Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sending Messages On Aim Automatically


  • This topic is locked This topic is locked
12 replies to this topic

#1 rubby8892

rubby8892

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 14 February 2006 - 06:06 PM

Logfile of HijackThis v1.99.1
Scan saved at 6:03:44 PM, on 2/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\system32\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...qSSihGLyTRUtyHh
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Windows System32] explorer.exe
O4 - HKLM\..\RunServices: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [Windows System32] explorer.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:32 AM

Posted 15 February 2006 - 03:07 AM

Hello,

I see you don't have an antivirus and firewall installed. Without them you are wideopen to reinfection and you are not protected at all! Also, an antivirus can already solve your problems though.

That's why i want you to install an antivirus and a firewall first.

AVG, AntiVirŪ OR Avast are good FREE antivirus.
Never install more than one antivirusscanner or firewall on your system! Several together can give problems and decrease the reliability of it seriously!
Zonealarm, Agnitum Outpost Free OR Kerio are FREE firewalls.

Understanding and using firewalls

Let you antivirus perform a full scan and let it delete everything it is finding!!
Reboot afterwards! Important!

*Create a folder on your desktop called Sysclean.
Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicro.com/download/pattern.asp and download the Virus Pattern File (Official Pattern Release) to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Read here how to unzip/extract properly:
http://metallica.geekstogo.com/xpcompressedexplanation.html
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

* Download and install CCleaner
Do not use it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)

*Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished reboot back to normal mode.

Open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 15 February 2006 - 06:51 PM

I installed the firewall but I need to try another one cause I cant even get on the net with the one that I had. I tried Agnitum outpost.

But I keep getting messages on the virus scan about a virus. Trojan horse irc back door. So I guess I still have something. I keep moving them to the vault. I dont know if I should delete them or not.

Thanks


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-02-15, 16:31:10, Auto-clean mode specified.
2006-02-15, 16:31:10, Running scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\TSC.BIN"...
2006-02-15, 16:31:47, Scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\TSC.BIN" has finished running.
2006-02-15, 16:31:47, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Wed Feb 15 2006 16:31:10

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\tsc.ptn" (version 708) [success]
WORM_SPYBOT.ML[virus found]
-->delete registry value("n/a","Software\Microsoft\Windows\CurrentVersion\Run","Windows System32") success
-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\RunServices","Windows System32") success
-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Run","Windows System32") success
-->modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\OLE","enabledcom") success
-->modify registry data("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Control\Lsa","restrictanonymous") success

Complete time : Wed Feb 15 2006 16:31:36
Execute pattern count(4727), Virus found count(1), Virus clean count(1), Clean failed count(0)

2006-02-15, 16:32:10, Operation was aborted.


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-02-15, 16:41:10, Auto-clean mode specified.
2006-02-15, 16:41:10, Running scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\TSC.BIN"...
2006-02-15, 16:41:42, Scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\TSC.BIN" has finished running.
2006-02-15, 16:41:42, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 2)

Start time : Wed Feb 15 2006 16:41:11

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\tsc.ptn" (version 708) [success]

Complete time : Wed Feb 15 2006 16:41:42
Execute pattern count(4727), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-02-15, 16:42:22, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dbbe15e33adcf4672c9e4be33139c94a_dac3656d-1358-430b-9049-5d8b501f419b": Access is denied.
2006-02-15, 16:42:22, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc300092d687da079d6f896d2f1fb392_40e34e70-c5f8-48cb-95fd-27d739e149bf": Access is denied.
2006-02-15, 16:42:22, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc300092d687da079d6f896d2f1fb392_57290289-0911-4f8e-8f13-cb1dccffc83e": Access is denied.
2006-02-15, 16:42:22, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc300092d687da079d6f896d2f1fb392_8d2bcac9-e3c5-4bba-bf6a-4acab6dd419d": Access is denied.
2006-02-15, 16:42:22, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dc300092d687da079d6f896d2f1fb392_dac3656d-1358-430b-9049-5d8b501f419b": Access is denied.
2006-02-15, 16:46:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-02-15, 16:46:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-02-15, 16:46:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-15, 16:46:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-15, 16:46:10, An error was detected on "C:\Documents and Settings\Sean\*.*": Access is denied.
2006-02-15, 16:46:10, An error was detected on "C:\Documents and Settings\Sean.YOUR-86339EB2BF\*.*": Access is denied.
2006-02-15, 16:46:20, An error was detected on "C:\Documents and Settings\Sean.YOUR-86339EB2BF.001\*.*": Access is denied.
2006-02-15, 16:46:20, An error occurred while scanning file "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\ntuser.dat": Access is denied.
2006-02-15, 16:46:20, An error occurred while scanning file "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\ntuser.dat.LOG": Access is denied.
2006-02-15, 16:46:54, An error occurred while scanning file "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-02-15, 16:46:54, An error occurred while scanning file "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-02-15, 16:58:13, Could not set file for reading on "C:\Program Files\GameSpy Arcade\banner.html": Access is denied.
2006-02-15, 17:16:17, Could not set file for reading on "C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1010\Dc24.JPG": Access is denied.
2006-02-15, 17:16:43, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AIM.EXE-064777BB.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\ATF-CLEANER.EXE-085AD4CD.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDRUN.EXE-30AED7BE.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AVG71FREE_375A703.EXE-01DCC1E3.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGAMSVR.EXE-18F4AEB6.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGCC.EXE-095E3CA2.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGEMC.EXE-21576AA9.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGINET.EXE-0005112E.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGSETUP.EXE-096E514A.pf": Access is denied.
2006-02-15, 17:21:57, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGUPSVC.EXE-2E36F396.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGVV.EXE-18950367.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-19FBC262.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGW.EXE-30DE450D.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGWB.DAT-340E548B.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\CCSETUP127.EXE-0CDC4084.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP40.EXE-32AAA198.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\CLOSEALL.EXE-11FDAD64.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\CSRSS.EXE-22452D1B.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-35D2123A.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\EZPRINT.EXE-0F63C39D.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-2A1B96AB.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\FM3032.EXE-13629EB2.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB10.TMP-09CB6D33.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB19.TMP-2A6487B2.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB9.TMP-38C1218B.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\GLJ12.TMP-07F83779.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\GLJ1B.TMP-12D282F0.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\HELL.EXE-1B4164DC.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0FDAF2E1.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\HPHMON06.EXE-1D518693.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\HPHUPD06.EXE-290048FC.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQTRA08.EXE-014253AB.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\HPSYSDRV.EXE-2AB39D03.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\INSTALL.EXE-092735D1.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-2A1A87DD.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\KBD.EXE-0E231C6E.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCGCOMS.EXE-218EC213.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCGJSWX.EXE-2F8FA6B8.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCGMON.EXE-3AC5E648.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\LXCGPSWX.EXE-033563B4.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\MAD.EXE-15E8AB9F.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\MATCLI.EXE-03D19203.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\MPBTN.EXE-35670E1E.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\NEWPROBE.EXE-01C200F7.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTPOST.EXE-2EA95E03.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\OUTPOSTINSTALL.EXE-1BF4E37E.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\PLAXOHELPER.EXE-394EC3A4.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\PLX_LINK.EXE-2E94CEEA.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\PNAGENT.EXE-3B91B9A3.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\READER_SL.EXE-2FCCA463.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RECGUARD.EXE-16078673.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RESTART.EXE-2D127C0A.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-419F288A.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4318B9D0.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4532DDE6.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-45557C55.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B6046A2.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\RUN_HELP.EXE-36955352.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDVOL32.EXE-0EC6FD20.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYSUB.EXE-347F41DE.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\SSTEXT3D.SCR-0586736D.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATES FROM HP.EXE-022B7F8B.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\VTTIMER.EXE-23FE10E9.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\WINLOGON.EXE-0957F9B2.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\YBROWSER.EXE-066EA56B.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\YCOMMON.EXE-2DCE8763.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-32093577.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\YPAGER.EXE-0A1250DF.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\YTB.EXE-17BF9E5C.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\YUM.EXE-024C750B.pf": Access is denied.
2006-02-15, 17:21:58, Could not set file for reading on "C:\WINDOWS\Prefetch\YUPDATER.EXE-1C2321B0.pf": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2006-02-15, 17:24:59, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-02-15, 17:28:52, Running scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN"...
2006-02-15, 18:06:26, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/15/2006 17:28:53
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 213 (123039 Patterns) (2006/02/15) (321300)
Command Line: C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean

C:\WINDOWS\inet20001\3.00.12.dll [TROJ_LOWZONES.FH]
C:\WINDOWS\inet20001\mm4.exe [TROJ_DELF.XP]
63889 files have been read.
63889 files have been checked.
47149 files have been scanned.
142533 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/15/2006 18:06:26
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-15, 18:06:26, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/15/2006 17:28:53
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 213 (123039 Patterns) (2006/02/15) (321300)
Command Line: C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean

Success Clean [TROJ_LOWZONES.FH]( 1) from C:\WINDOWS\inet20001\3.00.12.dll
Success Clean [ TROJ_DELF.XP]( 1) from C:\WINDOWS\inet20001\mm4.exe
63889 files have been read.
63889 files have been checked.
47149 files have been scanned.
142533 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/15/2006 18:06:26 37 minutes 29 seconds (2249.09 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-15, 18:06:26, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/15/2006 17:28:53
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 213 (123039 Patterns) (2006/02/15) (321300)
Command Line: C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean

63889 files have been read.
63889 files have been checked.
47149 files have been scanned.
142533 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/15/2006 18:06:26 37 minutes 29 seconds (2249.09 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-15, 18:06:26, Scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2006-02-15, 18:07:45, Running scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN"...
2006-02-15, 18:17:08, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/15/2006 18:07:46
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 213 (123039 Patterns) (2006/02/15) (321300)
Command Line: C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean

8464 files have been read.
8464 files have been checked.
7649 files have been scanned.
19563 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/15/2006 18:17:08
---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-15, 18:17:08, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/15/2006 18:07:46
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 213 (123039 Patterns) (2006/02/15) (321300)
Command Line: C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean

8464 files have been read.
8464 files have been checked.
7649 files have been scanned.
19563 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/15/2006 18:17:08 9 minutes 17 seconds (557.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-15, 18:17:08, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 2/15/2006 18:07:46
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 213 (123039 Patterns) (2006/02/15) (321300)
Command Line: C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean

8464 files have been read.
8464 files have been checked.
7649 files have been scanned.
19563 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 2/15/2006 18:17:08 9 minutes 17 seconds (557.16 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-02-15, 18:17:08, Scanner "C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Desktop\Sysclean\VSCANTM.BIN" has finished running.





Logfile of HijackThis v1.99.1
Scan saved at 6:49:17 PM, on 2/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...qSSihGLyTRUtyHh
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:32 AM

Posted 16 February 2006 - 01:17 AM

Hello,

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILE...qSSihGLyTRUtyHh
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - (no file)
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\RunServices: [Windows System32] explorer.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Delete next folder:

C:\WINDOWS\inet20001

Download and Save blacklight to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first.
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
I'll ask that log later.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report and te log from blacklight+a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 16 February 2006 - 10:08 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:06:47 PM, on 2/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Citrix\ICA Client\pnagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PosHelp - {CDEEC43D-3572-4E95-A2A5-F519D29F00C0} - C:\PROGRA~1\ADVANC~1\ADVANC~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.21\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Program Neighborhood Agent.lnk = C:\Program Files\Citrix\ICA Client\pnagent.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\Program Files\AdvancedSearchbar\advancedsearchbar.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe




Incident Status Location

Spyware:Spyware/New.net Not disinfected C:\!KillBox\NDNuninstall6_98.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\HP_Owner\Application Data\Mozilla\Firefox\Profiles\qd0zj7q8.default\cookies.txt[]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sean.YOUR-86339EB2BF.002\Application Data\Mozilla\Firefox\Profiles\9rnbm4j1.default\cookies.txt[]
Adware:Adware/Trymedia Not disinfected C:\Downloads\AlohaSolitaireSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\BallistikSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\GrumpSetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\MahJong_JADESetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\MysteryCaseFilesSetup-dm[2].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\PizzaFrenzySetup-dm[1].exe
Adware:Adware/Trymedia Not disinfected C:\Downloads\TriJinx-dm[1].exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Adware:Adware/Adsmart Not disinfected C:\lo-64147405.exe
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\422921A4-8994-4BC6-86BB-CD7630
Adware:Adware/ClockSync Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\6CF5A0BC-FE82-4FFB-B161-ABB733
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\78D0A0B2-C0BF-4CEE-B30B-B1524F
Adware:Adware/SaveNow Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\2063BDFA-007D-4BF8-B567-D0A5EE\840CF558-D96F-4A76-B3CB-6B44BA
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F3747155-B4C7-49F4-8787-6FE323\0FC57EA6-D6E2-48B8-B123-842713
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F3747155-B4C7-49F4-8787-6FE323\6110E552-C4F2-42B0-8F06-151DAA
Spyware:Spyware/New.net Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\F3747155-B4C7-49F4-8787-6FE323\976A654F-C910-43A2-8F77-380861
Spyware:Spyware/New.net Not disinfected C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc101.txt
Spyware:Cookie/Btgrab Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc102.txt
Spyware:Cookie/Cassava Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc108.txt
Spyware:Cookie/Cgi-bin Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc110.txt
Spyware:Cookie/Twain-Tech Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc115.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc136.txt
Spyware:Cookie/Screensavers Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc173.txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc214.txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc220.txt
Spyware:Cookie/Qsrch Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc235.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc239.txt
Spyware:Cookie/Rn11 Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc244.txt
Spyware:Cookie/Reliablestats Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc265.txt
Spyware:Cookie/Reliablestats Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc266.txt
Spyware:Cookie/Target Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc272.txt
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc276.txt
Spyware:Cookie/WebPower Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc289.txt
Spyware:Cookie/WinFixer Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc292.txt
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc357.txt
Spyware:Cookie/WinFixer Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc360.txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc363.txt
Spyware:Cookie/Btgrab Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc364.txt
Spyware:Cookie/Twain-Tech Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc365.txt
Spyware:Cookie/888 Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc56.txt
Spyware:Cookie/888 Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc57.txt
Spyware:Cookie/Hbmediapro Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc73.txt
Spyware:Cookie/Uproar Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc81.txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc83.txt
Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc89.txt
Spyware:Cookie/Ask Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc90.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc93.txt
Spyware:Cookie/Azjmp Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc95.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-1728472754-425518138-3214286886-1009\Dc98.txt
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\enewsletterpro1.dat
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ssttt.dll

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:32 AM

Posted 17 February 2006 - 02:55 AM

Hello;

You forgot to post the Blacklight log.

Delete next files:

C:\Downloads\AlohaSolitaireSetup-dm[1].exe
C:\Downloads\BallistikSetup-dm[1].exe
C:\Downloads\GrumpSetup-dm[1].exe
C:\Downloads\MahJong_JADESetup-dm[1].exe
C:\Downloads\MysteryCaseFilesSetup-dm[2].exe
C:\Downloads\PizzaFrenzySetup-dm[1].exe
C:\Downloads\TriJinx-dm[1].exe
C:\lo-64147405.exe
C:\WINDOWS\enewsletterpro1.dat
C:\WINDOWS\system32\ssttt.dll
C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE

Are those messages still being send on AIM? Are those messages from another person present on your aim? Or from your Aim to another person?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 17 February 2006 - 02:37 PM

The blacklight log had nothing. But I can sen dit later if you need it.

There does not seem to be any issues with the AIM anymore. I am expecting him to get it back if any of those people got the same virus.

But hopefully with our virus scan and firewall we will not get it.

It is hard sometimes to know what the firewall is asking when they want to send out or bring in so I wish I was more knowledgeable on this.

Thanks

Rose

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:32 AM

Posted 17 February 2006 - 02:43 PM

Hi Rose,

So, as I read from here, the AIM issue is solved. Just be carefull when someone posts a link in AIM or anything else. Better ask them first if they really sent that, because in such cases those are being sent without knowing.
Better to ask your AIMcontacts to perform a full virusscan as well.

Concerning your firewall, take a look here: Understanding and using firewalls

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety and Microsoft Security At Home for tips to Protect your Pc, Protect yourself and Protect your Family.

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Happy surfing again! :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 17 February 2006 - 03:01 PM

The part that confuses me the most is that you had said that I should only have one virus protection and I feel like I have a ton of things downloaded especially now that we did all of this. I dont know what to keep and what to get rid of to keep it clean and running well.

Any suggestions?

I also always have alot of processes running at a time.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:32 AM

Posted 17 February 2006 - 03:10 PM

Ok, you don't need sysclean anymore...
But you DO need your firewall and your antivirus to stay protected and to prevent malware in the future, because without them you are wideopen to reinfection. Keep in mind, an antivirus is no firewall.. those are two different things, but you need them both.

Concerning Kerio Personal firewall, this is normal it gives an alert for some incoming and outgoing traffic. It is normal you don't have these alerts without a firewall being installed, because everything can go in and out.
If you think Kerio is too advanced for you, you can try Zonealarm instead. This 'autoconfigures' most settings for you.
Don't forget to uninstall Kerio before then.

It is also normal you have a lot of processes running at a time, because after all, they are all being set to startup with windows.
You don't really have to worry about that though.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 rubby8892

rubby8892
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 17 February 2006 - 03:21 PM

Ok so basically anything that is on my system that was used for scanning purposes or fixing things can be deleted except the virus scan and firewall?

Do you need me to post anything else or are we all set

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:32 AM

Posted 17 February 2006 - 03:31 PM

Well, the only thing you don't really need anymore is Sysclean, so you may delete that.
The firewall and Antivirus you really have to keep.
Ccleaner is another tool I asked you to download which you can use once in a while to get rid of unnecessary files on your system. Also take a look here for more info how to use it: http://www.ccleaner.com/help/tour1.asp
If you decide you don't need it, you may uninstall it. :thumbsup:

Yes, I think we are done here.. I've let you delete anything malware related on your system that was showing in logs. :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:06:32 AM

Posted 19 February 2006 - 08:05 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users