kind of got a little nervous because there's a lot of x's next to files that I think should be ok (especially after you gave me a clean bill of health). For instance, userinit.exe comes up as a trojan and urlmon.dll doesn't even come up. Anyway, it's a learning process and thanks for the push in the right direction. Take care!

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:11:01 PM

Posted 04 June 2008 - 01:50 PM

You're welcome. :thumbsup:


Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users