Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Avg Control Center Is Going Crazy!


  • Please log in to reply
17 replies to this topic

#1 Anonymous Loser

Anonymous Loser

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 03 April 2006 - 08:46 PM

Past few days I've had my antivirus protection popping up frequently and repeatedly saying it's found an infectious agent. I'm not really sure what the problem is, I've run adaware, but the problem persits. It would be helpful if someone could look at my hjt log and help me out. Thanks!

-Anonymous Loser

__________________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 9:47:14 PM, on 4/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\Winamp.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\andrew\Local Settings\Temp\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124408299375
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

BC AdBot (Login to Remove)

 


#2 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:09:05 AM

Posted 04 April 2006 - 04:17 PM

Hello Anonymous Loser,

I'm currently working on your log and post back a fix ASAP.
Posted ImagePosted Image

Olivier

#3 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 04 April 2006 - 07:00 PM

Ok thanks alot

#4 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 04 April 2006 - 09:11 PM

I am currently writing a research paper which is due tomorrow! I would like to be able to resolve this problem, as it is causing my computer to run very slowly, taking long amounts of time to open various objects, a prompt diagnosis would be GREATLY appreciated, please!

#5 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:09:05 AM

Posted 05 April 2006 - 04:59 AM

Hi Anonymous Loser,

1. I need to see another HijackThis log, but you need to extract (unzip) HijackThis first. Otherwise the backups made when items are fixed won't be secure. The easiest way to accomplish this is to reinstall and delete any copies of HijackThis.zip you have saved.

Please download the self-extracting version of HijackThis from here:

HijackThis_sfx download

Save HijackThis_sfx to your desktop.

Double-click the file then click the Unzip button. Then close the Self-Extractor window.

Using My Computer/Windows Explorer, navigate to C:\Program Files\HijackThis and double click on HijackThis.exe to run it. If you would like to make a shortcut for your Desktop so it's more easily accessable, right click HijackThis.exe and choose Send To > Desktop (create shortcut).

Please run the extracted HijackThis.exe from now on. Delete any copies of HijackThis.zip that you have saved.

2. Please download:

* ATF Cleaner by Atribune. Don't run it yet.

* this fix.
Save it to the desktop, extract and double click Fix_Protocol_zones_ranges.reg and allow it to merge with the registry.

3. Go to Start> Settings> Control Panel> Add or Remove Programs and uninstall if listed:
  • Viewpoint
  • McAfee
* Please re-open HijackThis and scan. Check the below entries if found:

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)


Close any open windows except for HijackThis then click on Fix checked.

* Delete the following folders if they are still present:

C:\Program Files\Viewpoint
C:\Program Files\McAfee

* Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

4. Restart your computer and go here to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
5. Post back the ActiveScan report as well as a new HijackThis log, please.
Posted ImagePosted Image

Olivier

#6 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 05 April 2006 - 03:17 PM

Alrighty... thanks for your help here.
Here is my active scan:

Incident Status Location

Dialer:dialer.bb Not disinfected C:\WINNT\SYSTEM32\dktibs.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINNT\toolbar.exe
Spyware:application/bestoffer Not disinfected C:\WINNT\smdat32m.sys
Adware:adware/keenvalue Not disinfected C:\WINNT\BROWSERXTRAS\PN\remove.exe
Adware:adware/virmaid Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM
Adware:adware/ist.istbar Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.overture.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.atwola.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.zedo.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.com.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[statse.webtrendslive.com/S146071]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.did-it.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[statse.webtrendslive.com/dcsauhh66pifwz3kt81grbj8d_5p7p]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.go.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.ehg-sonycomputer.hitbox.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.peel.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\andrew\Application Data\Mozilla\Firefox\Profiles\d8ab38m3.default\cookies.txt[.valueclick.com/]
Adware:Adware/KeenValue Not disinfected C:\WINNT\browserxtras\pn\remove.exe
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\john\Cookies\john@mediaplex[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\john\Cookies\john@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\john\Cookies\john@doubleclick[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\john\Cookies\john@centrport[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter4.sextracker[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\john\Cookies\john@bravenet[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\john\Cookies\john@realmedia[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\john\Cookies\john@data.coremetrics[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@servedby.advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\john\Cookies\john@ct.360i[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter1.sextracker[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@dist.belnk[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\john\Cookies\john@perf.overture[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\john\Cookies\john@atwola[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\john\Cookies\john@did-it[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@media.fastclick[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\john\Cookies\john@azjmp[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\john\Cookies\john@statse.webtrendslive[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-eline.hitbox[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\john\Cookies\john@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\john\Cookies\john@valueclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\john\Cookies\john@www.burstbeacon[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\john\Cookies\john@toplist[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[3].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\john\Cookies\john@bluestreak[3].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\john\Cookies\john@did-it[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\john\Cookies\john@bfast[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as-us.falkag[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\john\Cookies\john@apmebf[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hg1.hitbox[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\john\Cookies\john@linksynergy[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\john\Cookies\john@tradedoubler[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\john\Cookies\john@valueclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\john\Cookies\john@c.enhance[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\john\Cookies\john@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\john\Cookies\john@adrevolver[3].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\john\Cookies\john@247realmedia[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\john\Cookies\john@paypopup[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[3].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\john\Cookies\john@hc2.humanclick[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\john\Cookies\john@cs.sexcounter[2].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\john\Cookies\john@7search[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\john\Cookies\john@overture[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\john\Cookies\john@revenue[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\john\Cookies\john@ct.360i[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\john\Cookies\john@adtech[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[3].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@bs.serving-sys[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\john\Cookies\john@target[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\john\Cookies\john@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@dist.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@belnk[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@ath.belnk[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\john\Cookies\john@i.screensavers[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-ati.hitbox[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\john\Cookies\john@casalemedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[3].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\john\Cookies\john@www48.seeq[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@phg.hitbox[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\john\Cookies\john@clickbank[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\john\Cookies\john@statse.webtrendslive[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[4].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter16.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter2.sextracker[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\john\Cookies\john@c.fsx[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter15.sextracker[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\john\Cookies\john@paycounter[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as1.falkag[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\john\Cookies\john@entrepreneur[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter4.sextracker[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\john\Cookies\john@realmedia[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\john\Cookies\john@maxserving[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\john\Cookies\john@atwola[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\john\Cookies\john@searchportal.information[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-sonycomputer.hitbox[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[4].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[3].txt

Edited by Anonymous Loser, 05 April 2006 - 03:20 PM.


#7 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 05 April 2006 - 03:21 PM

Here is my HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:18:32 PM, on 4/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Gaim\gaim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124408299375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

#8 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:09:05 AM

Posted 08 April 2006 - 10:34 AM

Hi Anonymous Loser,

Your HijackThis log looks fine :thumbsup:

1. Launch Notepad and copy paste the following text:

----------------------------------
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\ALTNETDM]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}"=-

[-HKEY_CLASSES_ROOT\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}]


-----------------------------------------

Save it to your desktop as fix.reg and as Type "All files". You'll see an ice cube icon.

Next double click on fix.reg and allow when prompted to merge with the registry.

2. Delete the following files or folder:

C:\WINNT\SYSTEM32\dktibs.exe
C:\WINNT\toolbar.exe
C:\WINNT\smdat32m.sys
C:\WINNT\BROWSERXTRAS

3. Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
4. Restart in normal mode, run a new ActiveScan. Post back the result with a new HijackThis log and tell us how the things are running now, please.
Posted ImagePosted Image

Olivier

#9 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 09 April 2006 - 07:51 PM

well I was able to do all of that except that when I tried deleting dktibs.exe and toolbar.exe it gave me the good old 'source file may be in use' message. It still did this after I tried deleting them in safe mode.

The problem appears to be solved except that now I have some programs randomly minimizing (although I think that may be because I'm using gaim). I will leave the decision as to whether I need to do anything else or not up to you.

Here is an updated hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 8:52:23 PM, on 4/9/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124408299375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

Edited by Anonymous Loser, 09 April 2006 - 07:53 PM.


#10 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:09:05 AM

Posted 10 April 2006 - 12:35 PM

Hi Anonymous Loser,

Could you post back the result of Panda ActiveScan, please?
Posted ImagePosted Image

Olivier

#11 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 10 April 2006 - 05:05 PM

Yeah, sorry about that.
Here it is.


Incident Status Location

Dialer:dialer.bb Not disinfected C:\WINNT\SYSTEM32\dktibs.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINNT\toolbar.exe
Adware:adware/virmaid Not disinfected Windows Registry
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\john\Cookies\john@mediaplex[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\john\Cookies\john@atdmt[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\john\Cookies\john@doubleclick[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\john\Cookies\john@centrport[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter4.sextracker[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\john\Cookies\john@bravenet[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\john\Cookies\john@realmedia[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\john\Cookies\john@data.coremetrics[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@servedby.advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\john\Cookies\john@ct.360i[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter1.sextracker[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@dist.belnk[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\john\Cookies\john@perf.overture[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\john\Cookies\john@atwola[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\john\Cookies\john@did-it[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@media.fastclick[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\john\Cookies\john@azjmp[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\john\Cookies\john@statse.webtrendslive[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-eline.hitbox[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\john\Cookies\john@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\john\Cookies\john@valueclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\john\Cookies\john@www.burstbeacon[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\john\Cookies\john@toplist[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[3].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\john\Cookies\john@bluestreak[3].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\john\Cookies\john@did-it[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\john\Cookies\john@bfast[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as-us.falkag[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\john\Cookies\john@apmebf[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hg1.hitbox[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\john\Cookies\john@linksynergy[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\john\Cookies\john@tradedoubler[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\john\Cookies\john@valueclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\john\Cookies\john@c.enhance[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\john\Cookies\john@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\john\Cookies\john@adrevolver[3].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\john\Cookies\john@247realmedia[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\john\Cookies\john@paypopup[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[3].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\john\Cookies\john@hc2.humanclick[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\john\Cookies\john@cs.sexcounter[2].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\john\Cookies\john@7search[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\john\Cookies\john@overture[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\john\Cookies\john@revenue[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\john\Cookies\john@ct.360i[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\john\Cookies\john@adtech[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[3].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@bs.serving-sys[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\john\Cookies\john@target[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\john\Cookies\john@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@dist.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@belnk[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@ath.belnk[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\john\Cookies\john@i.screensavers[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-ati.hitbox[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\john\Cookies\john@casalemedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[3].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\john\Cookies\john@www48.seeq[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@phg.hitbox[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\john\Cookies\john@clickbank[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\john\Cookies\john@statse.webtrendslive[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[3].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter16.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter2.sextracker[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\john\Cookies\john@c.fsx[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter15.sextracker[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\john\Cookies\john@paycounter[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as1.falkag[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\john\Cookies\john@entrepreneur[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter4.sextracker[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\john\Cookies\john@realmedia[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\john\Cookies\john@maxserving[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\john\Cookies\john@atwola[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\john\Cookies\john@searchportal.information[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-sonycomputer.hitbox[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\john\Cookies\john@www.burstbeacon[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[4].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[4].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\john\Cookies\john@tradedoubler[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[4].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[4].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[3].txt
Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\john\Cookies\john@dbbsrv[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[3].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\john\Cookies\john@cs.sexcounter[3].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\john\Cookies\john@adultfriendfinder[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as-us.falkag[3].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\john\Cookies\john@www.burstbeacon[4].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\john\Cookies\john@casalemedia[3].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[4].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\john\Cookies\john@c.fsx[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter7.sextracker[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\john\Cookies\john@cgi-bin[8].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[4].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter2.sextracker[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[4].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\9t7nxkhv.default\cookies.txt[]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@2o7[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@atwola[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@atdmt[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@fastclick[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@paycounter[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@centrport[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@realmedia[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@sextracker[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@ccbill[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@counter16.sextracker[2].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@sexlist[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@www.burstbeacon[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@com[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@doubleclick[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@z1.adserver[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@casalemedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@tribalfusion[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@mediaplex[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@anm.co[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@trafficmp[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@phg.hitbox[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@advertising[1].txt
Spyware:Cookie/Overture

#12 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:09:05 AM

Posted 11 April 2006 - 11:53 AM

Hi Anonymous Loser,

* Please download the Killbox by Option^Explicit.
Note: In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop. Don't run it yet.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
* Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINNT\SYSTEM32\dktibs.exe
    C:\WINNT\toolbar.exe



  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

* Run a new Panda ActiveScan and post back the result, please.
Posted ImagePosted Image

Olivier

#13 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 11 April 2006 - 03:21 PM

Here is my active scan and new hjt log just in case you need it.


Incident Status Location

Dialer:dialer.bb Not disinfected C:\WINNT\SYSTEM32\dktibs.exe
Adware:adware/cws.searchmeup Not disinfected C:\WINNT\toolbar.exe
Adware:adware/virmaid Not disinfected Windows Registry
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\john\Cookies\john@mediaplex[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\john\Cookies\john@atdmt[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[3].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\john\Cookies\john@doubleclick[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\john\Cookies\john@centrport[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter4.sextracker[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\john\Cookies\john@bravenet[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\john\Cookies\john@realmedia[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\john\Cookies\john@data.coremetrics[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@servedby.advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\john\Cookies\john@ct.360i[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter1.sextracker[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@dist.belnk[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\john\Cookies\john@perf.overture[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\john\Cookies\john@atwola[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\john\Cookies\john@did-it[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@media.fastclick[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\john\Cookies\john@azjmp[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\john\Cookies\john@statse.webtrendslive[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-eline.hitbox[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\john\Cookies\john@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\john\Cookies\john@valueclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\john\Cookies\john@www.burstbeacon[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\john\Cookies\john@toplist[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[3].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\john\Cookies\john@bluestreak[3].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\john\Cookies\john@did-it[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\john\Cookies\john@bfast[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as-us.falkag[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[3].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\john\Cookies\john@apmebf[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hg1.hitbox[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\john\Cookies\john@linksynergy[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\john\Cookies\john@tradedoubler[2].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\john\Cookies\john@valueclick[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\john\Cookies\john@c.enhance[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\john\Cookies\john@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\john\Cookies\john@adrevolver[3].txt
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\john\Cookies\john@247realmedia[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\john\Cookies\john@paypopup[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[3].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\john\Cookies\john@hc2.humanclick[1].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\john\Cookies\john@cs.sexcounter[2].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\john\Cookies\john@7search[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\john\Cookies\john@overture[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\john\Cookies\john@revenue[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\john\Cookies\john@ct.360i[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\john\Cookies\john@adtech[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[3].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@bs.serving-sys[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\john\Cookies\john@target[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\john\Cookies\john@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@dist.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@belnk[3].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\john\Cookies\john@ath.belnk[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\john\Cookies\john@i.screensavers[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-ati.hitbox[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\john\Cookies\john@casalemedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[3].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\john\Cookies\john@www48.seeq[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@phg.hitbox[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\john\Cookies\john@clickbank[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[3].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\john\Cookies\john@statse.webtrendslive[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Cookies\john@2o7[3].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter16.sextracker[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter2.sextracker[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\john\Cookies\john@c.fsx[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter15.sextracker[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\john\Cookies\john@paycounter[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as1.falkag[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\john\Cookies\john@entrepreneur[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter4.sextracker[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\john\Cookies\john@realmedia[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\john\Cookies\john@maxserving[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\john\Cookies\john@advertising[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\john\Cookies\john@atwola[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\john\Cookies\john@searchportal.information[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@ehg-sonycomputer.hitbox[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\john\Cookies\john@www.burstbeacon[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@bs.serving-sys[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\john\Cookies\john@serving-sys[4].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\john\Cookies\john@trafficmp[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\john\Cookies\john@tribalfusion[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\john\Cookies\john@ads.pointroll[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\john\Cookies\john@ad.yieldmanager[4].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\john\Cookies\john@tradedoubler[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\john\Cookies\john@go[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\john\Cookies\john@hitbox[4].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\john\Cookies\john@z1.adserver[4].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\john\Cookies\john@questionmarket[3].txt
Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\john\Cookies\john@dbbsrv[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@sextracker[3].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\john\Cookies\john@cs.sexcounter[3].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\john\Cookies\john@adultfriendfinder[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\john\Cookies\john@as-us.falkag[3].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\john\Cookies\john@ccbill[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\john\Cookies\john@fastclick[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\john\Cookies\john@www.burstbeacon[4].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\john\Cookies\john@casalemedia[3].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\john\Cookies\john@zedo[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\john\Cookies\john@burstnet[4].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\john\Cookies\john@c.fsx[2].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter7.sextracker[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\john\Cookies\john@cgi-bin[8].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\john\Cookies\john@statcounter[4].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\john\Cookies\john@counter2.sextracker[3].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\john\Cookies\john@server.iad.liveperson[4].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\john\Application Data\Mozilla\Firefox\Profiles\9t7nxkhv.default\cookies.txt[]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@2o7[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@atwola[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@atdmt[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@fastclick[1].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@paycounter[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@centrport[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@realmedia[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@sextracker[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@ccbill[1].txt
Spyware:Cookie/Sextracker Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@counter16.sextracker[2].txt
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@sexlist[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@www.burstbeacon[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@com[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@burstnet[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@doubleclick[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@z1.adserver[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@casalemedia[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@tribalfusion[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@mediaplex[2].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@anm.co[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@trafficmp[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@phg.hitbox[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@advertising[1].txt
Spyware:Cookie/Ove

#14 Anonymous Loser

Anonymous Loser
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:03:05 AM

Posted 11 April 2006 - 03:23 PM

rture Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@perf.overture[1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@bs.serving-sys[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@did-it[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@bluestreak[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@hitbox[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@ads.pointroll[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@statse.webtrendslive[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@servedby.advertising[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\patrick\Cookies\patrick@questionmarket[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\patrick\Application Data\Mozilla\Firefox\Profiles\avs4055y.default\cookies.txt[]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\patrick\Application Data\Mozilla\Firefox\Profiles\avs4055y.default\cookies.txt[S005-01-9-28-233860-106434]
Spyware:Cookie/did-it



Logfile of HijackThis v1.99.1
Scan saved at 4:19:45 PM, on 4/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.205\ATI Tray Tools\atitray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1124408299375
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe

#15 stonangel

stonangel

  • Members
  • 595 posts
  • OFFLINE
  •  
  • Location:France
  • Local time:09:05 AM

Posted 12 April 2006 - 04:40 AM

Hi Anonymous Loser,

* Please launch Notepad and copy paste the following text in bold:

dir C:\WINNT\SYSTEM32\dktibs.exe /a h >>peek1.txt
dir C:\WINNT\toolbar.exe /a h >>peek2.txt
type peek1.txt >> look.txt
type peek2.txt >> look.txt
del peek*.txt
start notepad look.txt


* Save it to your desktop as search.bat and as Type "All files". Then double click on search.bat. Allow it to run.

* Notepad will open: please post back in your next reply the entire text you get.
Posted ImagePosted Image

Olivier




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users